XenMobile Service 10.7.3: What’s new?

The latest version of XenMobile has these new features and improvements:

• Deploy Win32 apps to managed Windows 10 Desktop and Tablet devices
• Support for ADMX files for Windows 10 Desktop and Tablet devices
• Other improvements
• Fixed issues in this release

You can now upload MSI files for Win32 apps to the XenMobile console for deployment to managed Windows 10 Desktop and Tablet devices. After you use XenMobile to deploy an MSI, the Windows device then installs the app as follows:

• If the upgraded app removes the old version during installation, then the device includes only the upgraded app.
• If the upgraded app can’t remove the old version, but the new version can install, then the device includes both versions of the app. XenMobile Server no longer contains the information for the old version.
• If the upgraded app can’t install when an old version exists, the new app doesn’t install. In that case, first deploy the App Uninstall device policy to remove the old version. Then, deploy the new version.

Requirements

• Windows 10, version 1607 (minimum version)
• Windows 10 Professional or Windows 10 Enterprise
• Standalone Win 32 MSI apps installed with the /quiet option. For this deployment use case, Microsoft doesn’t support MSIs containing multiple apps, nested MSIs, or interactive installation.

Look up MSI metadata

When you add a Win32 app to XenMobile, specify the metadata for the app. To look up the metadata, use the Orca application on a Windows computer and make note of the following information:

• Product code
• Product name
• Product version
• Package install type, either per user or per machine

Add a Win32 app to XenMobile

Upgrade a Win32 app

You can now import Microsoft Administrative Template (ADMX) policy settings when configuring policies for Windows 10 tablets and desktops. Use the XenMobile App Configuration device policy to import an ADMX file and configure settings.

• Force a sync with your VPP account. XenMobile periodically reimports VPP licenses from Apple to ensure that the licenses reflect all changes. You can now also force a sync. The Settings > iOS Settings page includes a Force synchronization button.

After you click to confirm the action, XenMobile imports the VPP information. The import might take several minutes, depending on the number of VPP licenses. After the sync completes, XenMobile refreshes the iOS Settings page and updates the sync date and time in the new Last Sync Date column.

• Support for Windows 10 RS3. We certified XenMobile 10.7 with Windows 10 RS3 Phone and Tablet.
• Macros allowed for non-string fields in Cellular device policies for iOS. XenMobile now allows you to use macros for the values of non-string fields, such as Proxy server port, in the iOS cellular policy.

For example, you can now use a macro such as “${device.xyz}” or “${setting.xyz}“, which expands into an integer. You can also use the macros in a device configuration XML file that you import into XenMobile by using the Import iOS & macOS Profile device policy.

• Disable apps on Samsung SAFE devices. You can use the Restrictions device policy to block a list of installed apps from running on Samsung SAFE devices. By default, the new Disable Applications setting is Off, which means apps are enabled. To disable an installed app, change the setting to On, click Add in the Application List table, and then type the app package name.

Changing and deploying an app list overwrites the prior app list. For example: If you disable com.example1 and com.example2, and then later change the list to com.example1 and com.example3, XenMobile enables com.example.2.

• More status information for the Control OS Update device policy for macOS. The Manage > Devices > Device details page now shows the status of scheduled OS update scans, available OS updates, and scheduled macOS and app updates. The status provided includes:

Schedule OS Update Scan Sent
Schedule OS Update Scan Acknowledged
Get Available OS Update Sent
Get Available OS Update Acknowledged
Install OS Update Sent
Install OS Update Acknowledged

• New server properties to specify the number of days after which an offline iOS or macOS device is considered unreachable. When an iOS or macOS device reaches the limit specified by the following server properties, they stop checking back with XenMobile Server. Both properties default to 45 days.

ios.delayBeforeDeclareUnreachable
macos.delayBeforeDeclareUnreachable

• Changes to the following server properties no longer require that you restart XenMobile Server:
  • Add Device Always (secure.device.add.device.always)
  • Auto Logout (secure.device.auto.logout.after)
  • Background Deployment (scheduling.background.deployment)
  • Background Hardware Inventory (scheduling.background.inventory)
  • Block Enrollment of Rooted Android and Jailbroken iOS Devices (secure.device.forbid.jailbroken.iphones.and.rooted.androids)
  • Certificate Renewal (in Seconds) (secure.device.renew.certificate.before)
  • Default deployment channel (macos.mdm.deployment.deploymentSplitType)
  • Enable Device Triangulation (zdm.device.triangulation.enable)
  • Enforce SSL (secure.device.enforce.ssl)
  • Enrollment Required (wsapi.mdm.required.flag)
  • Full Pull of ActiveSync Allowed and Denied Users (mag.policy.baseline.interval.seconds)
  • Maximum Device IDs (zdm.mag.max.device.ids.asked)
  • Pull of Incremental Change of Allowed and Denied Users (mag.policy.delta.interval.seconds)
  • Secure Authentication (secure.device.enforce.strong.authentication)
  • SOAP Web Services (zdm.ws.soap.otp-service.enabled)
  • Strong 8 Character ID (secure.device.strong.id.short)
  • Strong ID Valid Once (secure.device.strong.id.valid.once)
  • User-Defined Device Properties N
  • Users only from Exchange (userOnlyFromExchange)
  • XenMobile MDM Self Help Portal console max inactive interval (minutes) (zdm.console.max.inactive.interval)

When configuring the Cellular device policy in the XenMobile console: Using a macro for an integer value results in an error, such as “Enter port integer values from 1 to 65535.” When importing a device configuration XML file into XenMobile by using the Import iOS & macOS Profile device policy: Using a macro for an integer results in an error, such as “Parsing error detected; the selected file is an invalid or corrupted iOS configuration file: ‘Cannot parse: org.xml.sax.InputSource@69335cc’.”

When you deploy an App Notification policy for the Messages and Wallet apps to iOS devices, some options don’t work as expected. For example, you can’t disable notifications for the Messages and Wallet apps and you can’t disable sounds for the Messages app. This third-party issue is Apple bug ID 34591546.

When using the XenMobile console in Internet Explorer, with the locale set to “English – South Africa” (en-ZA): The Last authenticated date shown on the Manage > Users page is incorrect.

Uploading an APK file to the XenMobile console fails with a “500 Internal Server Error”.

When you left-click Secure Mail or Secure Web for Android in the Configure > Apps list and then click Show more, the following error may appear: “A configuration error occurred. Please try again”. In the App rating section, the Android tab is blank.

Security actions don’t perform on a node that is already initialized for a given push if the notification is sent from another node.

When you download only a new iOS version as an update, the “Schedule OS Update” field is empty in General Settings of Device Details.