Windows
Relution now supports auto-enrollment via Windows Autopilot, allowing Windows 10/11 devices to be quickly and easily inventoried in Relution. Afterwards, enrolled Windows 10/11 devices can be further configured via Relution policies and apps can be installed on the devices.
Windows Autopilot can be used with Windows 10/11 Professional, Enterprise or Education from version 1709. An Azure instance with an Azure Active Directory (ADD) and Azure AD Premium P2 subscription is required.
In the Relution settings under -> “Organisation” -> “Azure Active Directory”, a guide supports the setup and linking of Azure AD with Relution. All further details on settings in Azure AD and Microsoft Store for Business are described in our Insight Windows Autopilot Enrollment with Relution
Relution Portal
The obligation to publish an imprint and a privacy policy lies with the operator of the Relution system. Therefore, Relution offers the possibility to link your own imprint and privacy policy in the Relution portal. Please note that the following configuration parameters are set for your On Premises installation.
relution.legal.imprintUrl (RelutionLegalProperties, type Uri)
If the parameter is set, a link to this URL is always displayed on the login page of the Relution portal. By default, no imprint is stored.
relution.legal.privacyPolicy.de /.en /... (RelutionLegalProperties, type Uri)
relution.legal.eula.de /.en /... (RelutionLegalProperties, type Uri)
If one of the parameters is set, an administrator of the organisation must agree to the declarations initially when logging in or after creating a new organisation. By default, no declarations are stored.
relution.legal.helpdeskUrl (RelutionLegalProperties, type Uri)
Optionally, a customer-specific helpdesk link can be stored, which is called up in the Relution Portal next to the profile in the top right-hand corner of the support toolbar under Helpdesk. By default, the Relution Helpdesk is linked.
Apple
Currently, all open actions are cancelled as soon as any of the following actions are sent to iOS devices in “Not Now” status:
So that no important actions are lost due to the current behaviour, the above-mentioned actions are treated with priority from now on, and then all other open actions are executed without deleting them.
Apple has released a new interface for VPP licences. Relution’s VPP connection has been updated to the new interface. As a result, the synchronisation is much better performing and faster. In addition, Relution is now proactively informed by Apple when there are changes in the VPP licences. Manual synchronisation is no longer necessary.
Relution is successively renewing its existing apps. The previously combined functions of the Relution Client for iOS and Android will in future be outsourced to independent apps based on Flutter technology. Relution is thus following the latest technological standards. The same code basis of the apps enables a cross-platform offer on a functional level.
With Relution 5.10, the existing functions of the Relution Client for iOS will be outsourced to the following stand-alone apps as a first step:
The migration for Relution Clients already in use will be carried out with the next Release 5.11. Existing Relution Clients for iOS will then be replaced by the new apps.
All important information is summarised in our Insight Relution App Family. When preparing for the migration with 5.11, please note the mandatory measures for the move to the respective new apps.
When the new Relution Teacher App is installed on a managed device via Relution, a managed app configuration is simultaneously applied to the device so that the user is automatically logged into the Relution Teacher App.
Android
By integrating interactive whiteboards in the digital classroom, Relution can now be used to realise even more lively lessons. Based on the Android Classic enrollment in Relution, enrolled devices can be configured with the “Interactive Whiteboard Configuration”. For example, hardware buttons and the touch function can be deactivated and access to the device settings and the use of the remote control can be blocked in order to prevent unauthorised changes to the devices in the classroom. Furthermore, automatic switch-on and switch-off times can be defined.
The Android Classic configurations “App Compliance” can be used to install apps from the Google Play Store and the configuration “Kiosk Mode” can be used to operate enrolled Interactive Whiteboards in Kiosk Mode. All further details on the enrollment and configuration of interactive whiteboards in Relution are described in our Insight Managing Interactive Whiteboards with Relution
Currently, Relution can be used to manage the galneoscreen of the manufacturer wende.interaktiv and prepare it for teaching. The offer is being continuously expanded and in the future other manufacturers of interactive whiteboards will be supported by Relution.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Global Policies
When using global policies from the store organization in subordinate clients, Relution Android Client 5.5 ensures the installation of apps on devices. More information about global policies with Relution is available in our Release Note Relution Portal 5.7
Android 6.0+
Relution Android Client 5.5 still supports Android versions 4 and 5. Contrary to the original announcement on 25 November 2021 all subsequent Relution Android Client versions will only support Android 6 and newer.
The current Android Relution Client Version 5.5 can be downloaded from the Google Play Store or alternatively from our Download Center.
Apple
On iOS devices that are protected with a password or PIN, the KeyChain is locked and not all actions are processed. In this case, the device reports the status “Not now”. Sent actions are not processed until the device is unlocked. This behavior also prevents the immediate activation of the “Lost Mode” or the resetting of the device password.
To ensure that required actions can be performed in case of loss or theft, the behavior has been adjusted. All pending actions are now cancelled as soon as an “Activate Lost Mode” or “Reset Password” action is sent to the device. This way, the devices and data can still be protected.
Relution now offers the possibility to enroll private Macbooks without the owner having to give up all control over the device. Information about iOS user enrollment with Relution is available in the insight Apple user enrollment
The integrated iOS user enrollment in Relution now supports account-based user enrollment of devices that are not in the state „supervised”.
The prerequisite for this is either a manually created user enrollment for a corresponding user in the respective Relution organization or the activation of “Allow account-controlled Apple user enrollment for all users” in the device management settings of the respective Relution organization.
Option 2 makes it much easier to register personal devices in Relution. As soon as a Relution user registers via the option “Log in to work or school account…” in “VPN & Device Management” of the general settings on the private device, a user enrollment is automatically created in Relution. Via the managed Apple ID of the respective user, the registration URL of the MDM solution is automatically identified. After logging in with the user’s login data from Relution, the device automatically appears in the inventory list of the corresponding Relution organization after successful authentication and can be managed as described in the insight Apple user enrollment
For VPN settings, the custom SSL type can be configured to establish an OpenVPN connection for managed devices. This is necessary for e.g. OpenSSL support.
Android
For Android Enterprise devices, apps can now also be added manually in the “Manage apps” configuration by providing the internal name. This means that system apps that are preinstalled but not available in the Managed Google Play Store can also be used. This option is also available for the Android Enterprise kiosk mode.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Relution Portal
All-clear on the log4j/log4shell vulnerability: our system is not affected by the critical vulnerability in the log4j Java library. Relution uses support for Splunk (splunk-library-javalogging). The framework brings log4j-core in version <2.15.0. However, the affected framework is not used by Relution and thus the vulnerability cannot be exploited in Relution. More about this in our News
With Relution 5.8, the unused library log4j-core was completely removed.
The Relution Portal is now available in the additional languages Spanish, Italian and French. This enables our international customers to have a more comfortable user experience in their local language.
Apps can now also be conveniently added in the detail view of an existing app category. Adding individual apps via settings in the respective app details is also still possible.
Apps from Apple that are usable for multiple platforms are displayed in the app inventory list with the corresponding platform icons.
Apple
Since Relution 5.7 it is possible to enroll iOS devices of private users (BYOD without DEP and not supervised) via iOS User Enrollment. With Relution 5.8 this feature is officially supported and is no longer a beta version.
In the context of iOS user enrollment, organization apps can be deployed to private devices by assigning VPP licenses to users rather than devices. VPP licenses are thus not tied to devices but to individual users. If a user uses multiple devices and has been assigned a VPP license, the corresponding app can be used on all devices. Assigned VPP licenses can also be withdrawn from users via Relution.
In order to assign VPP licenses of an organization to private users, the users must be linked to the VPP token of the respective Relution organization. For this purpose, a Managed Apple ID must be stored in the respective user profile for the corresponding users in Relution. The Managed Apple ID is created in the respective Apple School Manager or Apple Business Manager account of the organization for a user.
If an iOS user enrollment is created in Relution, it is mandatory to add a user with a pre-populated Managed Apple ID. If a private device is enrolled via the iOS user enrollment, the user with the pre-filled Managed Apple ID logs in and the device is enrolled in Relution. If the user with the Managed Apple ID does not yet have a connection to a VPP token, Relution will automatically take care of the link and the user will appear under VPP users in the “Assigned” status. If multiple VPP tokens exist for the organization, the first VPP token in the order of stored VPP tokens under VPP user accounts in the Relution settings is always used. Subsequently, VPP licenses can be transferred to the VPP users in the “Assigned” status via Purchased apps in Relution in order to be able to install apps on the private devices via the VPP token of the organization.
Los usuarios que no tienen un ID de Apple gestionado en Relution pueden ser invitados a usuarios VPP a través de un proceso manual. Lea más sobre esto en el idea Inscripción de usuarios de Apple
Predefined VPN connections and per-app VPN configurations can also be applied to private devices via iOS user enrollment. When configuring the VPN connection, “For apps and accounts” and “VPN on demand” must be activated. Then, the app to VPN assignment is set up and the previously created VPN connection is linked to a desired app. After applying the published policy to the private device and installing the corresponding VPP license, the app is automatically connected via VPN.
If an Apple device does not accept sent actions and reports back with “Not now”, a new status “Not now” is displayed for this action in the action overview in the Relution Portal. The status is also displayed for this device in the inventory list in a new column “Connection Status” as well as in the device details in the upper info box. As soon as the device responds with another message, the status will be updated accordingly in the Relution Portal.
Android Classic
The functionality of using global policies in Store Orga introduced with Relution 5.7 is now also available for Android Classic policies.
Windows
For enrolled Windows devices, it is possible to offer configurations and apps from Relution via different communication channels, the so-called device context or user context. For example, if apps are applied to a Windows device via the device context, the app is installed in the main file system of the device and can be used by all users. If, on the other hand, the app is applied via the user context, it is installed in the own files system of the enrolled user with whom the device enrollment in Relution was performed and can thus only be used by this user on the device. If apps are installed via the device context, they can be uninstalled via Relution, but they are still installed in the main file system on the Windows device and are only no longer visible to the user enrolled in Relution. For all other users on the device the app is still available.
In the device details, the last communication channel for Windows devices shows which context (device or user) was used.
In the device details of Windows devices, existing network adapters are displayed in a fold-out section at the bottom of the information. Available information includes MAC address, IPv4 address, IPv6 address, type of network connection (wired/wireless), and connected (yes/no).
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Android 12
The compatibility of Relution with the Android 12 operating system is ensured with the Android MDM agent in version 5.3 for Android Classic or Android Legacy enrollments (device administrator). Thus, all previously supported MDM functions under Android 11 are guaranteed and an update of managed devices with Relution can be executed without any problems.
In general, it is recommended that devices managed with Relution should be switched to Android Enterprise if the classic management via device administrator is still being used. The compatibility of Android 12 devices with Relution via Android Enterprise enrollment is ensured with Relution Server Version 5.7.
Learn more in our Android 12 News
Kiosk Mode
Support new options for arranging icons in kiosk mode for Android Classic or Legacy enrollments (device administrator) with Relution version 5.7
The latest Android Relution Client version 5.3 can be downloaded from the Google Play Store or alternatively from our Download Center.
Relution Portal
Global policies can be defined centrally in the so-called Store Orga, a superordinate level. When a policy is published in the Store Orga, it is made available to all subordinate clients and can be rolled out to the corresponding devices. This functionality is especially relevant for organisations that operate several clients with Relution, but have central administration and want to define policies centrally. Conceivable here are cities, districts or school boards that look after several schools.
Currently, policies for iOS, tvOS, macOS and Android Enterprise are supported.
How to configure a store organisation is described in our Manual
In order to ensure digital education for all students, also in homeschooling, schools are handing out more and more school-owned devices to students as temporary loans. As a lending system, Relution supports the lending process and ensures a transparent overview by assigning users to the devices handed out and storing different terms of use and lending periods. This ensures the documentation of all loaned equipment and the current status and availability can be conveniently called up in Relution at any time.
Exceeded loan periods are automatically marked. In addition, rules can be defined which, in the case of missed return deadlines, e.g. set the device to the device status “non-compliant” and then automatically execute correspondingly defined actions. For example, a message can be sent to the user and the administrator or the loaner device can be blocked.
How the Relution lending process works in detail is explained in the Insight Lending devices with the Relution lending system
For a better overview, notifications that are not relevant can be hidden in the Notification Centre. A restore button can be used to manually show all hidden notifications again as long as no new Relution Server version is available.
Hidden notifications are automatically displayed again if the urgency or content of a message changes. For example, if the information about an expiring VPP token is hidden in less than 7 days, the notification is automatically displayed again if the period is less than three days and the message thus changes to the warning level.
If the information about a new server or client version is hidden, e.g. server version 5.7, it is displayed again as soon as the next higher version is available, e.g. server version 5.8.
In addition to the current synchronisation interval (syncInterval), a schedule (cron expression) for all LDAP synchronisations can now be defined in the server configuration (application.yml) to determine exactly when LDAP synchronisations are to be carried out.
Details on the possible settings for LDAP synchronisation are given in the Manual
Apple
Relution now offers the possibility to enrol private iPhones and iPads without the owners having to give up all control over the device. This way, private devices of students or employees can also be integrated and used in a school or company context.
In the future, Relution will also support user enrolment for macOS devices.
For more information on user enrollment with Relution, see Insight Apple User Enrollment
In the DEP profile, an administrator account can be configured for macOS devices and the initial setup can be automated during commissioning.
The password of MDM-generated administrator accounts on enrolled macOS DEP devices can be changed subsequently via the action “Change password for local administrator account”.
Android Enterprise
For Android Enterprise devices, apps from the Google Play Store can now also be installed via actions in the device details.
For the Manage Apps configuration of Android Enterprise, it is possible to allow apps to share information across work and personal profiles of a device. This setting is subject to device user consent and is available from Android 11.
Windows
Via the configuration “Security options for local device”, security settings and restrictions for Windows devices and local access can be made in order to secure the devices remotely.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Relution Portal
With Relution 5.6 the icon set has been extended and adapted. Please note that Android Enterprise uses a new icon and Android Classic has received the old Android Enterprise icon.
You can define your personal start page for each user. If the terms and conditions are initially accepted, the dashboard is automatically set as the start page.
For CSV uploads there is a possibility to choose between comma and semicolon as separator for data sets.
Windows
Relution’s compatibility with the new Windows 11 operating system is ensured. All previous Relution MDM features for Windows 10 Home, Professional and Education are still supported. The update of managed devices with Relution can be performed without any problems.
Learn about the possibilities of managing and configuring Windows devices with Relution in our Insights
The Secure Mail Gateway can now also be used for Windows devices. In the Relution settings, the operating system can be selected under Permissions for enrolled devices, and certain Windows versions can be excluded.
The globally configured Secure Mail Gateway can then be activated via the Exchange configuration for Windows.
Alternatively, an Exchange Host can still be defined manually.
Android Enterprise
For Android Enterprise devices, it is possible to set up a personal profile on a managed device. For this purpose, the type “Set up managed device with a personal profile” must be selected in the second step when creating an enrollment in order to use the enrollment type “Personal profile”.
For multi-enrollments, this option is also available when creating enrollments.
After the device has been registered in Relution, the enrollment type “Personal profile” is displayed in the device inventory and the “Personal” and “Work” sections are automatically available on the device. The device can now be used privately, but is under the full control of the MDM. Unlike a private device with a work profile, the user cannot delete the work profile here.
The device details also show whether the personal profile is allowed.
The screen on the Android device is divided into the “Personal” and “Work” sections. It can be switched at the bottom of the display.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Windows
With Relution 5.5, Windows 10 integration is no longer a beta version and is now officially supported. Windows 10 devices can be enrolled, managed and configured. All features previously implemented for Windows 10 are fully available. For more information about the feature set of Windows 10 with Relution see Relution Insights
For Windows 10 devices, the Manage Wallpaper configuration can be used to define a wallpaper for the desktop and lock screen, as well as save text in color on the wallpaper. This feature is available for Windows 10 Enterprise and Education editions.
Android Enterprise
Add Kiosk Mode configuration for fully managed Android Enterprise devices. When Kiosk mode is enabled, the device home screen is replaced with a launcher that restricts the device to managed apps. Apps appear on a single page in alphabetical order. It is also possible to individually select a single app as the launcher app, which cannot be broken out of on the device.
User-based certificates and certificate templates (PKI configurations) can be used in the Android Enterprise Wi-Fi
iOS
Apply the settings for “Open from …” also for Copy and Paste:
Translate only on the device itself, do not connect to Siri servers:
Added the new configuration “DNS Encryption Settings” for iOS and macOS devices to be applied globally to all WiFi networks configured via Relution to increase privacy and security.
Existing user accounts on corresponding devices are automatically queried when updating the device details via the “Update device information” action. This feature is only available for Shared iPads or macOS devices enrolled via DEP and in Monitored Mode.
The “Content caching” configuration can be used to configure functions and settings for caching on macOS devices.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Relution 5.4
By means of a CSV file it is possible to update device names and users. The devices are identified by the serial number and the attributes “deviceName” and “userEmail” are replaced with the specified values accordingly. The following set of rules is applied:
In the lesson settings, lessons can be limited to the stored timetable. If this function is activated, no lessons outside the timetable can be started via the Relution teacher console.
Users can be filtered in the user overview via group membership.
iOS
The following new restrictions are available:
When updating iOS devices, the system checks whether the device has the published versions of all the policies in its policy list and the list of executed policies. If it does not, a policy update or an update to the latest published versions of the respective policy is triggered. When a new policy is applied, the current published version is used.
Android Enterprise
If several Android Enterprise policies with a “Manage apps” configuration are applied to a device, only the configuration from the policy with the highest priority was observed until now. Instead, it is now possible to distribute the configuration of apps across multiple policies. The different app lists are now combined into a common list.
If the same app is defined in multiple policies, the entry with the strongest restriction in terms of installation type wins for them:
Blocked > Force-installed > Pre-installed > Available
The rest of the app’s settings (Managed Properties, Permissions, and Advanced Settings) are taken from this configuration.
If the installation type is also ambiguous, the entry from the policy with the highest priority applies. If the app is disabled in at least one configuration, the app is basically disabled on the device.
Windows
For Windows 10 devices, the following configurations can be made for Antivirus:
With the “Windows Licensing” configuration, a license key can be stored on the devices in the XXXXX-XXXXX-XXXXX-XXXXX format for the Windows 10 Education, Enterprise, Pro and Home editions.
Multi-enrollment is an efficient way to set up a large number of Windows 10 devices to be managed by an MDM server without the need to re-image the devices.
For more details see the Microsoft documentation on bulk enrollment
For better clarity in terms of compatibility of policies and their configurations and actions for Windows 10 devices, badges are displayed with the Windows editions and versions to which the corresponding settings and actions can be applied. Here, version 1507 is the minimum supported version and is therefore not displayed. Configurations and actions that are available for all supported editions Home, Enterprise, Education and Pro also do not receive a badge. All other supported editions and versions are displayed accordingly. Configurations and actions can be applied to Windows 10 devices with editions and versions that are not compatible, but the settings are not executed.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Android Enterprise
Troubleshooting Samsung devices enrolled via Android Enterprise with a work profile, where the installation of additional apps caused a crash.
Kiosk Mode
The ad blocker is not activated when the kiosk mode configuration is executed on a device.
Policies
Fix crashes caused by duplicate database entries of the status of policies on some devices.
The latest Android Relution Client version 5.2 can be downloaded from the Google Play Store or alternatively from our Download Center.
Relution 5.3
In addition to configuring column display and column order, list views can be further customized at the user level. By means of a “handle” that appears on mouse-over on the individual column headers, column widths can be moved via drag and thus enlarged or reduced. The settings are saved per user, are permanently available and can be adjusted at any time.
The app details now list the devices on which the app is installed in the respective version. Furthermore, the app can be removed or updated directly on the device via a context menu in the view if a newer version is available.
In the device details, apps can now be selected more conveniently from different sources and uninstalled via the “Remove app” action. The options “Relution App Store App” and “Installed App” are now available for the action, as well as the option “Apple App Store App” for iOS and the option “Google Play Store App” for Android. For Windows 10, “Windows App Store App” is not supported yet.
iOS
If multiple iOS policies, each with an app compliance, are applied to an iOS/macOS/tvOS device, the settings of the individual configurations are consolidated and applied to the device. The prioritization of the assigned policies is not applied in this case and the app compliance is executed on the device according to the following set of rules.
Block list and allow list are summarized as follows:
Required apps are summarized as follows:
iPads with OS version 13.4+ that are operated as DEP devices in Apple Shared iPad mode in Relution can now be preconfigured via a policy. The configuration “Settings shared iPad” offers the following setting options:
The use and usage of Apple Shared iPad in Relution is described in the insight Relution with Apple Shared iPad
In the Relution App Store, you can now quickly see whether an existing app is a VPP app or not. In the list view there is a new column “VPP” and in the app details the information is listed under “Additional information”.
Android Enterprise
As a cross-platform mobile device management system for schools, Relution now also enables the convenient configuration of the Samsung Classroom Management app to ensure smooth and privacy-compliant teaching with Samsung devices for teachers and students.
In order for tablets in a class to be controlled via the teacher’s Samsung Classroom Management app, classes must be created in Relution in advance under the menu item “Education” and users must be added for teachers and students. The teacher and student devices are enrolled via Android Enterprise and assigned to the corresponding Relution users.
An Android Enterprise policy with the new “Samsung Classroom Management” configuration can be used to make settings for the class devices with regard to data cleanup and compliance with data protection. This includes, for example, cleaning up the devices after class when restarting or logging out, including cookie deletion. It is also possible to selectively delete app data or entire apps that were applied to the device via the Android Enterprise configuration “Manage apps” and were used in class.
After applying the “Samsung Classroom Management” policy to the enrolled devices of the class, the app is automatically pre-configured on the teacher’s device and all class-related information from Relution is then available to the teacher. There is no need for time-consuming manual configuration during class.
Now, the assigned student devices of the corresponding class can be controlled in class, content shared or devices locked via the Samsung Classroom Management app on the teacher device. It doesn’t matter whether the students are sitting in the classroom as a group or homeschooling at home.
When automating enrollments for Android Enterprise via Samsung KME using multi-enrollment code from Relution, a custom JSON can be populated in the Samsung Knox portal with the enrollment code. See insight Samsung KME with Android Enterprise
The information for the required Custom JSON is now stored in Relution for easier integration in the Samsung Knox portal at the following locations and can be easily copied and pasted:
Windows
Public apps from the Windows App Store can now be added to the Relution App Store and then applied to Windows 10 devices via the “Install app” action.
For Windows 10 devices, it is now possible to install required apps on devices via a policy. With the configuration “App Compliance”, native apps from the Relution App Store as well as public apps directly from the Windows Store can be added.
If the “Auto Install” option is selected for an app, the app is automatically installed on the device. Otherwise, the device is listed as incompatible as long as the app is not installed.
Block and allow lists are not supported by Windows 10.
Hard disks of enrolled Windows 10 devices can be encrypted in Relution via the “Bitlocker” configuration. BitLocker is a security feature from Microsoft that is integrated in certain versions of the Windows operating system. The feature provides for the encryption of system drives, hard disks or removable media. The stored data is protected against theft and unauthorized reading.
The parameters for PIN assignment can be predefined via the “Windows Hello” configuration by providing the Azure Active Directory client ID. This is then used for secure access to enrolled Windows 10 devices by specifying the PIN and for biometric authentication via fingerprint and facial recognition. Using these options, logging in to the Windows 10 device becomes easier and more secure, as the PIN is assigned to only one device and is secured for recovery with the stored Microsoft account.
Via the Windows 10 configuration “Certificate”, uploaded certificates are installed on the device by default according to the applied policy. The certificates are used for the authorized installation of Modern Apps installations such as msix files. Now it is possible to define the KeyStore or certificate store on the device. This can be used to determine whether the certificate is valid for the entire system or only for a user.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here
Relution 5.2
From now on, the most important device information is clearly displayed in an Info Box. The following information is displayed compactly at a glance:
In addition, important actions are offered with one click:
The Info Box also provides relevant information and the most important actions in the case of guidelines:
The Info Box makes the overview heard and simplifies the administration of devices and policies.
iOS
Relution 5.2 allows you to define and activate additional user-defined attributes via the settings. This allows device details to be flexibly extended for a wide variety of use cases. For example, it is conceivable to maintain an inventory number, a location or even a date on which the warranty expires for the device. The logic was implemented dynamically so that a wide range of scenarios can be covered. The additional attributes can also be used in individual policy configurations. This enables, among other things, optimized lock screen messages for iOS devices.
With the optimized device lockout time for iOS devices, devices are no longer put into “Lost” mode, but instead all apps except settings are hidden via a whitelist. This ensures that the devices cannot be used for apps or accessing the Internet outside of defined usage periods. Relution thus provides a way to ensure that digital end devices can also be recovered.
Android Enterprise
In order to better differentiate between classic management (Android Legacy) and Android Enterprise, the Android Enterprise platform has been separated out with the characteristics Work Profile and Fully Managed Device.
When creating policies, a distinction can thus be made between the Android Legacy and Android Enterprise platforms. When maintaining configurations, this ensures that only configurations compatible with the defined platform can be selected.
Existing Android policies are automatically migrated to the correct platform by the update. If an existing policy cannot be determined with certainty whether it is a classic Android or an Android Enterprise policy, the policy will be cloned and may be visible twice in the portal after the update to Relution 5.2.
For more information on setting up Android Enterprise, see Insight Android Enterprise fully managed device & work profile
With the new configuration “Manage system updates”, the installation of operating system updates can now also be configured for Android Enterprise devices. Android Enterprise offers the following options for selection by default:
The optimized integration of the Managed Google Play Store ensures that public apps are either linked into the Relution Apps Store first or that apps can be selected directly from the Managed Google Play Store in a policy. Additionally, web links or .apk files can also be maintained in the Managed Google Play Store and associated with a device via a policy.
The maintenance of managed app configurations has been fundamentally revised with Relution 5.2. Especially complex managed app configurations can be searched comfortably. This simplifies the administration of apps. In addition, managed app configurations can be exported and imported with Relution 5.2. This means that configurations can also be easily distributed across organizations.
Windows
To further increase the security of Windows devices, additional functions have been integrated with Release 5.2. A Windows Defender scan can now be performed via a new action. You can choose between the two options “Quick scan” and “Full scan”.
Further details have been added to the device information for Windows devices. For example, the time of the last Windows Defender scan can be evaluated in the “Health” section.
An additional action can be used to conveniently create new local user accounts on Windows devices. When creating local user accounts, an initial password can be set in addition to the user name. It is also possible to specify whether the account is an administrator account.
To be able to use the remote desktop functionality on a Windows 10 device, it must be enabled for this purpose. The function can be activated on devices via the “Remote desktop service” configuration. All members of the remote desktop user group on the target device then have the option of accessing the device and transferring their screen completely. The functionality is not available for Windows 10 Home devices.
The start menu on a Windows 10 device can be personalized via the „start menu” configuration. Among other things, the following information can be predefined:
With Release 5.2, no password entry is required in the Exchange configuration. As a result, the personal password must be entered directly on the Windows device.
If Windows Apps from the Microsoft Store are installed on a device using the Auto-Depolyments function, the action performed is displayed in the device details.
macOS
With Release 5.2, the installation of .pkg files has been further optimized. This allows native apps to be installed centrally in addition to apps from the Apple App Store.
Additional details have been added to the device information for macOS devices. In the future, the MAC addresses can be read in the Network section.
Usability / Functional optimizations
Technical optimizations
Technical changelog
The changelog for the release can be found here.
Relution 5
With Relution 5, the system for cross-platform device management is expanded by many functions. In addition to numerous optimizations for iOS, macOS, tvOS and Android Enterprise, the management of Windows 10 devices is also enabled. Relution does not require any cloud IDs and can be operated in your own infrastructure in compliance with data protection regulations.
Relution 5 can thus be ideally used with different devices in a variety of application scenarios. The open interfaces of the overall system also enable integration into existing IT system landscapes.
Before installing Relution 5, the Relution 5 Update Checklist should be considered.
Windows 10
Relution 5 supports the management and configuration of Windows 10 devices. For more information see Insight Manage Windows 10 devices with Relution
Supported versions are Windows 10 Home, Windows 10 Professional, and Windows 10 Education. Relution user assignment is required at enrollment.
Then, enrollment can be performed on the device using the appropriate user email address, MDM server URL, and enrollment code. Microsoft ID is not required for enrollment.
Enrolled devices can be configured via policies. Restrictions can be used to restrict selected device functions.
Actions applied can be used to restart a device, update device information, or reset a device to factory default.
Modern Windows apps can be natively uploaded to the Relution Store and installed and uninstalled via actions on enrolled Windows 10 devices. To create modern Windows apps and convert them to other file formats for Windows apps, see insight Windows apps for Windows 10 devices with Relution
The range of functions for configuring, restricting and securing Windows 10 devices as well as installing applications will be continuously expanded from now on.
Policies
Relution 5 allows device configurations to be applied across multiple policies on a single device. For example, a base policy can now be used for all devices, plus individual policies with configurations for specific devices. The new functionality applies to all iOS, Android, and Windows 10 platforms. Furthermore, iOS, macOS and tvOS also allow multiple restriction configurations to be applied to a device, which iOS automatically combines on the device. For more information, see Insight Apply multiple policies to one device
Basically, there are configurations that can be present multiple times on a device and configurations that may only be present once. For each platform, it is therefore now possible to specify an order for the policies, which can be used to define the priority. If several policies are now applied with a configuration on a device that may only be present once, the settings of the first policy have priority and are adopted.
To better track the application of individual configurations on devices, the compliance view in the device details has been revised with Relution 5. For each policy applied, all current configurations on the device can be viewed at a glance.
Relution Portal
Relution 5 appears in a new look and feel. The modern look and feel includes the new Relution branding and a more intuitive user interface. Thus, the usability is increased by an improved structuring of the information and an improved usability and the work is much easier. For more information see Insight New Relution Portal
The new portal includes the following optimizations:
VPN
Relution 5 enables the configuration of VPN for domains for iOS. This allows a VPN connection to be automatically established when accessing defined domains and thus access protected content. For this purpose, “VPN connections for apps and accounts” must be activated in the VPN settings. Afterwards, the desired domains can be entered directly in the VPN configuration.
Relution 5 enables the configuration of VPN for iOS apps. This allows a VPN connection to be automatically established for selected apps and thus protected content to be accessed. The configuration “App to VPN mapping” must be created in the policy in which the desired VPN connection for the apps is also configured (not possible across policies). The functionality is available for the VPN types IPSec, AnyConnect and JuniperSSL. L2TP is currently not supported by iOS.
E-mail addresses
As of Relution 5, the email address for new user:in Relution is unique and cannot be used by another user:in the same or a different organization. This uniqueness is used in user authentication via Single SingleOn (SSO) to identify the user:in and assign them to the correct organization. Relution supports the OpenID Connect and SAML protocols.
Android Enterprise
Apps can be added to the Relution App Store directly from the Managed Google Play Store with Relution 5 and can then be distributed to compatible devices. This requires that Android Enterprise is configured for the Relution organization. See Insight Android Enterprise set up in Relution
When enrolling a device with Android Enterprise, it is recommended to always protect the device with a password. In case this is not desired, it is now possible to disable the requirement during enrollment. By default, the option “Always require a device password” is enabled. This will always require a password to be assigned on the device regardless of a password policy. Especially for class sets or loan devices at schools, this feature increases flexibility in use.
Enrollments
Relution 5 enables the creation of a multi-enrollment code. This means that any number of devices can be enrolled with one code. The optimization simplifies mass Android enterprise enrollments, for example for class sets or loan devices at schools, but also for enrollments of Bring Your Own Device (BYOD) devices with iOS.
The automatic enrollment of Samsung Knox Mobile Enrollment (KME) devices with Android Enterprise is also simplified by transferring the multi-enrollment code from Relution via Custom JSON into the MDM profile at Samsung KME. This eliminates the need to manually scan the Android Enterprise enrollment code from the Relution portal, further automating enrollment. For more information see insight Samsung KME with Android Enterprise
Configurations
Relution 5 enables the control of device names via a policy. A variety of placeholders can be accessed to allow dynamic individualization of device names.
With Relution 5, the time zone can be automatically transmitted to iOS devices via policy. This way, the activation of location services during commissioning can be completely omitted and thus an out-of-box experience (OOBE) can be realized. The activation of location services can be skipped by setting in the DEP profile.
Usability / Functional optimizations
Technical optimizations
Technical changelog
You can find the changelog for the release here
iOS
With Relution iOS Client 5.0, iOS version 12.4 and later is supported.
App Icon
The app icon for the Relution iOS client is now displayed with the new Relution logo.
Rate apps
The functionality to rate apps in the Relution App Store has been removed from the Relution App, analogous to the server and portal.
The latest iOS Relution Client version 5.0 can be downloaded from the Apple App Store or alternatively from our aus unserem Download Center heruntergeladen werden.
Relution server 5.x
For the upcoming Relution Server version 5.x, Relution Android Client 5.0 is mandatory for classic enrollments (Android Legancy). Relution Server version 4.x is also supported. Version 3.x is no longer supported and the app reports an incompatible server version when trying to enroll. This does not apply to Android Enterprise enrollments.
Device enrollment
Classic enrollment of new Android devices on the upcoming Relution Server version 5.x (Android Legacy) requires the use of Relution Android Client 5.0. Older app versions are no longer compatible and report an error. Devices already enrolled with an earlier version of the app will continue to work. However, it is recommended to update the app in a timely manner. This does not apply to Android Enterprise enrollments.
Policies
Relution Server 5.x will support applying multiple policies on one device. To ensure full compatibility with Android devices that are classically enrolled (Android Legacy), Relution Android Client 5.0 is required. Older app versions will receive the server merged configurations correctly, but the policies will not be reported back as successfully applied. This does not apply to Android Enterprise enrollments.
Samsung
With Relution Android client 5.0 multiple issues on Samsung devices have been fixed, including several restrictions could not be applied on devices that do not support multi-user profiles.
Android
Some devices running Android 10 incorrectly reported a permission error instead of a serial number. Note that devices running Android 11 or newer will never report a serial number when using legacy device administrator enrollment. This requires the use of Android Enterprise going forward.
Samsung Knox
Improved backwards compatibility with devices running Samsung Knox 2.7.1 and older. Previously only Knox 2.8 and newer were working as expected.
Apps ratings
The functionality to review and rate apps in the Relution app store has been removed from the Relution app, analog to server and portal.
The latest Android Relution Client version 5.0 can be downloaded from the Google Play Store or alternatively from our Download Center.
Notification
As of now, organization administrators and app store managers will be notified about newly available Relution Client versions for iOS and Android via the Notification Center in the Relution Portal. As a prerequisite, native Relution Client apps must be configured in the organization settings. The notification about a new available Relution Client version includes the version number and a link to the corresponding release notes, which inform about respective new features.
Android
For classic enrolled Android legacy devices (device administrator) the action reset password and change password can be used on devices with Android 6.0 and older. The Android Client 3.96 is required to process the action on the device accordingly.
For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.
Usability / Functional optimizations
Technical optimizations
Technical Changelog
Find changelog of the release here
Password
With Relution Portal version 4.79, the action reset password and change password can be applied to devices with Android 6.0 and older for classic enrolled Android legacy devices (device administrator). The Android Client 3.96 is required to process the action on the device accordingly.
For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.
The latest Android Relution Client version 3.96 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.
Single Sign-On
The compatibility of the iOS Relution client with the protocol OpenID Connect for Single Sign-On (SSO) automatically queries which login variants are available based on the user name when logging in. This provides ideal synergies with the data protection compliant Relution Shared Device Mode by allowing users to log in with their existing usernames from existing school directories. In addition, access to configured file shares via SSO is supported, allowing data to be securely stored under the respective user on local school servers.
The latest iOS Relution Client version 4.37 can be downloaded from the Apple App Store or alternatively from our Download Center.
Multi-user mode
As part of Relution’s multi-user mode, iOS Relution Client version 4.36 ensures that when a user logs into the Relution Login screen, no credentials can be stored and used by subsequent users.
The latest iOS Relution Client version 4.36 can be downloaded from the Apple App Store or alternatively from our Download Center.
Groups
Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the group Content Manager can use the following functions Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the Content Manager group can use the following functions in Relution:
Notification
From now on, upcoming changes and important news will be displayed in the Relution Portal. The new Notification Center is located in the upper right corner and informs about expiring tokens and certificates as well as new Relution server versions. Newly available notifications are displayed via a badge. The following information is currently available for the respective roles:
System Administrator
Organisation Administrator
Security
The length of the passcode for enrollments can be defined via the yml file. There is a possibility to choose a passcode between 5 and 16 characters. This way the security of authorized enrollments can be increased:
1 relution:
2 enrollment:
3 passcodeLength: 16
Operating system specific requirements regarding password length have to be considered additionally. After the change, the instance must be restarted.
iOS
In order to send a message to a device user as an administrator of Relution, the action “Send message” can be used. Title and content can be defined.
To receive the message, the Relution app must be installed on the device. When it is launched for the first time, push notification must be enabled.
Non-supervised apps installed by users on a device are updated if the device administrator defines the same app as a required app via app compliance or assigns it to a group or users via auto-deployments. On devices that are not supervised, a dialog appears asking if app management should be done via Relution. After confirmation, the app is updated and will be a managed app afterwards. On supervised devices, no dialog appears and the action is performed automatically. If there is a VPP license for the managed app in the Relution organization, it will be assigned automatically. No Apple ID is required on the device.
Usability / Functional optimizations
Technical optimizations
Technical Changelog
Find changelog of the release here
OS Update
A new Android Relution Client is available for the classic enrollment with Device Administrator (Android Legacy) of Samsung devices, which restores compatibility with the Android 7 or older operating system. The current version is now compatible with both Android 7 and older as well as Android 11. The latest Android Relution Client version 3.95 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.
Android 11
For the classic enrollment with device administrator (Android Legacy) of Samsung devices with the Android 11 operating system, a new version of the Relution Client is available. This includes an adaptation for this enrollment type, as Samsung has changed the API and enrolled devices will otherwise be withdrawn again, as Samsung does not recognize the accepted Knox license.
iOS
There is now an additional checkbox “Lock device to enforce login” in the configuration. If this option is activated, the Relution app is put into single app mode as long as no user is logged in. Only after login into the Relution app access to other (authorized) apps will be granted.
For example, to be able to switch to another WiFi outside of the school WiFi, the Relution app must not be operated in single app mode to allow access to the settings. For this case, the option “Lock device to enforce login” must be disabled.
With an iOS policy different restrictions for the Apple Classroom app can be set in Relution:
Android Enterprise
When setting up enrollments for Android Enterprise Fully Managed Device, an additional checkbox can be set to skip setting up passwords/patterns during the enrollment process on the device.
Update enrollment:
Bulk enrollment:
Addition of the EAP security type and proxy settings to the WiFi configuration for Android Enterprise Fully Managed Device.
macOS
Relution is now fully compatible with macOS 11+ and supports provisioning of managed apps on macOS with Bug Sur.
Relution supports the configuration of managed apps via AppConfig for macOS with Big Sur. This feature is available as a configuration in the Relution policies for macOS.
tvOS
In the device details, the button “Apply Action“ under the “Actions” tab allows for installing OS updates on the selected device.
Furthermore, the WiFi MAC address for tvOS devices is now displayed in the device inventory.
Administration
In order to minimize administration efforts when maintaining class records in both systems Relution and ASM, an SFTP synchronization can be set up in Relution under “Settings -> Apple School Manager Synchronization”. The required SFTP-URL, -user and -password are available in ASM.
This way, data sets with school context such as users for teachers and students as well as classes created in Relution can be synchronized with ASM. For this, at least one class, one teacher and one student must exist in Relution. Users must belong to either the “Teacher” or “Student” system group in Relution in order to be included in the synchronization.
When a user is created in ASM automatically, the first name, last name, and email address of the corresponding Relution user are used. In ASM it can also be activated that for each imported Relution user a Managed Apple ID is created in a predefined format. In Relution, the created Managed Apple ID is also stored for the corresponding Relution user in the according user profile. For example, the Managed Apple ID can be used for login to the Apple Shared iPad in order to distribute individual apps via Relution.
When setting up SFTP synchronization in Relution for the first time, an initial sync with ASM is performed. If the corresponding Relution organization is not yet known to ASM, a new location is being created automatically. Subsequently, the sync is performed once per day per organization by default.
All properties that can be specified when creating a user manually are also possible via CSV import. In addition, up to 15 user-specific properties can be defined. The corresponding column names must be specified with custom1 to custom15:
userid,email,first name,last name,password,phone number,position,country,managed apple id,custom1,custom2,…,custom15
Usability / Functional optimizations
Technical optimizations
Technical Changelog
Find changelog of the release here