Software-update: MobileIron Core

MobileIron Core richt zich op mdm, het beheren van devices, en mam, het beheren van applicaties op deze devices. Tegenwoordig kun je dit ook onder enterprise mobility management, kortweg emm, plaatsen. Daarnaast kan MobileIron Core worden gecombineerd met andere producten om de functionaliteit uit te breiden, zoals Sentry voor beveiligde dataoverdracht en de Secure Workspace-apps met onder andere Help@Work, waarmee bijvoorbeeld een helpdesk van afstand kan meekijken op het scherm van een iOS- of Android-toestel. MobileIron heeft even geleden versie van zijn Core uitgebracht met de volgende aanpassingen:

General features and enhancements

This release includes the following new features and enhancements that are common to all platforms.
  • Filter users by LDAP OU in device registration, Spaces, and Labels
  • Automatic device retirement capability for unused devices
  • MobileIron Core banner informing of desktop capability on Cloud
  • Shorter certification lifetimes for self-signed TLS certificates
  • Mobile@Work self-service user portal customization improvements
    • QR code-based device registration
    • Cascading style sheets and custom background colors
    • End User Terms of Service agreements support text and language customization
    • Multiple alias and friendly name support for PFX/P12 user certificates
    • View Activity displays user device history
Android and Android enterprise features and enhancements

This release includes the following new features and enhancements that are specific to the Android and Android enterprise platforms.
  • New Android enterprise work profile mode: With the introduction of Android 11, a new Android enterprise mode of deployment called Work Profile on Company Owned Devices has been added.
  • New registration status added to accommodate "Work Profile on Company Owned Devices" for Android 11 devices
  • Mobile@Work client no longer supports in-house apps for Managed device with Work profile mode on Android 11 devices
  • Support for freeze period in system update
  • Advanced Lock Task Features added
  • Field name change: The field titled Enter Kiosk Mode Immediately has been changed to Enter Kiosk Mode Immediately on registration.
iOS and macOS features and enhancements

This release includes the following new features and enhancements that are specific to the iOS and macOS platforms.
  • GDPR-compliant SIM EID field added to Device Details page
  • New field added to Google Account configuration for iOS devices: A new field, Google User's Full Name, has been added to the Google Account Configuration dialog box.
  • Custom Device Enrollment added: You can now use your own custom web interfaces to authenticate users during Device Enrollment. Display custom information such as authentication type, branding, consent text, and privacy policy in your custom web interface.
  • Enrollment Customization added: A new option is available in the Apple Device Enrollment profile that gives the option to provide a Custom Enrollment URL for authentication and any custom messaging (corporate messaging, privacy info, etc.) during Apple Device Enrollment.
  • Two new distribution options added to configurations: For macOS devices, administrators now have the option to choose to distribute the Wi-Fi and VPN configurations to either the Device Channel (effective for all users on a device) or the User Channel (effective only for the currently registered user on a device).
  • Ability to specify individual syncing of Outlook Exchange items added
  • New restriction added for iOS 14.0 devices
  • New restriction added for macOS 11.0 devices
  • New fields added to Device Enrollment Profile
    • Skip the Accessibility pane
    • Skip the Restore Completed pane
    • Skip the Software Update Complete pane
  • Disable Wi-Fi MAC address randomization field added: In iOS 14.0, Apple changed the default behavior for a device reporting its Wi-Fi MAC address to report a random address for new connections instead of the device's actual Wi-Fi MAC address. In Core, a new option has been added to the Wi-Fi configuration to turn off this randomization.
  • Authentication using OAuth: For email apps that support authentication using OAuth, the following additional settings are provided in the Exchange configuration: OAuth Sign In URL and OAuth Token Request URL. The settings are visible if Use OAuth for Authentication in the Exchange configuration is enabled.
  • AppConfig XML Upload: For an iOS app in the App Catalog, administrators can add a managed app configuration from one of the following:
    • AppConfig Community: Use this option if the app has an AppConfig specification in the community repository. This is the default option.
    • Upload .xml spec: Use this option to upload an XML schema to push a particular version of app configuration for the app.
Resolved issues
  • VSP-63003: MobileIron Access registration would fail when a Secure Hypertext Transfer Protocol (HTTPS) proxy server was enabled on the outbound proxy. This issue has been fixed.
  • VSP-62993: If there were duplicate Device ID entries for the same mailbox in the Active Sync Association page, status updates in Exchange using Integrated Sentry would fail. This issue has been fixed.
  • VSP-62891: The Quarantine Device compliance action was missing an information icon with this message: "Once the device is quarantined, AppConnect apps must be reinstalled on the device before they will work." This issue has been fixed.
  • VSP-62874: There was an issue where Internet Explorer 11 would stop responding when editing and saving an Apple Automated Device Enrollment account. This issue has been fixed.
  • VSP-62615: Admins were unable to see supervised macOS devices in the Device Details section of the Devices page. This issue has been fixed.
  • VSP-62564: The Mobile Threat Defense (MTD) anti-phishing VPN was not being pushed to devices when MTD was activated through the managed app configuration. This issue has been fixed.
  • VSP-62536: As a result of a Core configuration change, event template settings were failing to load. This issue has been fixed.
  • VSP-62436: When transferring all licenses for a particular app from one Volume Purchase Program (VPP) location to another, the licenses were not deleted from the old location. The issue has been fixed.
  • VSP-62419: When being edited, Android enterprise managed app configurations could show an incorrect value for a configuration key. This resulted from a difference between the order of the configurations in the UI and the database. This issue has been fixed.
  • VSP-62300: Previously, when a filter label for a custom attribute was assigned to a device and then removed, MobileIron Core created duplicate audit logs for some API requests. This issue has been fixed.
  • VSP-62248: Previously, multi-user log in or log out actions would intermittently time out after 30 seconds. The timeout value has been increased to 120 seconds.
  • VSP-62211: There was an issue where forcing an app update for devices with managed app configurations generated an app installation status of "Not Installed." This issue has been fixed.
  • VSP-62166: Removing a label that was applied to both a wallpaper policy and a default policy would incorrectly re-push the wallpaper policy. This issue has been fixed.
  • VSP-62154: Previously, the Audit log incorrectly reported that the administrator with the API role rather than the misystem user removed a filter label for a custom attribute. This issue has been fixed. The misystem user is the built-in MobileIron Core user that creates default rules and policies, and executes system maintenance tasks. This user does not appear the Admin Portal and has no assigned roles.
  • VSP-62014, VSP-62182: Certificate authentication to the Admin and System Manager portal was blocked when the Certificate Revocation List (CRL) was inaccessible. A new option has been added to control whether to allow or block certificate authentication in this situation. By default, the system will allow the authentication when the CRL is inaccessible. The Core Admin portal will attempt to reconnect with the CRL every 24 hours, and the Core System Manager portal will attempt to reconnect with the CRL every hour. To change the option to block certificate authentication when out of touch with the CRL, contact MobileIron technical support.
  • VSP-62002: Previously, there was an issue where labels applied to the AppConnect app would intermittently fail to apply the label to the provisioning profile. This issue has been fixed.
  • VSP-61993: Previously, devices would sometimes be incorrectly quarantined after device registration, because data protection/encryption had not yet been enabled on the device. This issue has been fixed.
  • VSP-61947: Previously, labels created using custom attributes were not being applied to the devices because labels were not being updated as a part of client check-in. This issue has been fixed.
  • VSP-61934: Previously, there were some audit logs that did not display when selected in a search on the Audit Logs page. Application Started and Application Stopped searches were not returning correct results. This issue has been fixed.
  • VSP-61893: Previously, when App catalog records were purged, sometimes not all of the necessary files were being deleted. This issue has been fixed.
  • VSP-61643: Previously, when context-based logging was enabled, Core would continue context-based logging, even when a different mode was selected. A "Clear" button has been added to Core System Manager > Troubleshooting > Logs > Context based logging page to disable context-based logging.
  • VSP-60900: Previously, when a device requested that Core renew its mutual authentication certificate, Core would generate the certificate with the following hard-coded subject, irrespective of what was entered in the Simple Certificate Enrollment Protocol (SCEP) setting Subject field: System Default Mutual Auth SCEP "Mutual Auth Enrollment-$RANDOM_32$". The issue has been fixed.
  • VSP-60303: Previously, the Apps@Work page did not fully display when rendered in full screen on devices running iOS 13.0 through the most recently released version as supported by MobileIron. This issue has been fixed.
  • VSP-59576: Apple Push Notification Service (APNS) diagnosis check now goes through HTTP outbound proxy, if configured. Note that unlike prior versions, the test does *not* use the mobile device management (MDM) certificate for the test, so it will not detect Secure Sockets Layer (SSL) failures due to an expired MDM certificate. This issue will be fixed in a future version.
  • VSP-52101: Previously, the Core product version was displayed on the login screen, which is visible to unauthorized users. This issue has been fixed.
  • VSP-46061: Previously, bulk email notification recipients could see the names of the other recipients in the To field. This issue has been fixed. Core now enters recipient email addresses in the BCC (blind carbon copy) field, so recipient privacy is maintained.
Releasestatus Final
Website MobileIron
Licentietype Betaald

Reacties (3)

Wijzig sortering
Als iemand in zijn bedrijf verantwoordelijk is voor mobileiron:

Misschien tijd om iets anders te kiezen en anders snel te upgraden.
Als iemand in zijn bedrijf verantwoordelijk is voor mobileiron:

Misschien tijd om iets anders te kiezen en anders snel te upgraden.
Heb je het bericht ook gelezen?
The researcher says there are currently roughly 10,000 potentially exposed servers on the internet, and while a patch has been available for months, he claims roughly 30% of servers on the internet remain unpatched.
Er is gewoon sinds juni een patch beschikbaar.
The vulnerabilities were identified by researchers at security consulting firm DEVCORE and they were reported to MobileIron in early April. Patches were released on June 15 and the vendor released an advisory on July 1.
Als je dit als IT afdeling nog niet gedaan hebt moet je misschien snel een andere beheerder / manager kiezen als bedrijf.

[Reactie gewijzigd door Vorkie op 3 oktober 2020 09:35]

Ja, excuus, dat was geen 100% reactie op deze exploits. Natuurlijk heb ik het gelezen, maar mijn reactie was mede gevoed door uitermate slechte ervaringen met mobile iron.
De reviews online zijn het wat dat betreft met me eens, maar misschien valt het wel goed te implementeren.

Op dit item kan niet meer gereageerd worden.

Tweakers maakt gebruik van cookies

Tweakers plaatst functionele en analytische cookies voor het functioneren van de website en het verbeteren van de website-ervaring. Deze cookies zijn noodzakelijk. Om op Tweakers relevantere advertenties te tonen en om ingesloten content van derden te tonen (bijvoorbeeld video's), vragen we je toestemming. Via ingesloten content kunnen derde partijen diensten leveren en verbeteren, bezoekersstatistieken bijhouden, gepersonaliseerde content tonen, gerichte advertenties tonen en gebruikersprofielen opbouwen. Hiervoor worden apparaatgegevens, IP-adres, geolocatie en surfgedrag vastgelegd.

Meer informatie vind je in ons cookiebeleid.


Toestemming beheren

Hieronder kun je per doeleinde of partij toestemming geven of intrekken. Meer informatie vind je in ons cookiebeleid.

Functioneel en analytisch

Deze cookies zijn noodzakelijk voor het functioneren van de website en het verbeteren van de website-ervaring. Klik op het informatie-icoon voor meer informatie. Meer details


    Relevantere advertenties

    Dit beperkt het aantal keer dat dezelfde advertentie getoond wordt (frequency capping) en maakt het mogelijk om binnen Tweakers contextuele advertenties te tonen op basis van pagina's die je hebt bezocht. Meer details

    Tweakers genereert een willekeurige unieke code als identifier. Deze data wordt niet gedeeld met adverteerders of andere derde partijen en je kunt niet buiten Tweakers gevolgd worden. Indien je bent ingelogd, wordt deze identifier gekoppeld aan je account. Indien je niet bent ingelogd, wordt deze identifier gekoppeld aan je sessie die maximaal 4 maanden actief blijft. Je kunt deze toestemming te allen tijde intrekken.

    Ingesloten content van derden

    Deze cookies kunnen door derde partijen geplaatst worden via ingesloten content. Klik op het informatie-icoon voor meer informatie over de verwerkingsdoeleinden. Meer details