Windows

Windows 10 now officially supported

With Relution 5.5, Windows 10 integration is no longer a beta version and is now officially supported. Windows 10 devices can be enrolled, managed and configured. All features previously implemented for Windows 10 are fully available. For more information about the feature set of Windows 10 with Relution see Relution Insights

Manage background image

For Windows 10 devices, the Manage Wallpaper configuration can be used to define a wallpaper for the desktop and lock screen, as well as save text in color on the wallpaper. This feature is available for Windows 10 Enterprise and Education editions.

Android Enterprise

Kiosk mode for fully managed devices

Add Kiosk Mode configuration for fully managed Android Enterprise devices. When Kiosk mode is enabled, the device home screen is replaced with a launcher that restricts the device to managed apps. Apps appear on a single page in alphabetical order. It is also possible to individually select a single app as the launcher app, which cannot be broken out of on the device.

Wi-Fi configuration with certificates

User-based certificates and certificate templates (PKI configurations) can be used in the Android Enterprise Wi-Fi

iOS

New restrictions for iOS 15

Apply the settings for “Open from …” also for Copy and Paste:

• If enabled, the restriction "Allow opening of managed documents in unmanaged apps" and "Allow opening of unmanaged documents in managed apps" can be used to control whether information copied from managed apps can be pasted into unmanaged apps and/or vice versa.

Translate only on the device itself, do not connect to Siri servers:

• When enabled, connections to Siri servers for translation are disabled.

Added the new configuration “DNS Encryption Settings” for iOS and macOS devices to be applied globally to all WiFi networks configured via Relution to increase privacy and security.

Retrieve active user accounts for iOS and macOS

Existing user accounts on corresponding devices are automatically queried when updating the device details via the “Update device information” action. This feature is only available for Shared iPads or macOS devices enrolled via DEP and in Monitored Mode.

Content caching for macOS

The “Content caching” configuration can be used to configure functions and settings for caching on macOS devices.

Usability / Functional Optimizations

• Display of Apple product names in a readable format in the model column of the inventory list and the detail views for devices
• Editing of search field badges via click on an existing chip
• Allow requested apps in the "Published" status in the Relution teacher console.
• Deleting the location data of a device after the device has been located and Lost Mode is deactivated.
• Disable Android Enterprise enrollment and display a tooltip if Android Enterprise is not set up in the settings.
• Showing a tooltip for all iOS restrictions with an iOS 14.5 badge
• Home screen layout editor display by default with switch to grouping apps by categories via radio buttons
• Add filter for devices without policy in inventory overview
• Using the already existing Android Enterprise device if it matches the device identifier of a newly registered device
• Counting delivered actions as open actions for devices
• Ensure prior installation of the App Installation certificate for Windows 10 devices to install an MSIX package via App Conformance Configuration.
• Transfer apps automatically installed via Relution to other physical devices via device backup
• Allow password change for users even if the user is not a member of a group (at least "User")
• Enable auto-enrollments even if the assigned user is not a member of a group (at least "Device User")
• Fix menu in expanded state per user after logout and remember login
• Troubleshooting when applying the "Remove App" action for Windows 10 devices
• Bug fix for sorting and pagination in the app details under "Devices using this app".
• Troubleshooting Android Enterprise Apps Manage Configuration After Individual Apps Configuration
• Troubleshooting duplicate or missing entries in the history Android Enterprise devices

Technical optimizations

• Reduction of logged warnings when retrieving files on Microsoft SQL Server
• Troubleshooting when an LDAP server does not return a "group member" attribute

Technical changelog

The changelog for the release can be found here

Relution 5.4

Extension of the CSV upload in the device inventory

By means of a CSV file it is possible to update device names and users. The devices are identified by the serial number and the attributes “deviceName” and “userEmail” are replaced with the specified values accordingly. The following set of rules is applied:

• If the „device name" column is empty, the name of the device will not be changed
• If the „user's e-mail" column is empty, the user will not be changed
• If no user can be identified by the specified email or multiple users are found, the user will not be changed

Limit lessons to timetable with the Relution teacher console

In the lesson settings, lessons can be limited to the stored timetable. If this function is activated, no lessons outside the timetable can be started via the Relution teacher console.

Filtering users by groups

Users can be filtered in the user overview via group membership.

iOS

Extended restrictions for iOS devices as of iOS 14.5

The following new restrictions are available:

• Allow auto unlock
• Disable connections to Siri servers for the purposes of dictation
• Allow booting into recovery mode by an unpaired device

Checking the policy versions during device update

When updating iOS devices, the system checks whether the device has the published versions of all the policies in its policy list and the list of executed policies. If it does not, a policy update or an update to the latest published versions of the respective policy is triggered. When a new policy is applied, the current published version is used.

Android Enterprise

Applying multiple “Manage apps” configurations

If several Android Enterprise policies with a “Manage apps” configuration are applied to a device, only the configuration from the policy with the highest priority was observed until now. Instead, it is now possible to distribute the configuration of apps across multiple policies. The different app lists are now combined into a common list.

If the same app is defined in multiple policies, the entry with the strongest restriction in terms of installation type wins for them:

Blocked > Force-installed > Pre-installed > Available

The rest of the app’s settings (Managed Properties, Permissions, and Advanced Settings) are taken from this configuration.

If the installation type is also ambiguous, the entry from the policy with the highest priority applies. If the app is disabled in at least one configuration, the app is basically disabled on the device.

Windows

Antivirus settings management

For Windows 10 devices, the following configurations can be made for Antivirus:

• Scan settings for type, interval and others
• File types included in the scan
• File types excluded in the scan
• Advanced settings for Windows Defener and others
• Threat management for all valid threat severity levels
• Rules for the attack surface reduction (ASR)

Manage Windows licensing

With the “Windows Licensing” configuration, a license key can be stored on the devices in the XXXXX-XXXXX-XXXXX-XXXXX format for the Windows 10 Education, Enterprise, Pro and Home editions.

Multiple enrollment for Windows 10 devices

Multi-enrollment is an efficient way to set up a large number of Windows 10 devices to be managed by an MDM server without the need to re-image the devices.

For more details see the Microsoft documentation on bulk enrollment

Badges for Windows 10 editions and versions

For better clarity in terms of compatibility of policies and their configurations and actions for Windows 10 devices, badges are displayed with the Windows editions and versions to which the corresponding settings and actions can be applied. Here, version 1507 is the minimum supported version and is therefore not displayed. Configurations and actions that are available for all supported editions Home, Enterprise, Education and Pro also do not receive a badge. All other supported editions and versions are displayed accordingly. Configurations and actions can be applied to Windows 10 devices with editions and versions that are not compatible, but the settings are not executed.

Usability / Functional Optimizations

• Set fully managed Android Enterprise mode as the default for Android Enterprise enrollments
• Add the option to create a new version of a policy if the current version is already published
• Disable all fields in the Windows Wifi configuration when it is published
• Adding a hint for Android Enterprise restrictions that untrusted apps will be uninstalled even if they are allowed in the restrictions, if the policy does not contain a Play Store management configuration at all or if restricted mode is enabled
• Adaptation of the error code message that an action can no longer be canceled because it is already being performed by the device
• Extension of the list view "Devices with this app" in the app details by columns with general device information
• Adding the column "created by" in the "enrollments" overview
• Adding the columns "iTunes ID" and "Bundle identifier" in the "Purchased apps" overview
• Display of the configuration name in the policy overview of a device
• Display of the serial number of the device in the device information
• Merging the first column and the context menu in all table views
• Troubleshooting the display of information on the details page of Android Enterprise devices
• Bugfix when pre-filling the password field on the login page in the web portal when using a password manager
• Troubleshooting when pressing the enter key in the user name field to perform login to the web portal when the password is already filled in
• Bug fix for the password reset view in the web portal, which was still visible after login

Technical optimizations

• Ensure policy reapplication when logging in to an Apple Shared iPad
• Allow MDM profile update when device certificate expires
• Ensure deletion of an assigned user when an iOS device is enrolled as a shared device device
• Ensure that the latest published version of a policy is assigned when it is reapplied to the device
• Performance optimization when retrieving auto enrollments
• Removal of duplicate translation files from i18n folder
• Reduce log messages to WARN level when file content retrieval fails due to stream abort
• Bug fix for rulesets to not send inactivity notifications for active devices, even if the device was inactive in the past
• Troubleshooting the creation of new versions of a policy when a single configuration is invalid
• Bug fix for asset and license synchronization for VPP apps in Relution settings

Technical changelog

The changelog for the release can be found here

Android Enterprise

Work profile on Samsung devices

Troubleshooting Samsung devices enrolled via Android Enterprise with a work profile, where the installation of additional apps caused a crash.

Kiosk Mode

Disable ad blocker

The ad blocker is not activated when the kiosk mode configuration is executed on a device.

Policies

Policy status

Fix crashes caused by duplicate database entries of the status of policies on some devices.

The latest Android Relution Client version 5.2 can be downloaded from the Google Play Store or alternatively from our Download Center.

Relution 5.3

Individualization of list views

In addition to configuring column display and column order, list views can be further customized at the user level. By means of a “handle” that appears on mouse-over on the individual column headers, column widths can be moved via drag and thus enlarged or reduced. The settings are saved per user, are permanently available and can be adjusted at any time.

Additional app information

The app details now list the devices on which the app is installed in the respective version. Furthermore, the app can be removed or updated directly on the device via a context menu in the view if a newer version is available.

Extension of the “Remove App” action

In the device details, apps can now be selected more conveniently from different sources and uninstalled via the “Remove app” action. The options “Relution App Store App” and “Installed App” are now available for the action, as well as the option “Apple App Store App” for iOS and the option “Google Play Store App” for Android. For Windows 10, “Windows App Store App” is not supported yet.

iOS

Apply multiple app compliances

If multiple iOS policies, each with an app compliance, are applied to an iOS/macOS/tvOS device, the settings of the individual configurations are consolidated and applied to the device. The prioritization of the assigned policies is not applied in this case and the app compliance is executed on the device according to the following set of rules.

Block list and allow list are summarized as follows:

• If only block lists are available, they are combined
• If there is at least one allow list, all block lists are ignored and all allow lists are combined
• "Add all required apps" is considered only for the particular app compliance that has this setting selected for an allow list
• "Add all auto-deployments" is only considered if this setting is selected in all app compliances with an allow list
• "Weblinks" are set to the most restrictive setting of all app compliances

Required apps are summarized as follows:

• Required apps from all app compliances are combined
• Any required app for which "Auto Install" is selected will be installed automatically

Shared iPad configuration

iPads with OS version 13.4+ that are operated as DEP devices in Apple Shared iPad mode in Relution can now be preconfigured via a policy. The configuration “Settings shared iPad” offers the following setting options:

• Define storage quota per user
• Define number of users
• Allow guest session only (no login via managed Apple ID possible)
• Define timeout for guest session (login without managed Apple ID)
• Timeout for user session (login with managed Apple ID)

The use and usage of Apple Shared iPad in Relution is described in the insight Relution with Apple Shared iPad

Display of VPP apps

In the Relution App Store, you can now quickly see whether an existing app is a VPP app or not. In the list view there is a new column “VPP” and in the app details the information is listed under “Additional information”.

Android Enterprise

Samsung Classroom Management configuration

As a cross-platform mobile device management system for schools, Relution now also enables the convenient configuration of the Samsung Classroom Management app to ensure smooth and privacy-compliant teaching with Samsung devices for teachers and students.

In order for tablets in a class to be controlled via the teacher’s Samsung Classroom Management app, classes must be created in Relution in advance under the menu item “Education” and users must be added for teachers and students. The teacher and student devices are enrolled via Android Enterprise and assigned to the corresponding Relution users.

An Android Enterprise policy with the new “Samsung Classroom Management” configuration can be used to make settings for the class devices with regard to data cleanup and compliance with data protection. This includes, for example, cleaning up the devices after class when restarting or logging out, including cookie deletion. It is also possible to selectively delete app data or entire apps that were applied to the device via the Android Enterprise configuration “Manage apps” and were used in class.

After applying the “Samsung Classroom Management” policy to the enrolled devices of the class, the app is automatically pre-configured on the teacher’s device and all class-related information from Relution is then available to the teacher. There is no need for time-consuming manual configuration during class.

Now, the assigned student devices of the corresponding class can be controlled in class, content shared or devices locked via the Samsung Classroom Management app on the teacher device. It doesn’t matter whether the students are sitting in the classroom as a group or homeschooling at home.

Custom JSON for Samsung KME

When automating enrollments for Android Enterprise via Samsung KME using multi-enrollment code from Relution, a custom JSON can be populated in the Samsung Knox portal with the enrollment code. See insight Samsung KME with Android Enterprise

The information for the required Custom JSON is now stored in Relution for easier integration in the Samsung Knox portal at the following locations and can be easily copied and pasted:

• QR code modal under tab "ViaDPC identifier" -> KME Custom JSON
• Enrollment detail page under enrollment information -> KME Custom JSON

Windows

Windows Store apps

Public apps from the Windows App Store can now be added to the Relution App Store and then applied to Windows 10 devices via the “Install app” action.

App compliance

For Windows 10 devices, it is now possible to install required apps on devices via a policy. With the configuration “App Compliance”, native apps from the Relution App Store as well as public apps directly from the Windows Store can be added.

If the “Auto Install” option is selected for an app, the app is automatically installed on the device. Otherwise, the device is listed as incompatible as long as the app is not installed.

Block and allow lists are not supported by Windows 10.

Windows BitLocker configuration

Hard disks of enrolled Windows 10 devices can be encrypted in Relution via the “Bitlocker” configuration. BitLocker is a security feature from Microsoft that is integrated in certain versions of the Windows operating system. The feature provides for the encryption of system drives, hard disks or removable media. The stored data is protected against theft and unauthorized reading.

Windows Hello configuration

The parameters for PIN assignment can be predefined via the “Windows Hello” configuration by providing the Azure Active Directory client ID. This is then used for secure access to enrolled Windows 10 devices by specifying the PIN and for biometric authentication via fingerprint and facial recognition. Using these options, logging in to the Windows 10 device becomes easier and more secure, as the PIN is assigned to only one device and is secured for recovery with the stored Microsoft account.

Certificates configuration

Via the Windows 10 configuration “Certificate”, uploaded certificates are installed on the device by default according to the applied policy. The certificates are used for the authorized installation of Modern Apps installations such as msix files. Now it is possible to define the KeyStore or certificate store on the device. This can be used to determine whether the certificate is valid for the entire system or only for a user.

Usability / Functional Optimizations

• Adding the "Factory reset device" action for Android Enterprise managed devices
• Display of available placeholders in the certificate templates view
• Support for groups in CSV import for classes
• Adding a mandatory field for the password to exit the kiosk mode
• Adding new settings options "Personalize startup layout" and "Import Microsoft Edge images" for the Windows "Start menu" configuration
• Optimization of the date and time selection in the "Windows Update" configuration
• Extension of the context menu for auto-enrollments by the commands "Use DEP profile device name" and "Use auto-assigned policies"
• Rename the B/W lists in the app compliance configuration to block list and allow list
• Adding CSV export in the context menu of the Windows action "Add user accounts"
• Adding the available Windows versions to the "Windows Update" configuration that the device should have
• Enable deletion of apps and web links from the Relution App Store, even if they are used in a teaching profile on the teacher console
• Display of the icon for the new device action status DELIVERY_CONFIRMED
• Fix when saving a WLAN configuration on Windows when „open" is defined as authentication type
• Fix when using CSV import for auto-enrollments with a tenant user
• Fix the battery status display in the device list

Technical optimizations

• Optimize performance with a collective request with asynchronous execution for actions applied to multiple devices
• Ensure that the Relution iOS client is always allowed when the Relution shared device configuration is active and thus conflicting app conformance settings may exist
• Optimization of CORS preflight request with an HTTP 200 message to clients that do not specify credentials
• Verify MariaDB version request for 10.3 or newer at system startup
• Abort VPP synchronization and immediately stop network requests when token expires
• Ensure deletion of the work profile on an Android Enterprise device when the device is deleted
• Fix for displaying compliance status for Android Enterprise devices when all violations have been resolved
• Fix for VPN connection mapping in "App to VPN mapping" configuration
• Fix the automatic activation of Windows configurations
• Fix for incorrect display of active tasks after deleting a VPP token
• Fix possible endless recursion in VPP synchronization when multiple pending requests are not sent

Technical changelog

The changelog for the release can be found here

Relution 5.2

Info Box

From now on, the most important device information is clearly displayed in an Info Box. The following information is displayed compactly at a glance:

• Device name
• Ownership
• Device user
• Compliance status
• Pending actions
• Device status
• Rules
• Device type
• Operating system version
• Serial number
• Last connection
• Access authorization

In addition, important actions are offered with one click:

• Change device user
• Update device details
• Send message to device
• Lock device

The Info Box also provides relevant information and the most important actions in the case of guidelines:

• Publish policy
• Reset policy
• Edit policy
• Edit automatic assignment
• Delete policy

The Info Box makes the overview heard and simplifies the administration of devices and policies.

iOS

Additional Device Information

Relution 5.2 allows you to define and activate additional user-defined attributes via the settings. This allows device details to be flexibly extended for a wide variety of use cases. For example, it is conceivable to maintain an inventory number, a location or even a date on which the warranty expires for the device. The logic was implemented dynamically so that a wide range of scenarios can be covered. The additional attributes can also be used in individual policy configurations. This enables, among other things, optimized lock screen messages for iOS devices.

Device Off-time

With the optimized device lockout time for iOS devices, devices are no longer put into “Lost” mode, but instead all apps except settings are hidden via a whitelist. This ensures that the devices cannot be used for apps or accessing the Internet outside of defined usage periods. Relution thus provides a way to ensure that digital end devices can also be recovered.

Android Enterprise

Device Platform

In order to better differentiate between classic management (Android Legacy) and Android Enterprise, the Android Enterprise platform has been separated out with the characteristics Work Profile and Fully Managed Device.

When creating policies, a distinction can thus be made between the Android Legacy and Android Enterprise platforms. When maintaining configurations, this ensures that only configurations compatible with the defined platform can be selected.

Existing Android policies are automatically migrated to the correct platform by the update. If an existing policy cannot be determined with certainty whether it is a classic Android or an Android Enterprise policy, the policy will be cloned and may be visible twice in the portal after the update to Relution 5.2.

For more information on setting up Android Enterprise, see Insight Android Enterprise fully managed device & work profile

Manage System Updates

With the new configuration “Manage system updates”, the installation of operating system updates can now also be configured for Android Enterprise devices. Android Enterprise offers the following options for selection by default:

• Unspecified (Uses the device's default system management).
• Automatic (Starts an update as soon as it is available).
• Maintenance Window (Install system updates within a defined maintenance window).
• Defer (Allows a delay of up to 30 days).

Managed Google Play Store

The optimized integration of the Managed Google Play Store ensures that public apps are either linked into the Relution Apps Store first or that apps can be selected directly from the Managed Google Play Store in a policy. Additionally, web links or .apk files can also be maintained in the Managed Google Play Store and associated with a device via a policy.

The maintenance of managed app configurations has been fundamentally revised with Relution 5.2. Especially complex managed app configurations can be searched comfortably. This simplifies the administration of apps. In addition, managed app configurations can be exported and imported with Relution 5.2. This means that configurations can also be easily distributed across organizations.

Windows

Defender

To further increase the security of Windows devices, additional functions have been integrated with Release 5.2. A Windows Defender scan can now be performed via a new action. You can choose between the two options “Quick scan” and “Full scan”.

Further details have been added to the device information for Windows devices. For example, the time of the last Windows Defender scan can be evaluated in the “Health” section.

User Accounts

An additional action can be used to conveniently create new local user accounts on Windows devices. When creating local user accounts, an initial password can be set in addition to the user name. It is also possible to specify whether the account is an administrator account.

Remote desktop service

To be able to use the remote desktop functionality on a Windows 10 device, it must be enabled for this purpose. The function can be activated on devices via the “Remote desktop service” configuration. All members of the remote desktop user group on the target device then have the option of accessing the device and transferring their screen completely. The functionality is not available for Windows 10 Home devices.

Start menu

The start menu on a Windows 10 device can be personalized via the „start menu” configuration. Among other things, the following information can be predefined:

• Hide frequently used apps
• Disable context menus
• Collapse "Apps list"
• Define start size
• Pin folders such as Documents, Downloads or My Files
• Hide buttons like shutdown, restart or hibernation
• Hide buttons like lock, logout or change account

Exchange

With Release 5.2, no password entry is required in the Exchange configuration. As a result, the personal password must be entered directly on the Windows device.

Microsoft Store

If Windows Apps from the Microsoft Store are installed on a device using the Auto-Depolyments function, the action performed is displayed in the device details.

macOS

App Installation

With Release 5.2, the installation of .pkg files has been further optimized. This allows native apps to be installed centrally in addition to apps from the Apple App Store.

Device Information

Additional details have been added to the device information for macOS devices. In the future, the MAC addresses can be read in the Network section.

Usability / Functional Optimizations

• Table columns can be moved even more conveniently by dragging and dropping in the column selector
• Devices can be filtered in the inventory by the status "Will be deleted"
• Optimized display with link to Relution Agent in desktop browser.
• Action for which an iOS device must be enrolled as Supervised will be offered only for Supervised devices in the future
• System Apps will no longer be included in the compliance check for iOS
• When selecting a VPN connection, a note is displayed if the VPN type is not compatible with the iOS in-app VPN feature
• Apps can be deleted via a new action on macOS and tvOS
• Windows system updates can be controlled even more fine-grained with a customized policy
• When customizing the device name on Windows devices, a validation for allowed characters is performed and a corresponding error message is displayed

Technical optimizations

• Certificates already uploaded to Relution can be deleted again
• Old actions are automatically deleted from the device details after two years
• Updated iOS App Store push certificates for communication with the Relution iOS app.
• Updated iOS MDM certificates for communication with iOS devices.
• Automatic authorization assignment of accounts for the groups "User" and "Device User".
• Customized information and translations for options in iOS DEP profile.
• Removed contacts and calendar settings in Windows email configuration
• Optimization of importing classes with teachers and students
• Disabling the Secure E-Mail Gateway feature for Windows Exchange configuration.
• Improved performance when selecting entries in tables.

Technical changelog

The changelog for the release can be found here.

Relution 5

Major Release

With Relution 5, the system for cross-platform device management is expanded by many functions. In addition to numerous optimizations for iOS, macOS, tvOS and Android Enterprise, the management of Windows 10 devices is also enabled. Relution does not require any cloud IDs and can be operated in your own infrastructure in compliance with data protection regulations.

Relution 5 can thus be ideally used with different devices in a variety of application scenarios. The open interfaces of the overall system also enable integration into existing IT system landscapes.

Before installing Relution 5, the Relution 5 Update Checklist should be considered.

Windows 10

Windows 10 device management

Relution 5 supports the management and configuration of Windows 10 devices. For more information see Insight Manage Windows 10 devices with Relution

Supported versions are Windows 10 Home, Windows 10 Professional, and Windows 10 Education. Relution user assignment is required at enrollment.

Then, enrollment can be performed on the device using the appropriate user email address, MDM server URL, and enrollment code. Microsoft ID is not required for enrollment.

Enrolled devices can be configured via policies. Restrictions can be used to restrict selected device functions.

Actions applied can be used to restart a device, update device information, or reset a device to factory default.

Modern Windows apps can be natively uploaded to the Relution Store and installed and uninstalled via actions on enrolled Windows 10 devices. To create modern Windows apps and convert them to other file formats for Windows apps, see insight Windows apps for Windows 10 devices with Relution

The range of functions for configuring, restricting and securing Windows 10 devices as well as installing applications will be continuously expanded from now on.

Policies

Apply multiple policies to one device

Relution 5 allows device configurations to be applied across multiple policies on a single device. For example, a base policy can now be used for all devices, plus individual policies with configurations for specific devices. The new functionality applies to all iOS, Android, and Windows 10 platforms. Furthermore, iOS, macOS and tvOS also allow multiple restriction configurations to be applied to a device, which iOS automatically combines on the device. For more information, see Insight Apply multiple policies to one device

Set priority for guidelines

Basically, there are configurations that can be present multiple times on a device and configurations that may only be present once. For each platform, it is therefore now possible to specify an order for the policies, which can be used to define the priority. If several policies are now applied with a configuration on a device that may only be present once, the settings of the first policy have priority and are adopted.

To better track the application of individual configurations on devices, the compliance view in the device details has been revised with Relution 5. For each policy applied, all current configurations on the device can be viewed at a glance.

Relution Portal

New appearance and optimized user interface

Relution 5 appears in a new look and feel. The modern look and feel includes the new Relution branding and a more intuitive user interface. Thus, the usability is increased by an improved structuring of the information and an improved usability and the work is much easier. For more information see Insight New Relution Portal

The new portal includes the following optimizations:

• Fade-in navigation bar with vertical alignment flush left
• User and group settings directly in the main navigation
• Revised list views including context menu globally and per line for actions
• Multi-Search function with tags in list views
• Revised configuration of columns in list views
• Subpages of settings on own distribution page
• Notification Center for System and Organization Admin
• Language settings and date values in the user profile

VPN

Configure Domain VPN for iOS (Per Account VPN)

Relution 5 enables the configuration of VPN for domains for iOS. This allows a VPN connection to be automatically established when accessing defined domains and thus access protected content. For this purpose, “VPN connections for apps and accounts” must be activated in the VPN settings. Afterwards, the desired domains can be entered directly in the VPN configuration.

Configure In-App VPN for iOS (Per App VPN)

Relution 5 enables the configuration of VPN for iOS apps. This allows a VPN connection to be automatically established for selected apps and thus protected content to be accessed. The configuration “App to VPN mapping” must be created in the policy in which the desired VPN connection for the apps is also configured (not possible across policies). The functionality is available for the VPN types IPSec, AnyConnect and JuniperSSL. L2TP is currently not supported by iOS.

E-mail addresses

Unique email addresses

As of Relution 5, the email address for new user:in Relution is unique and cannot be used by another user:in the same or a different organization. This uniqueness is used in user authentication via Single SingleOn (SSO) to identify the user:in and assign them to the correct organization. Relution supports the OpenID Connect and SAML protocols.

Android Enterprise

Add Android Apps via the Managed Google Play Store

Apps can be added to the Relution App Store directly from the Managed Google Play Store with Relution 5 and can then be distributed to compatible devices. This requires that Android Enterprise is configured for the Relution organization. See Insight Android Enterprise set up in Relution

Skip password” option for Android Enterprise enrollments

When enrolling a device with Android Enterprise, it is recommended to always protect the device with a password. In case this is not desired, it is now possible to disable the requirement during enrollment. By default, the option “Always require a device password” is enabled. This will always require a password to be assigned on the device regardless of a password policy. Especially for class sets or loan devices at schools, this feature increases flexibility in use.

Enrollments

Enrollment of multiple devices with one enrollment code

Relution 5 enables the creation of a multi-enrollment code. This means that any number of devices can be enrolled with one code. The optimization simplifies mass Android enterprise enrollments, for example for class sets or loan devices at schools, but also for enrollments of Bring Your Own Device (BYOD) devices with iOS.

The automatic enrollment of Samsung Knox Mobile Enrollment (KME) devices with Android Enterprise is also simplified by transferring the multi-enrollment code from Relution via Custom JSON into the MDM profile at Samsung KME. This eliminates the need to manually scan the Android Enterprise enrollment code from the Relution portal, further automating enrollment. For more information see insight Samsung KME with Android Enterprise

Configurations

Device name configuration for iOS, macOS and tvOS supervised devices

Relution 5 enables the control of device names via a policy. A variety of placeholders can be accessed to allow dynamic individualization of device names.

Time zone configuration for supervised iOS and tvOS devices

With Relution 5, the time zone can be automatically transmitted to iOS devices via policy. This way, the activation of location services during commissioning can be completely omitted and thus an out-of-box experience (OOBE) can be realized. The activation of location services can be skipped by setting in the DEP profile.

Usability / Functional Optimization

• The new "Log in as organization admin" button in the context menu of the overview list of organizations allows system administrators to conveniently switch to another organization with corresponding permissions of the organization administrator
• The links to the devices via the VPP license details are automatically hidden if there is no authorization for the Device Manager role
• For fully managed Android Enterprise devices and Android devices with work profile, the installation of apps from untrusted sources can be enabled via the restrictions
• Linking from the app settings to the app categories
• Alphabetical sorting of the students of a course in the field of education
• Sorting VPP apps by name in the device VPP license list
• Rearrangement of Dashboard Widgets
• Adaptations of the app compliance configurations to the new list design
• Adaptation of the auto-deployment overview to the new list design
• Fixing the table headings in all lists
• Adding public apps from the Windows App Store to the Relution App Store
• Automatic renewal of Education CA certificates if they expire in the next 180 days
• Adding the Global Proxy Configuration for Android Enterprise
• Adding the "Play Store Management" configuration for Android Enterprise
• Replace multiple drop-down filters in the inventory list with a list of selectable options
• Adaptation of the certificate lists to the new list design
• Adding the Windows platform in the app release workflow
• Display of groups and group members for the Content Manager role
• Adaptation of the view for conformity violations to the new list design
• Move selection labels to search field in app selector modals
• Removal of the Windows Update configuration from the restrictions, as the functionality has been moved to a separate configuration
• Remove from the Development Hub function
• Remove App Store Ratings

Technical Optimization

• During device enrollment, it is ensured that an enrollment type is set according to the platform
• Resetting the database baseline for Relution 5. Prerequisite for the update to version 5 is the installed version 4.79 (see Relution 5 Update Checklist)
• Update to Java version 11 or higher and, if using MySQL, version 8.0 or higher (see Relution 5 Update Checklist)
• Update to Spring Boot 2.4.2 which also supports operation with Java 15
• Switching all API endpoints to the unified /api/ path. All previous endpoints are redirected (see Relution 5 Update Checklist)
• Automatic separation of assigned VPP licenses when deleting tvOS and macOS devices
• Optimization of the query of devices with many installed apps
• Optimization of persistence of LDAP-referenced fields in user settings, which can be removed accidentally
• Troubleshooting database update to Microsoft SQL Server
• Bug fix for handling invalid characters in certificate file names on the Windows platform
• Troubleshooting Assigned Policies on Android Enterprise Devices
• Troubleshooting policy cloning on systems running MS SQL Server
• Preventing the modification of LDAP groups and system groups
• Optimization of notifications for new native client versions in the Notification Center
• Full support for installing .pkg files on macOS devices
• Allow ignoring of auto-assigned policies also for auto-enrollment
• Adding the automatic update function of the Notification Center
• All failed authorization checks will respond with a 401 (Unauthorized) instead of 403 (Forbidden) status if no valid authentication is present
• Performing connection date update from Apple devices only for MDM communication
• Enable partial downloads of resources
• Support for custom client names for SAML2 registrations and additional attribute value formats
• Preventing password changes when the user is managed by a third-party user management system
• Adding an optional configuration to automatically remove completed VPP tasks older than a defined time period
• Do not include hidden ping actions in the count of open actions
• Add selection list of installed apps for the "Remove app" action
• Checking if the email address already exists when it is edited in the user profile
• Improved performance when loading auto deployments
• Optimization of VPP Sanity Check Performance in Cluster Environments at Server Startup
• Troubleshooting the deletion of organizations with VPP publications
• Bug fix for extracting bundle identifier from .pkg files in another format
• Avoiding a 422 HTTP status by retrying to upload a VPP token when Apple responds with a temporary error
• Troubleshooting of failed actions to update device information for Shared iPads, even if all available information could be retrieved successfully
• Fixing the calculation of file sizes and hashes when using MongoDB-based GridFS
• Ensure that Windows devices can be logged in via the Device User group and not via a specific user
• Preventing the active "Update OS" button for tvOS devices when no update is available
• Ensuring correct display of available storage units for a Windows device
• Bug fix for policy export when special characters are used in the passcode
• Bug fix for re-enrolling Windows 10 devices after they have been previously enrolled on the server

Technical changelog

You can find the changelog for the release here

iOS

Support for iOS 12.4+

With Relution iOS Client 5.0, iOS version 12.4 and later is supported.

App Icon

New Relution logo

The app icon for the Relution iOS client is now displayed with the new Relution logo.

Rate apps

Removing app reviews and ratings

The functionality to rate apps in the Relution App Store has been removed from the Relution App, analogous to the server and portal.

The latest iOS Relution Client version 5.0 can be downloaded from the Apple App Store or alternatively from our aus unserem Download Center heruntergeladen werden.

Relution server 5.x

Support of Relution server 5.x

For the upcoming Relution Server version 5.x, Relution Android Client 5.0 is mandatory for classic enrollments (Android Legancy). Relution Server version 4.x is also supported. Version 3.x is no longer supported and the app reports an incompatible server version when trying to enroll. This does not apply to Android Enterprise enrollments.

Device enrollment

Enrollment of Android devices with Relution server 5.x

Classic enrollment of new Android devices on the upcoming Relution Server version 5.x (Android Legacy) requires the use of Relution Android Client 5.0. Older app versions are no longer compatible and report an error. Devices already enrolled with an earlier version of the app will continue to work. However, it is recommended to update the app in a timely manner. This does not apply to Android Enterprise enrollments.

Policies

Support of new multi policies feature with Relution server 5.x

Relution Server 5.x will support applying multiple policies on one device. To ensure full compatibility with Android devices that are classically enrolled (Android Legacy), Relution Android Client 5.0 is required. Older app versions will receive the server merged configurations correctly, but the policies will not be reported back as successfully applied. This does not apply to Android Enterprise enrollments.

Samsung

Error handling on Samsung devices

With Relution Android client 5.0 multiple issues on Samsung devices have been fixed, including several restrictions could not be applied on devices that do not support multi-user profiles.

Android

Limitations with Android Legacy enrollments

Some devices running Android 10 incorrectly reported a permission error instead of a serial number. Note that devices running Android 11 or newer will never report a serial number when using legacy device administrator enrollment. This requires the use of Android Enterprise going forward.

Samsung Knox

Backwards compatibility

Improved backwards compatibility with devices running Samsung Knox 2.7.1 and older. Previously only Knox 2.8 and newer were working as expected.

Apps ratings

NSupport for app review and ratings suspended

The functionality to review and rate apps in the Relution app store has been removed from the Relution app, analog to server and portal.

The latest Android Relution Client version 5.0 can be downloaded from the Google Play Store or alternatively from our Download Center.

Notification

Notification for new Relution Client versions

As of now, organization administrators and app store managers will be notified about newly available Relution Client versions for iOS and Android via the Notification Center in the Relution Portal. As a prerequisite, native Relution Client apps must be configured in the organization settings. The notification about a new available Relution Client version includes the version number and a link to the corresponding release notes, which inform about respective new features.

Android

Reset password with Android Legacy

For classic enrolled Android legacy devices (device administrator) the action reset password and change password can be used on devices with Android 6.0 and older. The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

Usability / Functional Optimization

• The configuration radio management for Android Enterprise has been moved to the restrictions for telephony
• Improvement of column configuration in list views (new portal)
• Optimization of filter selection in list views (new portal)
• Optimization of column display of name, icon and context menu for list entries (new portal)
• Optimization of search for display on mobile devices (new portal)
• Improved clarity by omitting sticky columns on mobile devices and small screen resolutions (new portal)
• Display of a fixed first column in list views, which cannot be changed via the column configurator
• Display of context menu in list views per list entry only on mouse-over (new portal)
• Improved display of the details page for Android Enterprise devices (new portal)
• Optimization of autocompletion on the Relution login page in the Safari browser (new portal)
• Optimization of the "Apply action" dialog in the device details of iOS devices (new portal)
• Improved error message on failure to send email for a device enrollment when the mail server is unreachable
• Display the current version of the policy instead of the previous version at the version number of a policy
• Ensure that the reported number of pending actions in the device overview list matches the displayed actions in the device detail view
• Disable buttons in app delete dialog when delete operation is active (new portal)
• Adding pagination to policy dialog for device selection (new portal)
• Addition of required markers and error messages for multiple input fields (new portal)
• General UX/UI improvements (new portal)

Technical Optimization

• Ensure app installation on iOS/tvOS/macOS by automatically sending a new app install action if initial installation process could not be successfully performed on the device and the app is not finally installed
• Performance improvements when loading user rights on Cockroach 20.1 or newer and PostgreSQL 9.6 or newer
• Introduction of JSON web tokens as a replacement for previous authentication mechanisms
• Login with a LDAP user can take place despite user synchronization being disabled, even if not all groups can be synchronized
• Policy migration is completed successfully even if the database contains invalid data
• Extension of CSV import from users to include files with UTF-8 with BOM encoding
• Shutdown of the Relution Server is no longer blocked indefinitely when Android Enterprise is configured in an organization
• Prevent loading unnecessary liquibase xsd schema files
• Fix policy cloning on systems running Microsoft SQL Server (new portal)
• Fix APNS certificate update
• Fix the configuration of Global HTTP Proxy when the proxy type is set to automatic
• Bugfix for iOS passcode configuration with the setting "allow simple password" (new portal)
• Preventing problems with ShedLock on PostgreSQL and cockroach databases
• Preventing duplicate public apps in the Relution App Store by copying policies across organizations
• Fix action send messages for Android devices

Technical Changelog

Find changelog of the release here

Password

Reset password with Android Legacy

With Relution Portal version 4.79, the action reset password and change password can be applied to devices with Android 6.0 and older for classic enrolled Android legacy devices (device administrator). The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

The latest Android Relution Client version 3.96 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Single Sign-On

Authentication for Relution file shares in multi-user mode

The compatibility of the iOS Relution client with the protocol OpenID Connect for Single Sign-On (SSO) automatically queries which login variants are available based on the user name when logging in. This provides ideal synergies with the data protection compliant Relution Shared Device Mode by allowing users to log in with their existing usernames from existing school directories. In addition, access to configured file shares via SSO is supported, allowing data to be securely stored under the respective user on local school servers.

The latest iOS Relution Client version 4.37 can be downloaded from the Apple App Store or alternatively from our Download Center.

Multi-user mode

Relution Shared Device Login

As part of Relution’s multi-user mode, iOS Relution Client version 4.36 ensures that when a user logs into the Relution Login screen, no credentials can be stored and used by subsequent users.

The latest iOS Relution Client version 4.36 can be downloaded from the Apple App Store or alternatively from our Download Center.

Groups

New system group “Content Manager”

Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the group Content Manager can use the following functions Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the Content Manager group can use the following functions in Relution:

• View and move apps
• Edit/approve app requests
• Create/manage categories
• View purchased apps and books
• Assign purchased apps and books to devices and/or users
• View users and groups (but not create/edit/delete)
• Assign auto-deployments to users and groups
• Manage VPP users
• Edit App Store settings
• Edit VPP settings
• Edit timetables and school subjects

Notification

Notification center in the Relution Portal

From now on, upcoming changes and important news will be displayed in the Relution Portal. The new Notification Center is located in the upper right corner and informs about expiring tokens and certificates as well as new Relution server versions. Newly available notifications are displayed via a badge. The following information is currently available for the respective roles:

System Administrator

• Release notes for a new Relution version, if the backend is not up to date

Organisation Administrator

• Expiring iOS Client Provisioning Profile
• Expiring VPP tokens
• Expiring DEP token
• Expiring MDM Push Certificates
• Expiring App Store Push Certificates

Security

Make login password for enrollments configurable

The length of the passcode for enrollments can be defined via the yml file. There is a possibility to choose a passcode between 5 and 16 characters. This way the security of authorized enrollments can be increased:

1 relution:
2 enrollment:
3 passcodeLength: 16


Operating system specific requirements regarding password length have to be considered additionally. After the change, the instance must be restarted.

iOS

Send app text messages to a device

In order to send a message to a device user as an administrator of Relution, the action “Send message” can be used. Title and content can be defined.

To receive the message, the Relution app must be installed on the device. When it is launched for the first time, push notification must be enabled.

Subsequently managed apps

Non-supervised apps installed by users on a device are updated if the device administrator defines the same app as a required app via app compliance or assigns it to a group or users via auto-deployments. On devices that are not supervised, a dialog appears asking if app management should be done via Relution. After confirmation, the app is updated and will be a managed app afterwards. On supervised devices, no dialog appears and the action is performed automatically. If there is a VPP license for the managed app in the Relution organization, it will be assigned automatically. No Apple ID is required on the device.

Usability / Functional Optimization

• Improved dashboard view (new portal)
• Optimized adjustemnt of the column order in the list of purchased apps (new portal)
• Improved display of table headers (new portal)
• Configurations of old versions of policies can no longer be edited (new portal)
• Performing an automatic refresh after plausibility check of the VPP synchronization history in the settings (new portal)
• Enable restriction "Force request permission to leave an unmanaged class" in an iOS policy to be stored (new portal)
• Avoid redundant information by removing additional toast messages when saving settings (new portal)
• Improved error message when resetting the password if the mail server is not available (new portal)
• Fix selecting actions in the device details (new portal)
• Fix creating a new enrollment, so that the selection of a policy in the corresponding dialog window can be permanently cleared and does not appear again (new portal)
• Extension of the iOS update action to include the selection of multiple iOS and tvOS devices (new portal)
• Extension of the detail pages of Android Enterprise devices to include the serial number (new portal)
• Extension of iOS restrictions for student devices to not be able to change the background image during an active exam session on the devices
• Extension of the iOS weblink configuration by specifying an app with which the configured weblink should be opened on the device
• Improved error message for invalid app approval status information when uploading apps to Relution
• Error prevention through non-deletable system groups
• Identifying a failed policy update on Android Enterprise devices when the management API returns invalid values
• Display of a warning when certificate authorities or certification templates are deleted in the settings if certificates based on them have been created that may become invalid as a result
• Fix blocking popup window that prevents using app detail page of public apps (new portal)
• Fix changing device name via CVS upload in auto-enrollments (new portal)

Technical Optimization

• Optimization of file upload in different organizations through a multi-tenant user (new portal)
• Enhancement of automatic installation of iOS system apps such as Pages or Numbers with available VPP licenses on student devices when the lesson is started from the teacher device
• Performance optimization by avoiding unnecessary pushes to devices for actions that have not yet been executed
• Optimization in the creation of organization names in the context of self-service registration to ensure unique organization names
• Improved error message in case of "incorrect configuration" of Android Enterprise permissions by validating entered values
• Optimized maintenance of permissions for users in the system organization to ensure that logon to the system organization is possible
• Automatically repeat the installation of a newly versioned iOS policy at a later time if the device cannot currently perform a profile installation
• Web API view now uses OpenAPI v3
• Using schema version 3.3 instead of 4.2 for the Liquibase database change log to avoid blocked XML schema downloads by restrictive proxies
• Troubleshooting Android Enterprise policy cloning by not cloning an existing managed app configuration
• Troubleshooting when working with the Relution App Store when two identical app release workflows have been created in the workflow settings

Technical Changelog

Find changelog of the release here

OS Update

Ensuring OS updates on Samsung devices

A new Android Relution Client is available for the classic enrollment with Device Administrator (Android Legacy) of Samsung devices, which restores compatibility with the Android 7 or older operating system. The current version is now compatible with both Android 7 and older as well as Android 11. The latest Android Relution Client version 3.95 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Android 11

Adjustment of manual enrollment of Samsung devices without KME

For the classic enrollment with device administrator (Android Legacy) of Samsung devices with the Android 11 operating system, a new version of the Relution Client is available. This includes an adaptation for this enrollment type, as Samsung has changed the API and enrolled devices will otherwise be withdrawn again, as Samsung does not recognize the accepted Knox license.

iOS

Relution Shared Device configuration for single app mode

There is now an additional checkbox “Lock device to enforce login” in the configuration. If this option is activated, the Relution app is put into single app mode as long as no user is logged in. Only after login into the Relution app access to other (authorized) apps will be granted.

For example, to be able to switch to another WiFi outside of the school WiFi, the Relution app must not be operated in single app mode to allow access to the settings. For this case, the option “Lock device to enforce login” must be disabled.

Additional restrictions for Apple Classroom on iOS

With an iOS policy different restrictions for the Apple Classroom app can be set in Relution:

• „Allow the teacher to lock apps and devices“ - allows the teacher to lock a student's device or an app open on the device
• „Force automatic join in Classroom classes“ - students are not asked to join a class when activated
• „Request permission on leaving unmanaged Classroom class“ - leaving an unmanaged class requires permission from the teacher when activated

Android Enterprise

Skip password setup during device enrollment

When setting up enrollments for Android Enterprise Fully Managed Device, an additional checkbox can be set to skip setting up passwords/patterns during the enrollment process on the device.

Update enrollment:

Bulk enrollment:

Extension of the WiFi configuration

Addition of the EAP security type and proxy settings to the WiFi configuration for Android Enterprise Fully Managed Device.

macOS

Managed apps for macOS 11+

Relution is now fully compatible with macOS 11+ and supports provisioning of managed apps on macOS with Bug Sur.

Managed AppConfig for macOS 11+

Relution supports the configuration of managed apps via AppConfig for macOS with Big Sur. This feature is available as a configuration in the Relution policies for macOS.

tvOS

OS update action for tvOS devices

In the device details, the button “Apply Action“ under the “Actions” tab allows for installing OS updates on the selected device.

Furthermore, the WiFi MAC address for tvOS devices is now displayed in the device inventory.

Administration

SFTP synchronization for Apple School Manager (ASM)

In order to minimize administration efforts when maintaining class records in both systems Relution and ASM, an SFTP synchronization can be set up in Relution under “Settings -> Apple School Manager Synchronization”. The required SFTP-URL, -user and -password are available in ASM.

This way, data sets with school context such as users for teachers and students as well as classes created in Relution can be synchronized with ASM. For this, at least one class, one teacher and one student must exist in Relution. Users must belong to either the “Teacher” or “Student” system group in Relution in order to be included in the synchronization.

When a user is created in ASM automatically, the first name, last name, and email address of the corresponding Relution user are used. In ASM it can also be activated that for each imported Relution user a Managed Apple ID is created in a predefined format. In Relution, the created Managed Apple ID is also stored for the corresponding Relution user in the according user profile. For example, the Managed Apple ID can be used for login to the Apple Shared iPad in order to distribute individual apps via Relution.

When setting up SFTP synchronization in Relution for the first time, an initial sync with ASM is performed. If the corresponding Relution organization is not yet known to ASM, a new location is being created automatically. Subsequently, the sync is performed once per day per organization by default.

Extension of CSV import for users

All properties that can be specified when creating a user manually are also possible via CSV import. In addition, up to 15 user-specific properties can be defined. The corresponding column names must be specified with custom1 to custom15:

userid,email,first name,last name,password,phone number,position,country,managed apple id,custom1,custom2,…,custom15

Usability / Functional Optimization

• Improved workflow when importing users via a CSV file

Technical Optimization

• Optimize verification of payload signatures for newly enrolled Apple devices
• Increase frequency of periodic pushes to Apple devices to optimize action delivery
• Optimization of VPP licenses for apps referenced in multiple VPP tokens
• Automatic renewal of PKI certificates
• Performance optimization by preventing server synchronization of groups when LDAP connection is interrupted
• Fixing issue when saving auto-enrollments several times

Technical Changelog

Find changelog of the release here