Relution Server 5.13
Dynamic roles for user-specific permissions
With the new release, Relution now allows you to define different configurable roles from a combination of multiple permissions. This feature has been requested for a long time and is now implemented. The roles can be created comfortably via the navigation "Users" and the newly added sub-item "Permissions". In the detailed view, you can select for which objects the role has which level of authorization. The options are "Read", "Create", "Update" and "Delete". Dependencies between the authorizations are automatically taken into account. These defined roles can then be assigned to users or groups. The individual assignment of user-defined permissions, independent of the membership of system groups, is now possible.
Supervision certificate for DEP devices
In the Relution DEP profile, you can set that devices cannot be connected to a Mac or a PC via a USB cable. This prevents users from subsequently configuring the Apple device with the Apple Configurator and, for example, removing the MDM profile. A new supervision certificate now allows the administrator to still connect a DEP device to a Mac or PC after a re-enrollment by specifying the certificate, should this be necessary. Read more in our Insight Supervision certificate for DEP devices
Multiple DEP accounts per client
From now on, multiple DEP accounts can be configured in Relution. This is necessary if a school receives devices from two DEP accounts, for example from the carrier and from the school itself. In the overview "Auto Enrollments", the new column "DEP Accounts" shows from which DEP account the respective device originates. Apple School Manager and Apple Business Manager can be combined.
Automatic activation of Lost Mode on new enrollment for iOS
Via Relution, lost or stolen devices can be locked remotely with the action "Activate Lost Mode". A lock screen is then displayed on the devices and the device can no longer be used.
For DEP devices that were automatically enrolled, it was previously possible to reset a locked device via Apple Configurator. After renewed automatic enrollment, the device was unlocked and could then be used.
By enabling the new "Enable Lost Mode" button in the detail view of a device in "Auto Enrollments", Relution ensures that Lost Mode is re-enabled when the DEP device automatically enrolls after being reset via the Apple Configurator.
The new feature makes theft of enrolled DEP devices futile and ensures data protection for pre-configured VPN access or email accounts via Relution.
Per user certificates for S/MIME signing and encryption for iOS
For the use of exchange accounts, appropriate certificates for S/MIME signing and S/MIME encryption of e-mails can be stored in Relution's user profile. If the S/MIME setting is then activated in the exchange configuration and "User certificate" is selected, Relution automatically uses the respective certificate for the users to whom the policy applies.
OS Update Action and Configuration for macOS
macOS devices can now be manually updated to a newer version of the operating system via the "Install Update" action. In the inventory overview, the action only appears if a new operating system version is also available for the device.
The new configuration "Manage system updates" can also be used to automate the installation of operating system updates for devices by means of a policy.
Control system policy configuration for macOS
With the new configuration "System Policy Control", the gatekeeper of Apple can be controlled via Relution under "Security & Privacy" in the macOS settings. To increase security, sources from which users can perform app downloads can be restricted:
- Apple Store
- Apple Store and verified developers (also .pkg and dmg files signed with an Apple certificate)
- From anywhere (apps from all sources, including the Internet).
Ad Hoc Courses
In the Relution Teacher App, so-called ad-hoc classes can now be created "spontaneously" and individually configured directly in the app, without having to be pre-configured by an administrator via Relution first. This is used, for example, in work groups or in substitution situations when the substitute teacher does not have access to the respective classes. With the new button "Ad-Hoc Course" the corresponding students can be added from all students of the school or filtered by individual classes. Then, as usual, a class profile is selected and the class is started. Ad-hoc courses are not saved and are only temporarily available on the device as long as the app is open.
- Relution ensures that the signing certificate of the MDM profile is always up to date, so that users:inside are not shown an expired certificate
- Checks the status of the applied BitLocker configuration and displays the "compliant" status if the disk is encrypted
- Updating DEP tokens with a token from another MDM server is not supported
- Enhancing macOS "guest user" configuration with mobile account configuration and renaming it to "accounts" configuration
- Failure to automatically sync DEP accounts that are not associated with an Apple School Manager or Apple Business Manager account
- Updating metadata of remaining certificates, even if a certificate in memory has expired or cannot be processed
- Adjusting links to relution documentation to point to repo.relution.io for native packages
- The delete icon for chips in configurations such as iOS WiFi, Android enterprise kiosk mode, and WiFi should be hidden when the configuration is disabled
- Restore resource reference of certificates in certificate configuration for iOS to resolve error messages
- Troubleshoot Exchange configuration update for Windows to avoid spurious compliance violations
- Bug fix for activating personal hotspot on iOS devices via the action in the device dashboard
- Bug fix for the "No policy" filter option in the device inventory
- Bug fix for searching for organizations in Store Orga
- Bug fix for validation in the modal window for the "Enable Lost Mode" action for iOS devices
- Performance optimization when updating the "Installed Apps" overview in Windows device details.
- Prevent timeout when publishing ruleset versions when applied to many devices that are updated synchronously
- Dealing with duplicates in VPP messages
The changelog for the release can be found here.