KACE® Cloud Mobile Device Manager
These release notes provide information about the latest KACE Cloud Mobile Device Manager release.
About this release
KACE Cloud Mobile Device Manager allows you to quickly enroll mobile devices, manage their inventory, and to apply required configurations and policies. You can interact with managed devices using a standard set of commands, such as resetting a password or locking a device, as needed. This cloud-based product helps you implement your entire device management solution quickly, and ensuring that managed devices follow your organization guidelines and standards, while protecting your data integrity.
This release contains several new features and a number of resolved issues. See New features.
- Android 5.0+ (Work profile enrollments)
- Android 6.0+ (Fully managed afw#kace enrollments)
- Android 8.0+ (Zero-touch enrollments)
- Android 11.0+ (COPE enrollments)
- iOS 8.0+ (Personal and supervised devices, DEP enrollments)
- iOS 11.0+ (Enrollment using Apple Configurator 2)
- iPadOS 13.0+
- macOS 10.13+ (Enrollments)
- tvOS 10.2+
- Windows 11 Professional, Enterprise, Education
- Windows 10 Professional, Enterprise, Education, 1709 or later
- Autopilot and Azure Domain Joins require Azure AD P2
NOTE: Autopilot and Azure Domain Joins require Azure AD P2.
- Google Chrome 49+
- Microsoft Edge 16+ (Not supported on mobile devices.)
- Mozilla Firefox 45+
- Apple Safari 12+ (Mac only)
System-provided mobile administrative applications are not currently available.
New features in KACE Cloud MDM:
- Scheduled policies: Starting in this release, you can add schedules to a policy and activate it at specified times. This is useful for the policies that you want to enable periodically. By default, all policies are enabled at all times. Each policy must have at least one active period per week.
Some actions (primarily Android app installations) are completed outside of the control of KACE Cloud MDM. These are only initiated during the available schedule window, however if the managed device is unavailable when the associated policy initiates the action, the action is completed outside the associated schedule. This type of action is different than those associated with other entities, such as iOS or Windows apps, Wi-Fi, or VPN configurations.
Communication with associated devices only occurs during the policy's active periods in the time zone reported by each device. You can override the time zone for selected devices, as required.
- Silent authentication for Android devices: KACE Cloud MDM now allows you to enroll Samsung Knox and Android Zero Touch devices without creating login accounts for your end users. The silent authentication uses a certificate that you generate in KACE Cloud MDM to sign the initial enrollment request. KACE Cloud MDM verifies the following information in the signature before proceeding with the enrollment:
- A valid certificate from KACE Cloud MDM is used to sign the request.
- The certificate used to sign the request has not expired.
- The certificate used to sign the request matches the one stored in the customer's database as their Android Identity certificate.
- Automating user provisioning: You can now automate the exchange user accounts between different identity domains using the System for Cross-domain Identity Management (SCIM) protocol. You can use this feature to easily pull their user information from any identity provider that supports the SCIM protocol into KACE Cloud MDM. For example, you can easily sync your users from Microsoft Azure AD or Okta. This process quickly pre-populates KACE Cloud MDM with the information from your user database, before those users have a chance to log in to KACE Cloud MDM, in order to configure policies associated with their devices, as needed.
The User Provisioning page enables system administrators to create one or more SCIM configurations and define the required properties used by the associated external provider such as MS Azure AD. The system administrator can also define which user attribute data to import from the SCIM provider by creating mappings between SCIM user schema attributes and KACE Cloud MDM user attributes. Any information synced this way from an identity provider appears as read-only in KACE Cloud MDM, and cannot be modified.
For complete information about these features, visit the KACE Cloud Mobile Device Manager Help Center.
The following issues are addressed in this release.
Table 1: General resolved issues
|The MSI installer for LDAP Sync did not provide a way to override the installation with a user-specified password.
|An error occur if an Android Zero-Touch profile was saved without an Android identity Certificate.
|Users sometimes experienced issues enrolling Android 12 devices due to new serial number restrictions.
|Commands sent to unresponsive iOS devices were not getting timed out properly.
|An error was occurring when an iOS device certificate renewal occurred within 60 days of expiration.
|An error would occur when editing a Windows custom profile if it had been linked to multiple devices.
|Importing a previously-deleted Windows custom profile that had been linked to a device failed.
|When a user adds a new web app for a specific OS, then switches the OS in the form, the form was not updating to reflect the user choice.
|An app could not be deployed to an Android device if no user was assigned to the device.
|Expired certificates could be added to a device.