Essentials MDM 5.38.0:    

Android features and improvements:

- New Remote Access application with Livekit lib support for screen sharing and file manager.
	This app will be automatically upgraded from the previous version.
	No need to do any additional step.
	All Android devices will have a possibility to emulate clicking on the screen. 
	On devices other than Samsung or Zebra, user will have to allow the Accessibility service.

- Send intent configuration with new component type - Foreground Service
	When intent configuration is used with this new component type, the app that is in foreground will still work.

- New Android 15 restrictions:
	- Content protection policy
	This option sets the content protection policy which controls scanning for deceptive apps.
	Possible options:
		- Content protection not controlled by policy
		- Content protection enabled
		- Content protection disabled	
	Restriction is available in fully managed / BYOD/WPC / dedicated device policies.
	- Disallow user from creating private profile 
	Specifies if a user is disallowed from creating a private profile.
	Important note:
	When a private profile already exists on the device, enabling the restriction results in removal of the private profile.
	Restriction is available in BYOD/WPC policy only.
	- Disallow assist content (fully managed, BYOD/WPC - only in work profile, dedicated device policy)
	This user restriction specifies if assist content is disallowed from being sent to a privileged app such as the Assistant app. 
	Assist content includes screenshots and information about an app, such as package name.
	Restriction is available in fully managed / BYOD/WPC (only in work profile) / dedicated device policies.
	- NFC lock
	This user restriction specifies if Near-field communication is disallowed on the device. 
	If Near-field communication is disallowed it cannot be turned on via Settings.
	Restriction is available in fully managed / BYOD/WPC (WPC devices only) / dedicated device policies.
	- Disallow eSIM
	This user restriction specifies if the user is able to add embedded SIMs to the device.
	Restriction is available in fully managed / BYOD/WPC (WPC devices only) / dedicated device policies.
	- Disallow change of Wi-Fi state
	Specifies if a user is disallowed from enabling/disabling Wi-Fi.
	Restriction is available in fully managed / BYOD/WPC (WPC devices only) / dedicated device policies.

- 'Block mobile networks config' restriction disallows also eSIM removal on Android 15 devices

- Zebra DataWedge app added to the list of Enabled applications in BYOD / WPC policy 
	On Zebra devices with Android 13+ it is needed to enable Zebra DataWedge app to enable scanner in work profile. 

- New configuration - Set device screen brightness
	Configuration allows to control screen timeout and brightness for devices in any mode (fully managed, dedicated device or WPC)

- 'All files access' permission for Essentials MDM is only required when opening the file manager option during the remote session.

- Remote session initiated by the device user will create the operation on device logs tab
	When the device user is initiating a remote control session directly from the Remote Access agent, administrator will see this operation on the 	device logs.	

- Possibility to block connection to the network with indicated MCC/MNC code for Samsung devices
	Connection block can be achieved by using rule-based security options in the policy with new condition type - Mobile network restriction and 	security restriction - Block internet connection
	Administrator can define if the list should allow or deny connection to the MCC or MNC networks (codes can be provided as regular 	expression), e.g. Deny MNC 260|267, MCC 03|04 and set the Block internet connection option in rule-based column. In such case, if device will 	connect to the one of above cells, rule-based options will be applied, when the device will change the cell to not listed in rule-based condition,	the restriction will be released.
	This option is available only for Samsung devices from Android 13 (fully managed or dedicated device).

- New device model recognition mechanism for Android devices.
	All browsers start to unify the user agent reported on the device.
	All devices added using startup page (BYOD) will now follow the new mechanism like Apple recognition, where the detailed model is reported 	after first device monitor session.	
	


Apple features and improvements (including iOS agent 5.3 and macOS 5.1):

- iOS agent no longer supports iOS / iPadOS 13

- Chat (messages / voice) option during the remote session
	With latest version of the iOS and macOS apps we have introduced chat feature that enables communication between administrator and user of the device 	during the remote session.
	Chat can be invoked directly from the remote support view.
	On the device, the Chat option is displayed on the new tab called Chat.
	To support voice chat, a new microphone permission has been introduced. This permission is visible and manageable in the "Information" view under 	the "Permissions" tab. 
	Users will be able to view the permission's status and grant access if it has not been enabled.
	To start a session with voice chat:
	- Initiate a remote access session.
	- Once the broadcast begins successfully and the session status changes to "Started" (indicated by the button label changing to "Stop session" in 	the Settings view), the voice track will automatically start.
	- If microphone permission is not granted, the app will prompt the user to provide access. Voice chat will start only if the permission is granted.
	More details can be found in iOS user guide.

- Deprecation of the user enrollment with Apple ID.
	Option is still available for iOS below 18 and macOS below 15. 

- iOS / iPadOS 18.2 platform support

- macOS 15.2 platform support

- German translations in iOS and macOS agents

- Improvements in handling values of iOS managed configuration parameters:
	- String and integer fields with possibility to fill value manually or from custom fields
	- Prefix and suffix support for field values
	

Admin console features and improvements:

- New Samsung KME integration flow using Samsung KME API
	It is now possible to create Samsung KME integration without the need of uploading csv files with the device list.
	Devices and profiles are now created / downloaded automatically using Samsung KME API.
	More details can be found in KME integration guide.

- Additional indication on managed configuration about default value set for the fields

- Removal of misleading actions (uninstall, run) on Device details > Compatible applications tab

- Possibility to assign application groups to device / user groups
	Applications from specific group will inherit assignment of device / user groups.

- Option to download file uploaded via Remote Access file manager directly from the device log list	
	
- Smart groups with option to add OS version as a condition parameter

- Report improvement: details for the report "Devices on which policy failed" have now new column - Failed operations with list of the operations
	
- Show / hide Legend button devices location tab


Other features and improvements:
- Possibility to persistently extend MDM apache virtual host config using custom plugin file
- Shorten httpd systemd service TimeoutStopSec (from 1 min to 3-7 seconds)