Groups

New system group “Content Manager”

Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the group Content Manager can use the following functions Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the Content Manager group can use the following functions in Relution:

• View and move apps
• Edit/approve app requests
• Create/manage categories
• View purchased apps and books
• Assign purchased apps and books to devices and/or users
• View users and groups (but not create/edit/delete)
• Assign auto-deployments to users and groups
• Manage VPP users
• Edit App Store settings
• Edit VPP settings
• Edit timetables and school subjects

Notification

Notification center in the Relution Portal

From now on, upcoming changes and important news will be displayed in the Relution Portal. The new Notification Center is located in the upper right corner and informs about expiring tokens and certificates as well as new Relution server versions. Newly available notifications are displayed via a badge. The following information is currently available for the respective roles:

System Administrator

• Release notes for a new Relution version, if the backend is not up to date

Organisation Administrator

• Expiring iOS Client Provisioning Profile
• Expiring VPP tokens
• Expiring DEP token
• Expiring MDM Push Certificates
• Expiring App Store Push Certificates

Security

Make login password for enrollments configurable

The length of the passcode for enrollments can be defined via the yml file. There is a possibility to choose a passcode between 5 and 16 characters. This way the security of authorized enrollments can be increased:

1 relution:
2 enrollment:
3 passcodeLength: 16


Operating system specific requirements regarding password length have to be considered additionally. After the change, the instance must be restarted.

iOS

Send app text messages to a device

In order to send a message to a device user as an administrator of Relution, the action “Send message” can be used. Title and content can be defined.

To receive the message, the Relution app must be installed on the device. When it is launched for the first time, push notification must be enabled.

Subsequently managed apps

Non-supervised apps installed by users on a device are updated if the device administrator defines the same app as a required app via app compliance or assigns it to a group or users via auto-deployments. On devices that are not supervised, a dialog appears asking if app management should be done via Relution. After confirmation, the app is updated and will be a managed app afterwards. On supervised devices, no dialog appears and the action is performed automatically. If there is a VPP license for the managed app in the Relution organization, it will be assigned automatically. No Apple ID is required on the device.

Usability / Functional Optimization

• Improved dashboard view (new portal)
• Optimized adjustemnt of the column order in the list of purchased apps (new portal)
• Improved display of table headers (new portal)
• Configurations of old versions of policies can no longer be edited (new portal)
• Performing an automatic refresh after plausibility check of the VPP synchronization history in the settings (new portal)
• Enable restriction "Force request permission to leave an unmanaged class" in an iOS policy to be stored (new portal)
• Avoid redundant information by removing additional toast messages when saving settings (new portal)
• Improved error message when resetting the password if the mail server is not available (new portal)
• Fix selecting actions in the device details (new portal)
• Fix creating a new enrollment, so that the selection of a policy in the corresponding dialog window can be permanently cleared and does not appear again (new portal)
• Extension of the iOS update action to include the selection of multiple iOS and tvOS devices (new portal)
• Extension of the detail pages of Android Enterprise devices to include the serial number (new portal)
• Extension of iOS restrictions for student devices to not be able to change the background image during an active exam session on the devices
• Extension of the iOS weblink configuration by specifying an app with which the configured weblink should be opened on the device
• Improved error message for invalid app approval status information when uploading apps to Relution
• Error prevention through non-deletable system groups
• Identifying a failed policy update on Android Enterprise devices when the management API returns invalid values
• Display of a warning when certificate authorities or certification templates are deleted in the settings if certificates based on them have been created that may become invalid as a result
• Fix blocking popup window that prevents using app detail page of public apps (new portal)
• Fix changing device name via CVS upload in auto-enrollments (new portal)

Technical Optimization

• Optimization of file upload in different organizations through a multi-tenant user (new portal)
• Enhancement of automatic installation of iOS system apps such as Pages or Numbers with available VPP licenses on student devices when the lesson is started from the teacher device
• Performance optimization by avoiding unnecessary pushes to devices for actions that have not yet been executed
• Optimization in the creation of organization names in the context of self-service registration to ensure unique organization names
• Improved error message in case of "incorrect configuration" of Android Enterprise permissions by validating entered values
• Optimized maintenance of permissions for users in the system organization to ensure that logon to the system organization is possible
• Automatically repeat the installation of a newly versioned iOS policy at a later time if the device cannot currently perform a profile installation
• Web API view now uses OpenAPI v3
• Using schema version 3.3 instead of 4.2 for the Liquibase database change log to avoid blocked XML schema downloads by restrictive proxies
• Troubleshooting Android Enterprise policy cloning by not cloning an existing managed app configuration
• Troubleshooting when working with the Relution App Store when two identical app release workflows have been created in the workflow settings

Technical Changelog

Find changelog of the release here

OS Update

Ensuring OS updates on Samsung devices

A new Android Relution Client is available for the classic enrollment with Device Administrator (Android Legacy) of Samsung devices, which restores compatibility with the Android 7 or older operating system. The current version is now compatible with both Android 7 and older as well as Android 11. The latest Android Relution Client version 3.95 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Android 11

Adjustment of manual enrollment of Samsung devices without KME

For the classic enrollment with device administrator (Android Legacy) of Samsung devices with the Android 11 operating system, a new version of the Relution Client is available. This includes an adaptation for this enrollment type, as Samsung has changed the API and enrolled devices will otherwise be withdrawn again, as Samsung does not recognize the accepted Knox license.

iOS

Relution Shared Device configuration for single app mode

There is now an additional checkbox “Lock device to enforce login” in the configuration. If this option is activated, the Relution app is put into single app mode as long as no user is logged in. Only after login into the Relution app access to other (authorized) apps will be granted.

For example, to be able to switch to another WiFi outside of the school WiFi, the Relution app must not be operated in single app mode to allow access to the settings. For this case, the option “Lock device to enforce login” must be disabled.

Additional restrictions for Apple Classroom on iOS

With an iOS policy different restrictions for the Apple Classroom app can be set in Relution:

• „Allow the teacher to lock apps and devices“ - allows the teacher to lock a student's device or an app open on the device
• „Force automatic join in Classroom classes“ - students are not asked to join a class when activated
• „Request permission on leaving unmanaged Classroom class“ - leaving an unmanaged class requires permission from the teacher when activated

Android Enterprise

Skip password setup during device enrollment

When setting up enrollments for Android Enterprise Fully Managed Device, an additional checkbox can be set to skip setting up passwords/patterns during the enrollment process on the device.

Update enrollment:

Bulk enrollment:

Extension of the WiFi configuration

Addition of the EAP security type and proxy settings to the WiFi configuration for Android Enterprise Fully Managed Device.

macOS

Managed apps for macOS 11+

Relution is now fully compatible with macOS 11+ and supports provisioning of managed apps on macOS with Bug Sur.

Managed AppConfig for macOS 11+

Relution supports the configuration of managed apps via AppConfig for macOS with Big Sur. This feature is available as a configuration in the Relution policies for macOS.

tvOS

OS update action for tvOS devices

In the device details, the button “Apply Action“ under the “Actions” tab allows for installing OS updates on the selected device.

Furthermore, the WiFi MAC address for tvOS devices is now displayed in the device inventory.

Administration

SFTP synchronization for Apple School Manager (ASM)

In order to minimize administration efforts when maintaining class records in both systems Relution and ASM, an SFTP synchronization can be set up in Relution under “Settings -> Apple School Manager Synchronization”. The required SFTP-URL, -user and -password are available in ASM.

This way, data sets with school context such as users for teachers and students as well as classes created in Relution can be synchronized with ASM. For this, at least one class, one teacher and one student must exist in Relution. Users must belong to either the “Teacher” or “Student” system group in Relution in order to be included in the synchronization.

When a user is created in ASM automatically, the first name, last name, and email address of the corresponding Relution user are used. In ASM it can also be activated that for each imported Relution user a Managed Apple ID is created in a predefined format. In Relution, the created Managed Apple ID is also stored for the corresponding Relution user in the according user profile. For example, the Managed Apple ID can be used for login to the Apple Shared iPad in order to distribute individual apps via Relution.

When setting up SFTP synchronization in Relution for the first time, an initial sync with ASM is performed. If the corresponding Relution organization is not yet known to ASM, a new location is being created automatically. Subsequently, the sync is performed once per day per organization by default.

Extension of CSV import for users

All properties that can be specified when creating a user manually are also possible via CSV import. In addition, up to 15 user-specific properties can be defined. The corresponding column names must be specified with custom1 to custom15:

userid,email,first name,last name,password,phone number,position,country,managed apple id,custom1,custom2,…,custom15

Usability / Functional Optimization

• Improved workflow when importing users via a CSV file

Technical Optimization

• Optimize verification of payload signatures for newly enrolled Apple devices
• Increase frequency of periodic pushes to Apple devices to optimize action delivery
• Optimization of VPP licenses for apps referenced in multiple VPP tokens
• Automatic renewal of PKI certificates
• Performance optimization by preventing server synchronization of groups when LDAP connection is interrupted
• Fixing issue when saving auto-enrollments several times

Technical Changelog

Find changelog of the release here