Home
Release Note20.08.2025

Relution Server 5.33

Relution

Conditional Access

Conditional access is a security feature of Microsoft Entra that controls access to Microsoft resources and applications such as Microsoft 365, OneDrive, or SharePoint based on the compliance status of the device and the logged-in user. Requirements such as up-to-date patches, a set password, a minimum operating system version, or an encrypted hard drive can be defined. Only if a device meets these requirements is it considered “compliant” and granted access to Microsoft services via Microsoft Entra ID. This applies to all platforms (Android, iOS, macOS, and Windows).

Devices that do not meet the defined specifications are classified as non-compliant and access may be denied. Relution automatically reports the compliance status of the managed devices to Microsoft.

A Microsoft Entra ID P1 license is required to use conditional access. The feature can be seamlessly combined with Relution to manage devices via Relution while using conditional access in Microsoft environments.

Conditional access can be activated in Relution per platform. In addition, a configuration per device is necessary. Two options are available in the configuration:

  1. The device is marked as non-compliant if the user has not yet set up conditional access. This requires a one-time user action: The user must log in with their Entra account, otherwise a compliance violation will occur in Relution.

  2. Users can be reminded to log in via the Relution agent via push notification.

Both settings can be configured independently of each other, allowing administrators to decide whether or not to actively prompt users.

Device groups in dynamic device groups

Dynamic device groups now support a new filter for device groups. This allows both static and dynamic device groups to be included or excluded as filter criteria. This makes it possible to map complex constellations and inheritances – for example, a specific test group can be specifically excluded from a dynamic device group.

This feature offers more flexibility in defining device structures and makes it easier to map individual scenarios in large environments.

Duplicate device groups

From now on, existing device groups can be duplicated. Actions, devices, and policies can be flexibly transferred or skipped. This allows new device groups to be quickly created, customized, and saved under a new name.

If you choose not to transfer the filters when copying dynamic groups, a static device group is automatically created.

Enable and disable individual policies

With Relution version 5.33, administrators can deactivate individual or all policies on a device and reactivate them later. This enhancement was implemented at the request of users and is particularly suitable for testing purposes, as administrators can use the additional filter in the inventory and policy view to see which policies are active or inactive at any time.

Important: Deactivating policies overrides the off-time policy. To reactivate a policy, a manual step is required—redistributing or updating the policy is not sufficient.

Revised license view

The license view has been revised and now offers greater clarity and flexibility. At the request of customers, license information can be sorted, and the unique name of the organization is also displayed to make it easier to identify and manage licenses.

Notification Center – Relution News

With the expansion of the Notification Center, users can receive targeted information from Relution. This feature improves internal communication and ensures that no Relution news is overlooked.

SMG now supports HTTP/2

Starting with Relution 5.33, the SMG (Secure Mobile Gateway) will be converted to HTTP/2. This ensures faster and more efficient connections between client and server as well as improved performance during data exchange.

Apple

iOS 26: New restrictions

Relution is ready for the launch of iOS 26 with version 5.33. Already tested with the beta version, four new restrictions are available that offer additional control options for Apple devices.

Automated certificate issuance with SCEP via Relution directly on Apple devices

In addition to the existing option of automatic certificate issuance using certificate templates within Relution, certificates can now also be generated directly via SCEP on compatible Apple devices, so that the certificate and private key are only available on the device.

Relution enables the use of such certificate templates for iOS/iPadOS devices in VPN, Wi-Fi, and certificate configuration. The following methods are available via SCEP on the device itself:

  • With built-in PKI in Relution
  • Directly with the PKI infrastructure
  • With Relution as an SCEP proxy, so that the PKI infrastructure does not have to be accessible from outside

For Microsoft PKIs, the dynamic challenge password is retrieved by the Relution server using NDES and added to the SCEP communication when the Relution server acts as an SCEP proxy.

This makes the use of SCEP significantly more robust and flexible, especially in environments with limited network connectivity or special security requirements.

Central overview for VPP and DEP accounts

Starting with Relution 5.33, all VPP and DEP accounts for the entire instance are displayed in a central overview in the Global Organization settings. There, the accounts and tokens can be viewed across organizations and sorted by expiration date. This allows administrators to keep track of upcoming token expirations at all times without having to switch between individual organizations, enabling them to respond in a timely manner.

New update mode for Exchange configurations

A new mechanism for controlling policy updates for Exchange configurations is now available. Previously, even the smallest changes, such as to placeholders or metadata, caused iOS to resynchronize the entire configuration—often with high data volumes for large mailboxes. The new update mode “Publish policy update only” provides more control: Updates are only performed when a new version of the policy is actually published.

iOS update status

The OS update status now shows whether an update is pending and when it will be installed. Devices can be filtered to quickly identify pending updates and manage them accordingly.

Option to disable jailbreak detection

A new setting is now available in iOS restrictions that allows you to disable jailbreak detection. This gives administrators the flexibility to decide whether or not to enable jailbreak detection.

Android

Enrollment: Keep system apps enabled

Pre-installed system and third-party apps can now be specifically blocked or enabled during the device enrollment of Android Enterprise devices. The option “Keep system apps enabled” has been introduced for this purpose and is disabled by default. In specific scenarios, such as when enrolling interactive whiteboards, this switch must be enabled to ensure full functionality.

Wallpaper configuration

Starting with Relution 5.33, there is a new configuration for Android Enterprise and Android Classic that allows you to set a background image on devices if the set launcher supports it. In addition, dynamic text, including placeholders, can be displayed on the wallpaper.

To use this feature, you need Android Companion for Android Enterprise with a minimum version of 1.18. For Android Classic, you need Android Companion with a minimum version of 5.37.0.

APN support for Android Enterprise devices

Administrators can now configure and manage APN settings (Access Point Name) directly via Relution. This ensures that devices automatically receive the correct mobile network settings without the need for manual configuration. The feature guarantees a stable mobile connection on all devices.

Important: There must be no conflicts between different APN settings. Invalid values are automatically ignored.

Manage Bluetooth sharing

Starting with Relution 5.33, administrators can specifically control Bluetooth file sharing on Android devices. The Bluetooth icon can also be used to send files via the share dialog (share button) by default. While other options such as Google Quick Share cannot be blocked, Relution now offers the option to allow or disable Bluetooth sharing.

The setting is flexibly available in various usage scenarios:

  • Work Profile (BYOD / Personal Use Case): Bluetooth sharing in the personal profile can be blocked.
  • Company-owned fully managed devices: Bluetooth sharing can also be selectively enabled or blocked on fully managed company devices.

This increases security in Android environments, as uncontrolled file sharing via Bluetooth can be reliably prevented.

Windows

Set device names

Starting with Relution 5.33, the device name can be set on Windows devices using the new Device Name action. Only permitted characters are accepted; unauthorized characters in placeholders are automatically adjusted. Support for placeholders is now available on all platforms via the “Change Device Name” action in the device groups.

Optimized handling of compliance violations

With Relution 5.33, the handling of compliance violations for Windows has been optimized. Duplicate or outdated violations will be managed more consistently and clearly as a result of the adjustment, which significantly improves clarity and traceability in compliance management.

General changes

Relution is discontinuing support for Samsung devices running Android 15+ when managed via Android Classic. We recommend switching to Android Enterprise.

Samsung devices running Android 15 can still be managed via Android Classic. However, basic functions such as installing or updating native apps will no longer be available. With Android 16, Samsung will also remove Kiosk mode.

Technical changelog

The changelog for this release can be found here.

For reasons of better readability, the masculine form is used on this page when referring to persons and personal nouns. In the interests of equal treatment, the corresponding terms apply to all genders. The abbreviated form is used for editorial reasons only and does not imply any value judgment.