Note di rilascio

Relution Portal Release 5.11

Coming soon

Relution Portal Release 5.10


Windows Autopilot integration

Relution now supports auto-enrollment via Windows Autopilot, allowing Windows 10/11 devices to be quickly and easily inventoried in Relution. Afterwards, enrolled Windows 10/11 devices can be further configured via Relution policies and apps can be installed on the devices.

Windows Autopilot can be used with Windows 10/11 Professional, Enterprise or Education from version 1709. An Azure instance with an Azure Active Directory (ADD) and Azure AD Premium P2 subscription is required.

In the Relution settings under -> “Organisation” -> “Azure Active Directory”, a guide supports the setup and linking of Azure AD with Relution. All further details on settings in Azure AD and Microsoft Store for Business are described in our Insight Windows Autopilot Enrollment with Relution

Relution Portal

Configure customised declarations for Relution

The obligation to publish an imprint and a privacy policy lies with the operator of the Relution system. Therefore, Relution offers the possibility to link your own imprint and privacy policy in the Relution portal. Please note that the following configuration parameters are set for your On Premises installation.

Imprint (RelutionLegalProperties, type Uri)

If the parameter is set, a link to this URL is always displayed on the login page of the Relution portal. By default, no imprint is stored.

Privacy Policy and Terms of Use (EULA) /.en /... (RelutionLegalProperties, type Uri) /.en /... (RelutionLegalProperties, type Uri)

If one of the parameters is set, an administrator of the organisation must agree to the declarations initially when logging in or after creating a new organisation. By default, no declarations are stored.

Helpdesk (RelutionLegalProperties, type Uri)

Optionally, a customer-specific helpdesk link can be stored, which is called up in the Relution Portal next to the profile in the top right-hand corner of the support toolbar under Helpdesk. By default, the Relution Helpdesk is linked.


Optimization of the behaviour of actions with device status “Not Now”

Currently, all open actions are cancelled as soon as any of the following actions are sent to iOS devices in “Not Now” status:

  • LostMode (activate/deactivate/locate device/trigger alarm)
  • Reset Password
  • Enterprise Wipe
  • Reset device to factory settings

See Release Notes 5.9

So that no important actions are lost due to the current behaviour, the above-mentioned actions are treated with priority from now on, and then all other open actions are executed without deleting them.

Connection of the new Apple VPP interface

Apple has released a new interface for VPP licences. Relution’s VPP connection has been updated to the new interface. As a result, the synchronisation is much better performing and faster. In addition, Relution is now proactively informed by Apple when there are changes in the VPP licences. Manual synchronisation is no longer necessary.

Announcement of the Relution App Family

Relution is successively renewing its existing apps. The previously combined functions of the Relution Client for iOS and Android will in future be outsourced to independent apps based on Flutter technology. Relution is thus following the latest technological standards. The same code basis of the apps enables a cross-platform offer on a functional level.

With Relution 5.10, the existing functions of the Relution Client for iOS will be outsourced to the following stand-alone apps as a first step:

  • Relution Agent for iOS
  • Relution Teacher for iOS
  • Relution Files for iOS

The migration for Relution Clients already in use will be carried out with the next Release 5.11. Existing Relution Clients for iOS will then be replaced by the new apps.

All important information is summarised in our Insight Relution App Family. When preparing for the migration with 5.11, please note the mandatory measures for the move to the respective new apps.

Automatic registration Relution Teacher

When the new Relution Teacher App is installed on a managed device via Relution, a managed app configuration is simultaneously applied to the device so that the user is automatically logged into the Relution Teacher App.


Configure interactive whiteboards with Relution

By integrating interactive whiteboards in the digital classroom, Relution can now be used to realise even more lively lessons. Based on the Android Classic enrollment in Relution, enrolled devices can be configured with the “Interactive Whiteboard Configuration”. For example, hardware buttons and the touch function can be deactivated and access to the device settings and the use of the remote control can be blocked in order to prevent unauthorised changes to the devices in the classroom. Furthermore, automatic switch-on and switch-off times can be defined.

The Android Classic configurations “App Compliance” can be used to install apps from the Google Play Store and the configuration “Kiosk Mode” can be used to operate enrolled Interactive Whiteboards in Kiosk Mode. All further details on the enrollment and configuration of interactive whiteboards in Relution are described in our Insight Managing Interactive Whiteboards with Relution

Currently, Relution can be used to manage the galneoscreen of the manufacturer wende.interaktiv and prepare it for teaching. The offer is being continuously expanded and in the future other manufacturers of interactive whiteboards will be supported by Relution.

Usability / Functional optimizations

  • Optimisation of the Windows antivirus configuration so that a Windows Defender scan is carried out exactly at the defined time
  • Student devices that are in exam mode via the Relution Teacher app will automatically have spotlight search disabled
  • In "App Compliance" for iOS, adding the Relution Client is possible under required apps and allowed apps
  • Extension of the S/MIME settings by the option "User can change S/MIME signature certificate" in the iOS configuration for exchange and email
  • Removing the enable/disable app categories option
  • Removing support for deploying apps to devices registered in other MDMs
  • Remove the setting of URL shortener, as an external service is no longer used
  • When removing a class in Relution, only the deleted class is no longer displayed in the Relution Teacher app and all other classes are still available to the teacher
  • Windows Store apps without internal names cannot be added to the Relution App Store
  • Allow multiple search terms to be entered in the search bar
  • Adding the original language to the language selection of the profile
  • Use of new icons for the status of sub-actions in the actions overview
  • Support of user certificates in the user profile
  • Deactivating the „save" button and displaying the email field as "already used" when editing a user profile with an existing email address
  • Display of the Windows version name instead of the build number in the infobox of the device details
  • View the specific "Zero Touch custom JSON" code for an Android Enterprise enrollment to enrol a device via Zero Touch
  • Adopt the name, description and custom properties for a Windows device if specified at enrollment
  • Differentiation between Windows 11 and Windows 10 in the version name
  • Enable deletion of users with user certificates
  • Display the Relution client app and the settings app on a device in Relution shared device mode when no apps are defined for the allowlist
  • Support for user-defined device property names as column headers in the CSV import for the device inventory and auto-enrollment views
  • Shorten long names and many authors for VPP apps and books to avoid sync errors
  • Eliminate existing compliance violations for Windows configurations that have been deleted but not applied to the device
  • Bug fix for filtering the device list for devices that do not have an assigned policy
  • Bug fix of the filter device profile status "assigned" in the overview Auto enrollments
  • Bug fix of the access of users of the Content Manager group to the user and group view
  • Bug fix when deleting the input field „position" in the user profile
  • Bug fix when updating the Windows Exchange configuration
  • Bug fix for the installation of required apps in the tvOS "App Compliance" configuration

Technical optimizations

  • Display an error message when preventing Oracle databases from starting because Oracle is no longer supported
  • Reduction of log output when SMG is configured and devices renew SMG connections
  • Optimize SQL queries before installing applications/web clips
  • Adjusting the default Windows Firewall configuration settings to not prevent communication with the MDM system
  • Reduce network traffic when releasing a policy version
  • Restarting the server when the system administrator has been removed

Technical changelog

The changelog for the release can be found here

Android Client Release 5.5

Global Policies

Support for cross-organizational policies

When using global policies from the store organization in subordinate clients, Relution Android Client 5.5 ensures the installation of apps on devices. More information about global policies with Relution is available in our Release Note Relution Portal 5.7

Android 6.0+

Relution support for Android <6 will be discontinued

Relution Android Client 5.5 still supports Android versions 4 and 5. Contrary to the original announcement on 25 November 2021 all subsequent Relution Android Client versions will only support Android 6 and newer.

The current Android Relution Client Version 5.5 can be downloaded from the Google Play Store or alternatively from our Download Center.

Relution Portal Release 5.9


Prioritize actions when a device is in “Not now” status

On iOS devices that are protected with a password or PIN, the KeyChain is locked and not all actions are processed. In this case, the device reports the status “Not now”. Sent actions are not processed until the device is unlocked. This behavior also prevents the immediate activation of the “Lost Mode” or the resetting of the device password.

To ensure that required actions can be performed in case of loss or theft, the behavior has been adjusted. All pending actions are now cancelled as soon as an “Activate Lost Mode” or “Reset Password” action is sent to the device. This way, the devices and data can still be protected.

User enrollment for macOS

Relution now offers the possibility to enroll private Macbooks without the owner having to give up all control over the device. Information about iOS user enrollment with Relution is available in the insight Apple user enrollment

Account controlled user enrollment for iOS

The integrated iOS user enrollment in Relution now supports account-based user enrollment of devices that are not in the state „supervised”.

The prerequisite for this is either a manually created user enrollment for a corresponding user in the respective Relution organization or the activation of “Allow account-controlled Apple user enrollment for all users” in the device management settings of the respective Relution organization.

Option 2 makes it much easier to register personal devices in Relution. As soon as a Relution user registers via the option “Log in to work or school account…” in “VPN & Device Management” of the general settings on the private device, a user enrollment is automatically created in Relution. Via the managed Apple ID of the respective user, the registration URL of the MDM solution is automatically identified. After logging in with the user’s login data from Relution, the device automatically appears in the inventory list of the corresponding Relution organization after successful authentication and can be managed as described in the insight Apple user enrollment

Custom SSL connection for iOS and macOS VPN configuration

For VPN settings, the custom SSL type can be configured to establish an OpenVPN connection for managed devices. This is necessary for e.g. OpenSSL support.


Manually add apps for Android Enterprise

For Android Enterprise devices, apps can now also be added manually in the “Manage apps” configuration by providing the internal name. This means that system apps that are preinstalled but not available in the Managed Google Play Store can also be used. This option is also available for the Android Enterprise kiosk mode.

Usability / Functional optimizations

  • A system-wide DEP enrollment (store organization) ignores policies that have been defined in the DEP profile but are assigned to a different organization
  • Relution landing page for device enrollment is now available in Spanish, Italian, French and Turkish languages
  • For app categories, the set default language is used if no text is provided for the specific language
  • When the Samsung Classroom Management configuration is applied to a device and the user is assigned the "Teacher" role in Relution, the Relution Teacher app is automatically installed on the device
  • For auto-enrollments via DEP and KME, the ownership can be defined per device
  • The validity date for Android Enterprise enrollments can be set to a maximum of 89 days into the future, as Android Enterprise does not allow for a longer time span
  • Creating an entry in the app history when the version number of a public app changes
  • Allow editing of the ownership of a device with "Unknown" ownership status

Technical optimizations

  • Docker images are based on AlmaLinux 8, as CentOS 8 is no longer supported since 2022
  • Relution does not send push notifications to Apple devices that have changed to inactive status
  • MDM profile renewal for all devices, even those with signature verification disabled
  • Removing obsolete calendar, contact and mail domains from Apple VPN configuration
  • Improvement of the filter query in the iOS "App compliance" configuration
  • Performance optimization through the adaptation of the S3 connector, for the correct handling of partial downloads
  • Optimization of the Windows update configuration
  • Preventing additional automatic actions from new installations for devices that already have another action pending
  • Bug fix for Apple Shared iPad so that actions are sent over the correct channel
  • Bug fix for enabling default blocklist in Samsung Classroom Management configuration
  • Troubleshooting importing and exporting policies as multi-tenant users
  • Bug fix for installing missing apps on iOS devices when triggered by a PING action

Technical changelog

The changelog for the release can be found here

Relution Portal Release 5.8

Relution Portal

Be secure with Relution

All-clear on the log4j/log4shell vulnerability: our system is not affected by the critical vulnerability in the log4j Java library. Relution uses support for Splunk (splunk-library-javalogging). The framework brings log4j-core in version <2.15.0. However, the affected framework is not used by Relution and thus the vulnerability cannot be exploited in Relution. More about this in our News

With Relution 5.8, the unused library log4j-core was completely removed.

Multilingualism in the Relution Portal

The Relution Portal is now available in the additional languages Spanish, Italian and French. This enables our international customers to have a more comfortable user experience in their local language.

Adding apps to app categories

Apps can now also be conveniently added in the detail view of an existing app category. Adding individual apps via settings in the respective app details is also still possible.

Display of multi-platform in the app inventory list

Apps from Apple that are usable for multiple platforms are displayed in the app inventory list with the corresponding platform icons.


Automatic assignment of VPP tokens to users during iOS user enrollment

Since Relution 5.7 it is possible to enroll iOS devices of private users (BYOD without DEP and not supervised) via iOS User Enrollment. With Relution 5.8 this feature is officially supported and is no longer a beta version.

In the context of iOS user enrollment, organization apps can be deployed to private devices by assigning VPP licenses to users rather than devices. VPP licenses are thus not tied to devices but to individual users. If a user uses multiple devices and has been assigned a VPP license, the corresponding app can be used on all devices. Assigned VPP licenses can also be withdrawn from users via Relution.

In order to assign VPP licenses of an organization to private users, the users must be linked to the VPP token of the respective Relution organization. For this purpose, a Managed Apple ID must be stored in the respective user profile for the corresponding users in Relution. The Managed Apple ID is created in the respective Apple School Manager or Apple Business Manager account of the organization for a user.

If an iOS user enrollment is created in Relution, it is mandatory to add a user with a pre-populated Managed Apple ID. If a private device is enrolled via the iOS user enrollment, the user with the pre-filled Managed Apple ID logs in and the device is enrolled in Relution. If the user with the Managed Apple ID does not yet have a connection to a VPP token, Relution will automatically take care of the link and the user will appear under VPP users in the “Assigned” status. If multiple VPP tokens exist for the organization, the first VPP token in the order of stored VPP tokens under VPP user accounts in the Relution settings is always used. Subsequently, VPP licenses can be transferred to the VPP users in the “Assigned” status via Purchased apps in Relution in order to be able to install apps on the private devices via the VPP token of the organization.

Gli utenti che non hanno un ID Apple gestito in Relution possono essere invitati come utenti VPP tramite un processo manuale. Leggi di più su questo nell’Approfondimento Iscrizione utente Apple

Per-App VPN configuration for iOS User Enrollment

Predefined VPN connections and per-app VPN configurations can also be applied to private devices via iOS user enrollment. When configuring the VPN connection, “For apps and accounts” and “VPN on demand” must be activated. Then, the app to VPN assignment is set up and the previously created VPN connection is linked to a desired app. After applying the published policy to the private device and installing the corresponding VPP license, the app is automatically connected via VPN.

New status “Not now” for Apple devices

If an Apple device does not accept sent actions and reports back with “Not now”, a new status “Not now” is displayed for this action in the action overview in the Relution Portal. The status is also displayed for this device in the inventory list in a new column “Connection Status” as well as in the device details in the upper info box. As soon as the device responds with another message, the status will be updated accordingly in the Relution Portal.

Android Classic

Global policies for Android Classic

The functionality of using global policies in Store Orga introduced with Relution 5.7 is now also available for Android Classic policies.


Apply apps, policies, and actions via device context

For enrolled Windows devices, it is possible to offer configurations and apps from Relution via different communication channels, the so-called device context or user context. For example, if apps are applied to a Windows device via the device context, the app is installed in the main file system of the device and can be used by all users. If, on the other hand, the app is applied via the user context, it is installed in the own files system of the enrolled user with whom the device enrollment in Relution was performed and can thus only be used by this user on the device. If apps are installed via the device context, they can be uninstalled via Relution, but they are still installed in the main file system on the Windows device and are only no longer visible to the user enrolled in Relution. For all other users on the device the app is still available.

In the device details, the last communication channel for Windows devices shows which context (device or user) was used.

Viewing network adapters for Windows devices

In the device details of Windows devices, existing network adapters are displayed in a fold-out section at the bottom of the information. Available information includes MAC address, IPv4 address, IPv6 address, type of network connection (wired/wireless), and connected (yes/no).

Usability / Functional optimizations

  • New filter option App categories in the app inventory list and app request overview
  • Expand iOS system app selection to include "Magnifier" and "Translate" in app conformance and homescreen layout
  • Display model names for Apple product names in the Device Details infobox
  • Preventing multiple additions of the same app from the Microsoft Store by using different country stores
  • Improved usability of email configuration for Windows devices
  • Allow changing the device ownership in the device details if this is allowed in the settings under Device management for enrollments
  • Add private apps from Google Managed Play Store disable for app store and app requests
  • Correct display of total and available VPP licenses in the configuration app Conformity when displaying added required apps
  • Bug fix when uploading CSV files in Auto Enrollment view with a multi-tenant user
  • Policy import troubleshooting
  • Troubleshooting Compliance Violations for Windows Configurations
  • Bug fix for saving certificates in the WLAN configuration for tvOS
  • Bug fix for sending notification emails about the expiration of the keystore
  • Bug fix for redirect of link in email notification for app requests
  • Troubleshooting the use of the user's phone number for notifications during the creation of a new enrollment
  • Bug fix for displaying app icons from the Microsoft Store
  • Removing Windows 10 Home Edition in Windows Update Configuration
  • Removing the display of app downloads in the app inventory list and app detail pages, as well as the Most Downloaded Apps tile in the Dashboard overview

Technical optimizations

  • Performance optimization when retrieving installed and managed apps from Android Enterprise devices

Technical changelog

The changelog for the release can be found here

Android Client Release 5.3

Android 12

Relution supports Android 12

The compatibility of Relution with the Android 12 operating system is ensured with the Android MDM agent in version 5.3 for Android Classic or Android Legacy enrollments (device administrator). Thus, all previously supported MDM functions under Android 11 are guaranteed and an update of managed devices with Relution can be executed without any problems. 

In general, it is recommended that devices managed with Relution should be switched to Android Enterprise if the classic management via device administrator is still being used. The compatibility of Android 12 devices with Relution via Android Enterprise enrollment is ensured with Relution Server Version 5.7.

Learn more in our Android 12 News

Kiosk Mode

Arrange icons

Support new options for arranging icons in kiosk mode for Android Classic or Legacy enrollments (device administrator) with Relution version 5.7

The latest Android Relution Client version 5.3 can be downloaded from the Google Play Store or alternatively from our Download Center.

Relution Portal Release 5.7

Relution Portal

Global policies

Global policies can be defined centrally in the so-called Store Orga, a superordinate level. When a policy is published in the Store Orga, it is made available to all subordinate clients and can be rolled out to the corresponding devices. This functionality is especially relevant for organisations that operate several clients with Relution, but have central administration and want to define policies centrally. Conceivable here are cities, districts or school boards that look after several schools.

Currently, policies for iOS, tvOS, macOS and Android Enterprise are supported.

How to configure a store organisation is described in our Manual

Relution lending system

In order to ensure digital education for all students, also in homeschooling, schools are handing out more and more school-owned devices to students as temporary loans. As a lending system, Relution supports the lending process and ensures a transparent overview by assigning users to the devices handed out and storing different terms of use and lending periods. This ensures the documentation of all loaned equipment and the current status and availability can be conveniently called up in Relution at any time.
Exceeded loan periods are automatically marked. In addition, rules can be defined which, in the case of missed return deadlines, e.g. set the device to the device status “non-compliant” and then automatically execute correspondingly defined actions. For example, a message can be sent to the user and the administrator or the loaner device can be blocked.

How the Relution lending process works in detail is explained in the Insight Lending devices with the Relution lending system

Notification Center

For a better overview, notifications that are not relevant can be hidden in the Notification Centre. A restore button can be used to manually show all hidden notifications again as long as no new Relution Server version is available.

Hidden notifications are automatically displayed again if the urgency or content of a message changes. For example, if the information about an expiring VPP token is hidden in less than 7 days, the notification is automatically displayed again if the period is less than three days and the message thus changes to the warning level.

If the information about a new server or client version is hidden, e.g. server version 5.7, it is displayed again as soon as the next higher version is available, e.g. server version 5.8.

Settings for LDAP synchronisations

In addition to the current synchronisation interval (syncInterval), a schedule (cron expression) for all LDAP synchronisations can now be defined in the server configuration (application.yml) to determine exactly when LDAP synchronisations are to be carried out.

Details on the possible settings for LDAP synchronisation are given in the Manual


User enrollment for iOS

Relution now offers the possibility to enrol private iPhones and iPads without the owners having to give up all control over the device. This way, private devices of students or employees can also be integrated and used in a school or company context.

In the future, Relution will also support user enrolment for macOS devices.

For more information on user enrollment with Relution, see Insight Apple User Enrollment

Local administrator account for macOS

In the DEP profile, an administrator account can be configured for macOS devices and the initial setup can be automated during commissioning.

The password of MDM-generated administrator accounts on enrolled macOS DEP devices can be changed subsequently via the action “Change password for local administrator account”.

Android Enterprise

Google Play Store Apps

For Android Enterprise devices, apps from the Google Play Store can now also be installed via actions in the device details.

Cross-profile information exchange for managed apps

For the Manage Apps configuration of Android Enterprise, it is possible to allow apps to share information across work and personal profiles of a device. This setting is subject to device user consent and is available from Android 11.


Manage local device security options

Via the configuration “Security options for local device”, security settings and restrictions for Windows devices and local access can be made in order to secure the devices remotely.

Usability / Functional optimizations

  • Adding the "Custom Icon Arrangement" option for Kiosk Mode under Android Classic or Legacy (Device Administrator)
  • Adding the option "Manual synchronisation" for SFTP synchronisation with the Apple School Manager in the settings
  • In application.yml, you can configure that installed apps are not removed from the device when the MDM profile is revoked.
  • Add a new filter in the "Purchased Apps" view to hide VPP apps that no longer exist in the listing
  • In a policy, the same SSID for a Windows WLAN configuration can only be used once
  • In a policy, the same profile name for a Windows VPN configuration can only be used once
  • In the case of several Windows WLAN or VPN configurations with the same profile name, only the configuration with the highest priority is applied to the devices
  • Actions that are made up of several sub-actions are displayed in the unit details with the number of sub-actions and are listed in a further detailed view
  • Actions for Apple devices in "Push sent" status can be cancelled
  • Extension of the lesson settings in the preferences to include the configuration of the days on which lessons take place
  • Display of compliance violations in the compliance view for Android Enterprise devices in case of app compliance violations
  • Permanent display of the store organisation in the multi-client switcher
  • Display of a report when exporting guidelines with download link
  • Allow the use of the placeholder "user e-mail address" in the Windows e-mail configuration for multiple users
  • Adding the name and the URL in the tooltip of the executed action "Add shortcut" in the action overview in the device details
  • Add a note to the iOS home screen layout configuration that users cannot manually change the layout and uninstall apps
  • Display of rounded values for the battery status in the unit details
  • Improvement of the usability of the Windows Bitlocker configuration
  • Display the device settings in Android Enterprise Kiosk mode, if this setting has been allowed via the Kiosk configuration
  • Enable removal of individual assigned policies from auto-enrolments
  • Display of the "Per Account VPN" settings in the iOS VPN configuration for published configurations

Technical optimizations

  • Preventing the selection of web links in the Android App Conformity Configuration
  • Using the selected time zone in the lesson settings as the basis for deciding whether a lesson can be started
  • When applying multiple policies with WLAN configurations using the same SSID to a device, the policy with the highest priority is considered
  • Windows WLAN configurations cannot be applied to devices to which no WLAN adapter is connected
  • Use of the language setting in the user profile for the Relution Portal instead of the default browser language
  • Adding missing checks in the Windows password configuration
  • Enable copying of the Apple Configurator 2 configuration from the Store organisation to other organisations
  • Removing all emojis that cannot be processed by Windows devices
  • Actions in DELIVERY_CONFIRMED status are displayed as executed in the Relution Portal in the unit details under Actions.
  • Support for all locales for the Windows App Store
  • Prevent cross-profile information sharing for managed apps on fully managed Android Enterprise devices as they do not have multiple profiles
  • Suppressing file formats other than image files for uploading screenshots and icon in the app details
  • Avoidance of sending duplicate e-mails when executing defined sets of rules when Relution runs as a cluster
  • Asynchronous assignment of changed DEP profiles to speed up the updating of profiles for a large number of assigned devices
  • Optimisation of the performance when saving classes
  • Optimised handling of database exceptions and display of readable error messages
  • Fixing a VPP synchronisation error on servers with more than 2,100 licences when using Microsoft SQL Server

Technical changelog

The changelog for the release can be found here

Relution Portal Release 5.6

Relution Portal

Android Icons

With Relution 5.6 the icon set has been extended and adapted. Please note that Android Enterprise uses a new icon and Android Classic has received the old Android Enterprise icon.

My startpage

You can define your personal start page for each user. If the terms and conditions are initially accepted, the dashboard is automatically set as the start page.

Custom separators for CSV upload

For CSV uploads there is a possibility to choose between comma and semicolon as separator for data sets.


Windows 11 Support

Relution’s compatibility with the new Windows 11 operating system is ensured. All previous Relution MDM features for Windows 10 Home, Professional and Education are still supported. The update of managed devices with Relution can be performed without any problems.

Learn about the possibilities of managing and configuring Windows devices with Relution in our Insights

Secure Mail Gateway

The Secure Mail Gateway can now also be used for Windows devices. In the Relution settings, the operating system can be selected under Permissions for enrolled devices, and certain Windows versions can be excluded.

The globally configured Secure Mail Gateway can then be activated via the Exchange configuration for Windows.

Alternatively, an Exchange Host can still be defined manually.

Android Enterprise

Personal profile for Android Enterprise managed device (COPE)

For Android Enterprise devices, it is possible to set up a personal profile on a managed device. For this purpose, the type “Set up managed device with a personal profile” must be selected in the second step when creating an enrollment in order to use the enrollment type “Personal profile”.

For multi-enrollments, this option is also available when creating enrollments.

After the device has been registered in Relution, the enrollment type “Personal profile” is displayed in the device inventory and the “Personal” and “Work” sections are automatically available on the device. The device can now be used privately, but is under the full control of the MDM. Unlike a private device with a work profile, the user cannot delete the work profile here.

The device details also show whether the personal profile is allowed.

The screen on the Android device is divided into the “Personal” and “Work” sections. It can be switched at the bottom of the display.

Usability / Functional optimizations

  • Enable settings for push notifications when to send them to devices in case the compliance status changes
  • Deletion from a user account is enabled even if it is linked to at least one teaching profile as a teacher
  • Display a hint if the old password is not correct when changing the password
  • The cancel button will be displayed in the VPP token dialog in the future
  • Optimization of the UI for the configuration of the kiosk mode for Android Enterprise
  • Optimization of the description for WiFi configuration for Android Enterprise
  • Prevent Android Enterprise devices from being reported as "non-compliant" when a device reports an app as not installed because the action is still in "in progress" status
  • Global policies used in a subordinate organization can no longer be edited in this organization (read- & use-only)
  • System and organization administrators do not need to specify the old password when changing another user's password
  • Delete all selected elements when "Delete selection" is executed
  • Setting the correct filters for the operating system version in the device inventory
  • Removing the verification of phone number in the user details
  • Optimization of device name update via CSV upload
  • Optimization of the search in the inventory list when using the keyboard for navigation

Technical optimizations

  • Bug fix for adding Windows apps in the device details under "Installed apps"
  • Extension of MDM signature validation for Apple devices
  • Periodically rebuild the APNS client to ensure that a stalled client does not block push messages indefinitely
  • Upgrading the APNS client to the latest version to prevent APNS tasks from being processed
  • Update APK file parser to allow analyzing additional Android app configurations
  • Avoiding that the Relution Client is used for the Single App mode for Apple Shared iPad devices
  • Prevent sending additional requests to synchronize emails, contacts, etc. from devices that no longer comply with Secure Mail Gateway restrictions
  • Bug fix for app upload with two different apps when first upload was cancelled
  • Avoid blocking server startup until could be reached
  • The server proxy PAC URL is no longer a mandatory field in the tvOS WLAN configuration if the "Automatic" mode has been selected
  • Troubleshooting the storage of LDAP users without email address

Technical changelog

The changelog for the release can be found here

Relution Portal Release 5.5


Windows 10 now officially supported

With Relution 5.5, Windows 10 integration is no longer a beta version and is now officially supported. Windows 10 devices can be enrolled, managed and configured. All features previously implemented for Windows 10 are fully available. For more information about the feature set of Windows 10 with Relution see Relution Insights

Manage background image

For Windows 10 devices, the Manage Wallpaper configuration can be used to define a wallpaper for the desktop and lock screen, as well as save text in color on the wallpaper. This feature is available for Windows 10 Enterprise and Education editions.

Android Enterprise

Kiosk mode for fully managed devices

Add Kiosk Mode configuration for fully managed Android Enterprise devices. When Kiosk mode is enabled, the device home screen is replaced with a launcher that restricts the device to managed apps. Apps appear on a single page in alphabetical order. It is also possible to individually select a single app as the launcher app, which cannot be broken out of on the device.

Wi-Fi configuration with certificates

User-based certificates and certificate templates (PKI configurations) can be used in the Android Enterprise Wi-Fi


New restrictions for iOS 15

Apply the settings for “Open from …” also for Copy and Paste:

  • If enabled, the restriction "Allow opening of managed documents in unmanaged apps" and "Allow opening of unmanaged documents in managed apps" can be used to control whether information copied from managed apps can be pasted into unmanaged apps and/or vice versa.

Translate only on the device itself, do not connect to Siri servers:

  • When enabled, connections to Siri servers for translation are disabled.

Added the new configuration “DNS Encryption Settings” for iOS and macOS devices to be applied globally to all WiFi networks configured via Relution to increase privacy and security.

Retrieve active user accounts for iOS and macOS

Existing user accounts on corresponding devices are automatically queried when updating the device details via the “Update device information” action. This feature is only available for Shared iPads or macOS devices enrolled via DEP and in Monitored Mode.

Content caching for macOS

The “Content caching” configuration can be used to configure functions and settings for caching on macOS devices.

Usability / Functional optimizations

  • Display of Apple product names in a readable format in the model column of the inventory list and the detail views for devices
  • Editing of search field badges via click on an existing chip
  • Allow requested apps in the "Published" status in the Relution teacher console.
  • Deleting the location data of a device after the device has been located and Lost Mode is deactivated.
  • Disable Android Enterprise enrollment and display a tooltip if Android Enterprise is not set up in the settings.
  • Showing a tooltip for all iOS restrictions with an iOS 14.5 badge
  • Home screen layout editor display by default with switch to grouping apps by categories via radio buttons
  • Add filter for devices without policy in inventory overview
  • Using the already existing Android Enterprise device if it matches the device identifier of a newly registered device
  • Counting delivered actions as open actions for devices
  • Ensure prior installation of the App Installation certificate for Windows 10 devices to install an MSIX package via App Conformance Configuration.
  • Transfer apps automatically installed via Relution to other physical devices via device backup
  • Allow password change for users even if the user is not a member of a group (at least "User")
  • Enable auto-enrollments even if the assigned user is not a member of a group (at least "Device User")
  • Fix menu in expanded state per user after logout and remember login
  • Troubleshooting when applying the "Remove App" action for Windows 10 devices
  • Bug fix for sorting and pagination in the app details under "Devices using this app".
  • Troubleshooting Android Enterprise Apps Manage Configuration After Individual Apps Configuration
  • Troubleshooting duplicate or missing entries in the history Android Enterprise devices

Technical optimizations

  • Reduction of logged warnings when retrieving files on Microsoft SQL Server
  • Troubleshooting when an LDAP server does not return a "group member" attribute

Technical changelog

The changelog for the release can be found here

Relution Portal Release 5.4

Relution 5.4

Extension of the CSV upload in the device inventory

By means of a CSV file it is possible to update device names and users. The devices are identified by the serial number and the attributes “deviceName” and “userEmail” are replaced with the specified values accordingly. The following set of rules is applied:

  • If the „device name" column is empty, the name of the device will not be changed
  • If the „user's e-mail" column is empty, the user will not be changed
  • If no user can be identified by the specified email or multiple users are found, the user will not be changed

Limit lessons to timetable with the Relution teacher console

In the lesson settings, lessons can be limited to the stored timetable. If this function is activated, no lessons outside the timetable can be started via the Relution teacher console.

Filtering users by groups

Users can be filtered in the user overview via group membership.


Extended restrictions for iOS devices as of iOS 14.5

The following new restrictions are available:

  • Allow auto unlock
  • Disable connections to Siri servers for the purposes of dictation
  • Allow booting into recovery mode by an unpaired device

Checking the policy versions during device update

When updating iOS devices, the system checks whether the device has the published versions of all the policies in its policy list and the list of executed policies. If it does not, a policy update or an update to the latest published versions of the respective policy is triggered. When a new policy is applied, the current published version is used.

Android Enterprise

Applying multiple “Manage apps” configurations

If several Android Enterprise policies with a “Manage apps” configuration are applied to a device, only the configuration from the policy with the highest priority was observed until now. Instead, it is now possible to distribute the configuration of apps across multiple policies. The different app lists are now combined into a common list.

If the same app is defined in multiple policies, the entry with the strongest restriction in terms of installation type wins for them:

Blocked > Force-installed > Pre-installed > Available

The rest of the app’s settings (Managed Properties, Permissions, and Advanced Settings) are taken from this configuration.

If the installation type is also ambiguous, the entry from the policy with the highest priority applies. If the app is disabled in at least one configuration, the app is basically disabled on the device.


Antivirus settings management

For Windows 10 devices, the following configurations can be made for Antivirus:

  • Scan settings for type, interval and others
  • File types included in the scan
  • File types excluded in the scan
  • Advanced settings for Windows Defener and others
  • Threat management for all valid threat severity levels
  • Rules for the attack surface reduction (ASR)

Manage Windows licensing

With the “Windows Licensing” configuration, a license key can be stored on the devices in the XXXXX-XXXXX-XXXXX-XXXXX format for the Windows 10 Education, Enterprise, Pro and Home editions.

Multiple enrollment for Windows 10 devices

Multi-enrollment is an efficient way to set up a large number of Windows 10 devices to be managed by an MDM server without the need to re-image the devices.

For more details see the Microsoft documentation on bulk enrollment

Badges for Windows 10 editions and versions

For better clarity in terms of compatibility of policies and their configurations and actions for Windows 10 devices, badges are displayed with the Windows editions and versions to which the corresponding settings and actions can be applied. Here, version 1507 is the minimum supported version and is therefore not displayed. Configurations and actions that are available for all supported editions Home, Enterprise, Education and Pro also do not receive a badge. All other supported editions and versions are displayed accordingly. Configurations and actions can be applied to Windows 10 devices with editions and versions that are not compatible, but the settings are not executed.

Usability / Functional optimizations

  • Set fully managed Android Enterprise mode as the default for Android Enterprise enrollments
  • Add the option to create a new version of a policy if the current version is already published
  • Disable all fields in the Windows Wifi configuration when it is published
  • Adding a hint for Android Enterprise restrictions that untrusted apps will be uninstalled even if they are allowed in the restrictions, if the policy does not contain a Play Store management configuration at all or if restricted mode is enabled
  • Adaptation of the error code message that an action can no longer be canceled because it is already being performed by the device
  • Extension of the list view "Devices with this app" in the app details by columns with general device information
  • Adding the column "created by" in the "enrollments" overview
  • Adding the columns "iTunes ID" and "Bundle identifier" in the "Purchased apps" overview
  • Display of the configuration name in the policy overview of a device
  • Display of the serial number of the device in the device information
  • Merging the first column and the context menu in all table views
  • Troubleshooting the display of information on the details page of Android Enterprise devices
  • Bugfix when pre-filling the password field on the login page in the web portal when using a password manager
  • Troubleshooting when pressing the enter key in the user name field to perform login to the web portal when the password is already filled in
  • Bug fix for the password reset view in the web portal, which was still visible after login

Technical optimizations

  • Ensure policy reapplication when logging in to an Apple Shared iPad
  • Allow MDM profile update when device certificate expires
  • Ensure deletion of an assigned user when an iOS device is enrolled as a shared device device
  • Ensure that the latest published version of a policy is assigned when it is reapplied to the device
  • Performance optimization when retrieving auto enrollments
  • Removal of duplicate translation files from i18n folder
  • Reduce log messages to WARN level when file content retrieval fails due to stream abort
  • Bug fix for rulesets to not send inactivity notifications for active devices, even if the device was inactive in the past
  • Troubleshooting the creation of new versions of a policy when a single configuration is invalid
  • Bug fix for asset and license synchronization for VPP apps in Relution settings

Technical changelog

The changelog for the release can be found here

Android Client Release 5.2

Android Enterprise

Work profile on Samsung devices

Troubleshooting Samsung devices enrolled via Android Enterprise with a work profile, where the installation of additional apps caused a crash.

Kiosk Mode

Disable ad blocker

The ad blocker is not activated when the kiosk mode configuration is executed on a device.


Policy status

Fix crashes caused by duplicate database entries of the status of policies on some devices.

The latest Android Relution Client version 5.2 can be downloaded from the Google Play Store or alternatively from our Download Center.

Relution Portal Release 5.3

Relution 5.3

Individualization of list views

In addition to configuring column display and column order, list views can be further customized at the user level. By means of a “handle” that appears on mouse-over on the individual column headers, column widths can be moved via drag and thus enlarged or reduced. The settings are saved per user, are permanently available and can be adjusted at any time.

Additional app information

The app details now list the devices on which the app is installed in the respective version. Furthermore, the app can be removed or updated directly on the device via a context menu in the view if a newer version is available.

Extension of the “Remove App” action

In the device details, apps can now be selected more conveniently from different sources and uninstalled via the “Remove app” action. The options “Relution App Store App” and “Installed App” are now available for the action, as well as the option “Apple App Store App” for iOS and the option “Google Play Store App” for Android. For Windows 10, “Windows App Store App” is not supported yet.


Apply multiple app compliances

If multiple iOS policies, each with an app compliance, are applied to an iOS/macOS/tvOS device, the settings of the individual configurations are consolidated and applied to the device. The prioritization of the assigned policies is not applied in this case and the app compliance is executed on the device according to the following set of rules.

Block list and allow list are summarized as follows:

  • If only block lists are available, they are combined
  • If there is at least one allow list, all block lists are ignored and all allow lists are combined
  • "Add all required apps" is considered only for the particular app compliance that has this setting selected for an allow list
  • "Add all auto-deployments" is only considered if this setting is selected in all app compliances with an allow list
  • "Weblinks" are set to the most restrictive setting of all app compliances

Required apps are summarized as follows:

  • Required apps from all app compliances are combined
  • Any required app for which "Auto Install" is selected will be installed automatically

Shared iPad configuration

iPads with OS version 13.4+ that are operated as DEP devices in Apple Shared iPad mode in Relution can now be preconfigured via a policy. The configuration “Settings shared iPad” offers the following setting options:

  • Define storage quota per user
  • Define number of users
  • Allow guest session only (no login via managed Apple ID possible)
  • Define timeout for guest session (login without managed Apple ID)
  • Timeout for user session (login with managed Apple ID)

The use and usage of Apple Shared iPad in Relution is described in the insight Relution with Apple Shared iPad

Display of VPP apps

In the Relution App Store, you can now quickly see whether an existing app is a VPP app or not. In the list view there is a new column “VPP” and in the app details the information is listed under “Additional information”.

Android Enterprise

Samsung Classroom Management configuration

As a cross-platform mobile device management system for schools, Relution now also enables the convenient configuration of the Samsung Classroom Management app to ensure smooth and privacy-compliant teaching with Samsung devices for teachers and students.

In order for tablets in a class to be controlled via the teacher’s Samsung Classroom Management app, classes must be created in Relution in advance under the menu item “Education” and users must be added for teachers and students. The teacher and student devices are enrolled via Android Enterprise and assigned to the corresponding Relution users.

An Android Enterprise policy with the new “Samsung Classroom Management” configuration can be used to make settings for the class devices with regard to data cleanup and compliance with data protection. This includes, for example, cleaning up the devices after class when restarting or logging out, including cookie deletion. It is also possible to selectively delete app data or entire apps that were applied to the device via the Android Enterprise configuration “Manage apps” and were used in class.

After applying the “Samsung Classroom Management” policy to the enrolled devices of the class, the app is automatically pre-configured on the teacher’s device and all class-related information from Relution is then available to the teacher. There is no need for time-consuming manual configuration during class.

Now, the assigned student devices of the corresponding class can be controlled in class, content shared or devices locked via the Samsung Classroom Management app on the teacher device. It doesn’t matter whether the students are sitting in the classroom as a group or homeschooling at home.

Custom JSON for Samsung KME

When automating enrollments for Android Enterprise via Samsung KME using multi-enrollment code from Relution, a custom JSON can be populated in the Samsung Knox portal with the enrollment code. See insight Samsung KME with Android Enterprise

The information for the required Custom JSON is now stored in Relution for easier integration in the Samsung Knox portal at the following locations and can be easily copied and pasted:

  • QR code modal under tab "ViaDPC identifier" -> KME Custom JSON
  • Enrollment detail page under enrollment information -> KME Custom JSON


Windows Store apps

Public apps from the Windows App Store can now be added to the Relution App Store and then applied to Windows 10 devices via the “Install app” action.

App compliance

For Windows 10 devices, it is now possible to install required apps on devices via a policy. With the configuration “App Compliance”, native apps from the Relution App Store as well as public apps directly from the Windows Store can be added.

If the “Auto Install” option is selected for an app, the app is automatically installed on the device. Otherwise, the device is listed as incompatible as long as the app is not installed.

Block and allow lists are not supported by Windows 10.

Windows BitLocker configuration

Hard disks of enrolled Windows 10 devices can be encrypted in Relution via the “Bitlocker” configuration. BitLocker is a security feature from Microsoft that is integrated in certain versions of the Windows operating system. The feature provides for the encryption of system drives, hard disks or removable media. The stored data is protected against theft and unauthorized reading.

Windows Hello configuration

The parameters for PIN assignment can be predefined via the “Windows Hello” configuration by providing the Azure Active Directory client ID. This is then used for secure access to enrolled Windows 10 devices by specifying the PIN and for biometric authentication via fingerprint and facial recognition. Using these options, logging in to the Windows 10 device becomes easier and more secure, as the PIN is assigned to only one device and is secured for recovery with the stored Microsoft account.

Certificates configuration

Via the Windows 10 configuration “Certificate”, uploaded certificates are installed on the device by default according to the applied policy. The certificates are used for the authorized installation of Modern Apps installations such as msix files. Now it is possible to define the KeyStore or certificate store on the device. This can be used to determine whether the certificate is valid for the entire system or only for a user.

Usability / Functional optimizations

  • Adding the "Factory reset device" action for Android Enterprise managed devices
  • Display of available placeholders in the certificate templates view
  • Support for groups in CSV import for classes
  • Adding a mandatory field for the password to exit the kiosk mode
  • Adding new settings options "Personalize startup layout" and "Import Microsoft Edge images" for the Windows "Start menu" configuration
  • Optimization of the date and time selection in the "Windows Update" configuration
  • Extension of the context menu for auto-enrollments by the commands "Use DEP profile device name" and "Use auto-assigned policies"
  • Rename the B/W lists in the app compliance configuration to block list and allow list
  • Adding CSV export in the context menu of the Windows action "Add user accounts"
  • Adding the available Windows versions to the "Windows Update" configuration that the device should have
  • Enable deletion of apps and web links from the Relution App Store, even if they are used in a teaching profile on the teacher console
  • Display of the icon for the new device action status DELIVERY_CONFIRMED
  • Fix when saving a WLAN configuration on Windows when „open" is defined as authentication type
  • Fix when using CSV import for auto-enrollments with a tenant user
  • Fix the battery status display in the device list

Technical optimizations

  • Optimize performance with a collective request with asynchronous execution for actions applied to multiple devices
  • Ensure that the Relution iOS client is always allowed when the Relution shared device configuration is active and thus conflicting app conformance settings may exist
  • Optimization of CORS preflight request with an HTTP 200 message to clients that do not specify credentials
  • Verify MariaDB version request for 10.3 or newer at system startup
  • Abort VPP synchronization and immediately stop network requests when token expires
  • Ensure deletion of the work profile on an Android Enterprise device when the device is deleted
  • Fix for displaying compliance status for Android Enterprise devices when all violations have been resolved
  • Fix for VPN connection mapping in "App to VPN mapping" configuration
  • Fix the automatic activation of Windows configurations
  • Fix for incorrect display of active tasks after deleting a VPP token
  • Fix possible endless recursion in VPP synchronization when multiple pending requests are not sent

Technical changelog

The changelog for the release can be found here

Relution Portal Release 5.2

Relution 5.2

Info Box

From now on, the most important device information is clearly displayed in an Info Box. The following information is displayed compactly at a glance:

  • Device name
  • Ownership
  • Device user
  • Compliance status
  • Pending actions
  • Device status
  • Rules
  • Device type
  • Operating system version
  • Serial number
  • Last connection
  • Access authorization

In addition, important actions are offered with one click:

  • Change device user
  • Update device details
  • Send message to device
  • Lock device

The Info Box also provides relevant information and the most important actions in the case of guidelines:

  • Publish policy
  • Reset policy
  • Edit policy
  • Edit automatic assignment
  • Delete policy

The Info Box makes the overview heard and simplifies the administration of devices and policies.


Additional Device Information

Relution 5.2 allows you to define and activate additional user-defined attributes via the settings. This allows device details to be flexibly extended for a wide variety of use cases. For example, it is conceivable to maintain an inventory number, a location or even a date on which the warranty expires for the device. The logic was implemented dynamically so that a wide range of scenarios can be covered. The additional attributes can also be used in individual policy configurations. This enables, among other things, optimized lock screen messages for iOS devices.

Device Off-time

With the optimized device lockout time for iOS devices, devices are no longer put into “Lost” mode, but instead all apps except settings are hidden via a whitelist. This ensures that the devices cannot be used for apps or accessing the Internet outside of defined usage periods. Relution thus provides a way to ensure that digital end devices can also be recovered.

Android Enterprise

Device Platform

In order to better differentiate between classic management (Android Legacy) and Android Enterprise, the Android Enterprise platform has been separated out with the characteristics Work Profile and Fully Managed Device.

When creating policies, a distinction can thus be made between the Android Legacy and Android Enterprise platforms. When maintaining configurations, this ensures that only configurations compatible with the defined platform can be selected.

Existing Android policies are automatically migrated to the correct platform by the update. If an existing policy cannot be determined with certainty whether it is a classic Android or an Android Enterprise policy, the policy will be cloned and may be visible twice in the portal after the update to Relution 5.2.

For more information on setting up Android Enterprise, see Insight Android Enterprise fully managed device & work profile

Manage System Updates

With the new configuration “Manage system updates”, the installation of operating system updates can now also be configured for Android Enterprise devices. Android Enterprise offers the following options for selection by default:

  • Unspecified (Uses the device's default system management).
  • Automatic (Starts an update as soon as it is available).
  • Maintenance Window (Install system updates within a defined maintenance window).
  • Defer (Allows a delay of up to 30 days).

Managed Google Play Store

The optimized integration of the Managed Google Play Store ensures that public apps are either linked into the Relution Apps Store first or that apps can be selected directly from the Managed Google Play Store in a policy. Additionally, web links or .apk files can also be maintained in the Managed Google Play Store and associated with a device via a policy.

The maintenance of managed app configurations has been fundamentally revised with Relution 5.2. Especially complex managed app configurations can be searched comfortably. This simplifies the administration of apps. In addition, managed app configurations can be exported and imported with Relution 5.2. This means that configurations can also be easily distributed across organizations.



To further increase the security of Windows devices, additional functions have been integrated with Release 5.2. A Windows Defender scan can now be performed via a new action. You can choose between the two options “Quick scan” and “Full scan”.

Further details have been added to the device information for Windows devices. For example, the time of the last Windows Defender scan can be evaluated in the “Health” section.

User Accounts

An additional action can be used to conveniently create new local user accounts on Windows devices. When creating local user accounts, an initial password can be set in addition to the user name. It is also possible to specify whether the account is an administrator account.

Remote desktop service

To be able to use the remote desktop functionality on a Windows 10 device, it must be enabled for this purpose. The function can be activated on devices via the “Remote desktop service” configuration. All members of the remote desktop user group on the target device then have the option of accessing the device and transferring their screen completely. The functionality is not available for Windows 10 Home devices.

Start menu

The start menu on a Windows 10 device can be personalized via the „start menu” configuration. Among other things, the following information can be predefined:

  • Hide frequently used apps
  • Disable context menus
  • Collapse "Apps list"
  • Define start size
  • Pin folders such as Documents, Downloads or My Files
  • Hide buttons like shutdown, restart or hibernation
  • Hide buttons like lock, logout or change account


With Release 5.2, no password entry is required in the Exchange configuration. As a result, the personal password must be entered directly on the Windows device.

Microsoft Store

If Windows Apps from the Microsoft Store are installed on a device using the Auto-Depolyments function, the action performed is displayed in the device details.


App Installation

With Release 5.2, the installation of .pkg files has been further optimized. This allows native apps to be installed centrally in addition to apps from the Apple App Store.

Device Information

Additional details have been added to the device information for macOS devices. In the future, the MAC addresses can be read in the Network section.

Usability / Functional optimizations

  • Table columns can be moved even more conveniently by dragging and dropping in the column selector
  • Devices can be filtered in the inventory by the status "Will be deleted"
  • Optimized display with link to Relution Agent in desktop browser.
  • Action for which an iOS device must be enrolled as Supervised will be offered only for Supervised devices in the future
  • System Apps will no longer be included in the compliance check for iOS
  • When selecting a VPN connection, a note is displayed if the VPN type is not compatible with the iOS in-app VPN feature
  • Apps can be deleted via a new action on macOS and tvOS
  • Windows system updates can be controlled even more fine-grained with a customized policy
  • When customizing the device name on Windows devices, a validation for allowed characters is performed and a corresponding error message is displayed

Technical optimizations

  • Certificates already uploaded to Relution can be deleted again
  • Old actions are automatically deleted from the device details after two years
  • Updated iOS App Store push certificates for communication with the Relution iOS app.
  • Updated iOS MDM certificates for communication with iOS devices.
  • Automatic authorization assignment of accounts for the groups "User" and "Device User".
  • Customized information and translations for options in iOS DEP profile.
  • Removed contacts and calendar settings in Windows email configuration
  • Optimization of importing classes with teachers and students
  • Disabling the Secure E-Mail Gateway feature for Windows Exchange configuration.
  • Improved performance when selecting entries in tables.

Technical changelog

The changelog for the release can be found here.

Relution Portal Release 5.1

Relution 5

Major Release

With Relution 5, the system for cross-platform device management is expanded by many functions. In addition to numerous optimizations for iOS, macOS, tvOS and Android Enterprise, the management of Windows 10 devices is also enabled. Relution does not require any cloud IDs and can be operated in your own infrastructure in compliance with data protection regulations.

Relution 5 can thus be ideally used with different devices in a variety of application scenarios. The open interfaces of the overall system also enable integration into existing IT system landscapes.

Before installing Relution 5, the Relution 5 Update Checklist should be considered.

Windows 10

Windows 10 device management

Relution 5 supports the management and configuration of Windows 10 devices. For more information see Insight Manage Windows 10 devices with Relution

Supported versions are Windows 10 Home, Windows 10 Professional, and Windows 10 Education. Relution user assignment is required at enrollment.

Then, enrollment can be performed on the device using the appropriate user email address, MDM server URL, and enrollment code. Microsoft ID is not required for enrollment.

Enrolled devices can be configured via policies. Restrictions can be used to restrict selected device functions.

Actions applied can be used to restart a device, update device information, or reset a device to factory default.

Modern Windows apps can be natively uploaded to the Relution Store and installed and uninstalled via actions on enrolled Windows 10 devices. To create modern Windows apps and convert them to other file formats for Windows apps, see insight Windows apps for Windows 10 devices with Relution

The range of functions for configuring, restricting and securing Windows 10 devices as well as installing applications will be continuously expanded from now on.


Apply multiple policies to one device

Relution 5 allows device configurations to be applied across multiple policies on a single device. For example, a base policy can now be used for all devices, plus individual policies with configurations for specific devices. The new functionality applies to all iOS, Android, and Windows 10 platforms. Furthermore, iOS, macOS and tvOS also allow multiple restriction configurations to be applied to a device, which iOS automatically combines on the device. For more information, see Insight Apply multiple policies to one device

Set priority for guidelines

Basically, there are configurations that can be present multiple times on a device and configurations that may only be present once. For each platform, it is therefore now possible to specify an order for the policies, which can be used to define the priority. If several policies are now applied with a configuration on a device that may only be present once, the settings of the first policy have priority and are adopted.

To better track the application of individual configurations on devices, the compliance view in the device details has been revised with Relution 5. For each policy applied, all current configurations on the device can be viewed at a glance.

Relution Portal

New appearance and optimized user interface

Relution 5 appears in a new look and feel. The modern look and feel includes the new Relution branding and a more intuitive user interface. Thus, the usability is increased by an improved structuring of the information and an improved usability and the work is much easier. For more information see Insight New Relution Portal

The new portal includes the following optimizations:

  • Fade-in navigation bar with vertical alignment flush left
  • User and group settings directly in the main navigation
  • Revised list views including context menu globally and per line for actions
  • Multi-Search function with tags in list views
  • Revised configuration of columns in list views
  • Subpages of settings on own distribution page
  • Notification Center for System and Organization Admin
  • Language settings and date values in the user profile


Configure Domain VPN for iOS (Per Account VPN)

Relution 5 enables the configuration of VPN for domains for iOS. This allows a VPN connection to be automatically established when accessing defined domains and thus access protected content. For this purpose, “VPN connections for apps and accounts” must be activated in the VPN settings. Afterwards, the desired domains can be entered directly in the VPN configuration.

Configure In-App VPN for iOS (Per App VPN)

Relution 5 enables the configuration of VPN for iOS apps. This allows a VPN connection to be automatically established for selected apps and thus protected content to be accessed. The configuration “App to VPN mapping” must be created in the policy in which the desired VPN connection for the apps is also configured (not possible across policies). The functionality is available for the VPN types IPSec, AnyConnect and JuniperSSL. L2TP is currently not supported by iOS.

E-mail addresses

Unique email addresses

As of Relution 5, the email address for new user:in Relution is unique and cannot be used by another user:in the same or a different organization. This uniqueness is used in user authentication via Single SingleOn (SSO) to identify the user:in and assign them to the correct organization. Relution supports the OpenID Connect and SAML protocols.

Android Enterprise

Add Android Apps via the Managed Google Play Store

Apps can be added to the Relution App Store directly from the Managed Google Play Store with Relution 5 and can then be distributed to compatible devices. This requires that Android Enterprise is configured for the Relution organization. See Insight Android Enterprise set up in Relution

Skip password” option for Android Enterprise enrollments

When enrolling a device with Android Enterprise, it is recommended to always protect the device with a password. In case this is not desired, it is now possible to disable the requirement during enrollment. By default, the option “Always require a device password” is enabled. This will always require a password to be assigned on the device regardless of a password policy. Especially for class sets or loan devices at schools, this feature increases flexibility in use.


Enrollment of multiple devices with one enrollment code

Relution 5 enables the creation of a multi-enrollment code. This means that any number of devices can be enrolled with one code. The optimization simplifies mass Android enterprise enrollments, for example for class sets or loan devices at schools, but also for enrollments of Bring Your Own Device (BYOD) devices with iOS.

The automatic enrollment of Samsung Knox Mobile Enrollment (KME) devices with Android Enterprise is also simplified by transferring the multi-enrollment code from Relution via Custom JSON into the MDM profile at Samsung KME. This eliminates the need to manually scan the Android Enterprise enrollment code from the Relution portal, further automating enrollment. For more information see insight Samsung KME with Android Enterprise


Device name configuration for iOS, macOS and tvOS supervised devices

Relution 5 enables the control of device names via a policy. A variety of placeholders can be accessed to allow dynamic individualization of device names.

Time zone configuration for supervised iOS and tvOS devices

With Relution 5, the time zone can be automatically transmitted to iOS devices via policy. This way, the activation of location services during commissioning can be completely omitted and thus an out-of-box experience (OOBE) can be realized. The activation of location services can be skipped by setting in the DEP profile.

Usability / Functional optimizations

  • The new "Log in as organization admin" button in the context menu of the overview list of organizations allows system administrators to conveniently switch to another organization with corresponding permissions of the organization administrator
  • The links to the devices via the VPP license details are automatically hidden if there is no authorization for the Device Manager role
  • For fully managed Android Enterprise devices and Android devices with work profile, the installation of apps from untrusted sources can be enabled via the restrictions
  • Linking from the app settings to the app categories
  • Alphabetical sorting of the students of a course in the field of education
  • Sorting VPP apps by name in the device VPP license list
  • Rearrangement of Dashboard Widgets
  • Adaptations of the app compliance configurations to the new list design
  • Adaptation of the auto-deployment overview to the new list design
  • Fixing the table headings in all lists
  • Adding public apps from the Windows App Store to the Relution App Store
  • Automatic renewal of Education CA certificates if they expire in the next 180 days
  • Adding the Global Proxy Configuration for Android Enterprise
  • Adding the "Play Store Management" configuration for Android Enterprise
  • Replace multiple drop-down filters in the inventory list with a list of selectable options
  • Adaptation of the certificate lists to the new list design
  • Adding the Windows platform in the app release workflow
  • Display of groups and group members for the Content Manager role
  • Adaptation of the view for conformity violations to the new list design
  • Move selection labels to search field in app selector modals
  • Removal of the Windows Update configuration from the restrictions, as the functionality has been moved to a separate configuration
  • Remove from the Development Hub function
  • Remove App Store Ratings

Technical optimizations

  • During device enrollment, it is ensured that an enrollment type is set according to the platform
  • Resetting the database baseline for Relution 5. Prerequisite for the update to version 5 is the installed version 4.79 (see Relution 5 Update Checklist)
  • Update to Java version 11 or higher and, if using MySQL, version 8.0 or higher (see Relution 5 Update Checklist)
  • Update to Spring Boot 2.4.2 which also supports operation with Java 15
  • Switching all API endpoints to the unified /api/ path. All previous endpoints are redirected (see Relution 5 Update Checklist)
  • Automatic separation of assigned VPP licenses when deleting tvOS and macOS devices
  • Optimization of the query of devices with many installed apps
  • Optimization of persistence of LDAP-referenced fields in user settings, which can be removed accidentally
  • Troubleshooting database update to Microsoft SQL Server
  • Bug fix for handling invalid characters in certificate file names on the Windows platform
  • Troubleshooting Assigned Policies on Android Enterprise Devices
  • Troubleshooting policy cloning on systems running MS SQL Server
  • Preventing the modification of LDAP groups and system groups
  • Optimization of notifications for new native client versions in the Notification Center
  • Full support for installing .pkg files on macOS devices
  • Allow ignoring of auto-assigned policies also for auto-enrollment
  • Adding the automatic update function of the Notification Center
  • All failed authorization checks will respond with a 401 (Unauthorized) instead of 403 (Forbidden) status if no valid authentication is present
  • Performing connection date update from Apple devices only for MDM communication
  • Enable partial downloads of resources
  • Support for custom client names for SAML2 registrations and additional attribute value formats
  • Preventing password changes when the user is managed by a third-party user management system
  • Adding an optional configuration to automatically remove completed VPP tasks older than a defined time period
  • Do not include hidden ping actions in the count of open actions
  • Add selection list of installed apps for the "Remove app" action
  • Checking if the email address already exists when it is edited in the user profile
  • Improved performance when loading auto deployments
  • Optimization of VPP Sanity Check Performance in Cluster Environments at Server Startup
  • Troubleshooting the deletion of organizations with VPP publications
  • Bug fix for extracting bundle identifier from .pkg files in another format
  • Avoiding a 422 HTTP status by retrying to upload a VPP token when Apple responds with a temporary error
  • Troubleshooting of failed actions to update device information for Shared iPads, even if all available information could be retrieved successfully
  • Fixing the calculation of file sizes and hashes when using MongoDB-based GridFS
  • Ensure that Windows devices can be logged in via the Device User group and not via a specific user
  • Preventing the active "Update OS" button for tvOS devices when no update is available
  • Ensuring correct display of available storage units for a Windows device
  • Bug fix for policy export when special characters are used in the passcode
  • Bug fix for re-enrolling Windows 10 devices after they have been previously enrolled on the server

Technical changelog

You can find the changelog for the release here

iOS Client Release 5.0


Support for iOS 12.4+

With Relution iOS Client 5.0, iOS version 12.4 and later is supported.

App Icon

The app icon for the Relution iOS client is now displayed with the new Relution logo.

Rate apps

Removing app reviews and ratings

The functionality to rate apps in the Relution App Store has been removed from the Relution App, analogous to the server and portal.

The latest iOS Relution Client version 5.0 can be downloaded from the Apple App Store or alternatively from our aus unserem Download Center heruntergeladen werden.

Android Client Release 5.0

Relution server 5.x

Support of Relution server 5.x

For the upcoming Relution Server version 5.x, Relution Android Client 5.0 is mandatory for classic enrollments (Android Legancy). Relution Server version 4.x is also supported. Version 3.x is no longer supported and the app reports an incompatible server version when trying to enroll. This does not apply to Android Enterprise enrollments.

Device enrollment

Enrollment of Android devices with Relution server 5.x

Classic enrollment of new Android devices on the upcoming Relution Server version 5.x (Android Legacy) requires the use of Relution Android Client 5.0. Older app versions are no longer compatible and report an error. Devices already enrolled with an earlier version of the app will continue to work. However, it is recommended to update the app in a timely manner. This does not apply to Android Enterprise enrollments.


Support of new multi policies feature with Relution server 5.x

Relution Server 5.x will support applying multiple policies on one device. To ensure full compatibility with Android devices that are classically enrolled (Android Legacy), Relution Android Client 5.0 is required. Older app versions will receive the server merged configurations correctly, but the policies will not be reported back as successfully applied. This does not apply to Android Enterprise enrollments.


Error handling on Samsung devices

With Relution Android client 5.0 multiple issues on Samsung devices have been fixed, including several restrictions could not be applied on devices that do not support multi-user profiles.


Limitations with Android Legacy enrollments

Some devices running Android 10 incorrectly reported a permission error instead of a serial number. Note that devices running Android 11 or newer will never report a serial number when using legacy device administrator enrollment. This requires the use of Android Enterprise going forward.

Samsung Knox

Backwards compatibility

Improved backwards compatibility with devices running Samsung Knox 2.7.1 and older. Previously only Knox 2.8 and newer were working as expected.

Apps ratings

Support for app review and ratings suspended

The functionality to review and rate apps in the Relution app store has been removed from the Relution app, analog to server and portal.

The latest Android Relution Client version 5.0 can be downloaded from the Google Play Store or alternatively from our Download Center.

Relution Portal Release 4.79.1


Notification for new Relution Client versions

As of now, organization administrators and app store managers will be notified about newly available Relution Client versions for iOS and Android via the Notification Center in the Relution Portal. As a prerequisite, native Relution Client apps must be configured in the organization settings. The notification about a new available Relution Client version includes the version number and a link to the corresponding release notes, which inform about respective new features.


Reset password with Android Legacy

For classic enrolled Android legacy devices (device administrator) the action reset password and change password can be used on devices with Android 6.0 and older. The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

Usability / Functional optimizations

  • The configuration radio management for Android Enterprise has been moved to the restrictions for telephony
  • Improvement of column configuration in list views (new portal)
  • Optimization of filter selection in list views (new portal)
  • Optimization of column display of name, icon and context menu for list entries (new portal)
  • Optimization of search for display on mobile devices (new portal)
  • Improved clarity by omitting sticky columns on mobile devices and small screen resolutions (new portal)
  • Display of a fixed first column in list views, which cannot be changed via the column configurator
  • Display of context menu in list views per list entry only on mouse-over (new portal)
  • Improved display of the details page for Android Enterprise devices (new portal)
  • Optimization of autocompletion on the Relution login page in the Safari browser (new portal)
  • Optimization of the "Apply action" dialog in the device details of iOS devices (new portal)
  • Improved error message on failure to send email for a device enrollment when the mail server is unreachable
  • Display the current version of the policy instead of the previous version at the version number of a policy
  • Ensure that the reported number of pending actions in the device overview list matches the displayed actions in the device detail view
  • Disable buttons in app delete dialog when delete operation is active (new portal)
  • Adding pagination to policy dialog for device selection (new portal)
  • Addition of required markers and error messages for multiple input fields (new portal)
  • General UX/UI improvements (new portal)

Technical optimizations

  • Ensure app installation on iOS/tvOS/macOS by automatically sending a new app install action if initial installation process could not be successfully performed on the device and the app is not finally installed
  • Performance improvements when loading user rights on Cockroach 20.1 or newer and PostgreSQL 9.6 or newer
  • Introduction of JSON web tokens as a replacement for previous authentication mechanisms
  • Login with a LDAP user can take place despite user synchronization being disabled, even if not all groups can be synchronized
  • Policy migration is completed successfully even if the database contains invalid data
  • Extension of CSV import from users to include files with UTF-8 with BOM encoding
  • Shutdown of the Relution Server is no longer blocked indefinitely when Android Enterprise is configured in an organization
  • Prevent loading unnecessary liquibase xsd schema files
  • Fix policy cloning on systems running Microsoft SQL Server (new portal)
  • Fix APNS certificate update
  • Fix the configuration of Global HTTP Proxy when the proxy type is set to automatic
  • Bugfix for iOS passcode configuration with the setting "allow simple password" (new portal)
  • Preventing problems with ShedLock on PostgreSQL and cockroach databases
  • Preventing duplicate public apps in the Relution App Store by copying policies across organizations
  • Fix action send messages for Android devices

Technical Changelog

Find changelog of the release here

Android Client Release 3.96


Reset password with Android Legacy

With Relution Portal version 4.79, the action reset password and change password can be applied to devices with Android 6.0 and older for classic enrolled Android legacy devices (device administrator). The Android Client 3.96 is required to process the action on the device accordingly.

For Android 7-10 devices, a password can be set if the device does not currently have a password. Android no longer offers the option to change existing passwords. As of Android 11, passwords cannot generally be reset on legacy devices. We therefore recommend migrating to Android Enterprise.

The latest Android Relution Client version 3.96 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

iOS Client Release 4.37

Single Sign-On

Authentication for Relution file shares in multi-user mode

The compatibility of the iOS Relution client with the protocol OpenID Connect for Single Sign-On (SSO) automatically queries which login variants are available based on the user name when logging in. This provides ideal synergies with the data protection compliant Relution Shared Device Mode by allowing users to log in with their existing usernames from existing school directories. In addition, access to configured file shares via SSO is supported, allowing data to be securely stored under the respective user on local school servers.

The latest iOS Relution Client version 4.37 can be downloaded from the Apple App Store or alternatively from our Download Center.

iOS Client Release 4.36

Multi-user mode

Relution Shared Device Login

As part of Relution’s multi-user mode, iOS Relution Client version 4.36 ensures that when a user logs into the Relution Login screen, no credentials can be stored and used by subsequent users.

The latest iOS Relution Client version 4.36 can be downloaded from the Apple App Store or alternatively from our Download Center.

Relution Portal Release 4.78


New system group “Content Manager”

Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the group Content Manager can use the following functions Content Managers primarily have the right to obtain content in the form of apps and books and distribute them to devices or users. To enable this, users assigned to the Content Manager group can use the following functions in Relution:

  • View and move apps
  • Edit/approve app requests
  • Create/manage categories
  • View purchased apps and books
  • Assign purchased apps and books to devices and/or users
  • View users and groups (but not create/edit/delete)
  • Assign auto-deployments to users and groups
  • Manage VPP users
  • Edit App Store settings
  • Edit VPP settings
  • Edit timetables and school subjects


Notification center in the Relution Portal

From now on, upcoming changes and important news will be displayed in the Relution Portal. The new Notification Center is located in the upper right corner and informs about expiring tokens and certificates as well as new Relution server versions. Newly available notifications are displayed via a badge. The following information is currently available for the respective roles:

System Administrator

  • Release notes for a new Relution version, if the backend is not up to date

Organisation Administrator

  • Expiring iOS Client Provisioning Profile
  • Expiring VPP tokens
  • Expiring DEP token
  • Expiring MDM Push Certificates
  • Expiring App Store Push Certificates


Make login password for enrollments configurable

The length of the passcode for enrollments can be defined via the yml file. There is a possibility to choose a passcode between 5 and 16 characters. This way the security of authorized enrollments can be increased:

1 relution:
2 enrollment:
3 passcodeLength: 16

Operating system specific requirements regarding password length have to be considered additionally. After the change, the instance must be restarted.


Send app text messages to a device

In order to send a message to a device user as an administrator of Relution, the action “Send message” can be used. Title and content can be defined.

To receive the message, the Relution app must be installed on the device. When it is launched for the first time, push notification must be enabled.

Subsequently managed apps

Non-supervised apps installed by users on a device are updated if the device administrator defines the same app as a required app via app compliance or assigns it to a group or users via auto-deployments. On devices that are not supervised, a dialog appears asking if app management should be done via Relution. After confirmation, the app is updated and will be a managed app afterwards. On supervised devices, no dialog appears and the action is performed automatically. If there is a VPP license for the managed app in the Relution organization, it will be assigned automatically. No Apple ID is required on the device.

Usability / Functional optimizations

  • Improved dashboard view (new portal)
  • Optimized adjustemnt of the column order in the list of purchased apps (new portal)
  • Improved display of table headers (new portal)
  • Configurations of old versions of policies can no longer be edited (new portal)
  • Performing an automatic refresh after plausibility check of the VPP synchronization history in the settings (new portal)
  • Enable restriction "Force request permission to leave an unmanaged class" in an iOS policy to be stored (new portal)
  • Avoid redundant information by removing additional toast messages when saving settings (new portal)
  • Improved error message when resetting the password if the mail server is not available (new portal)
  • Fix selecting actions in the device details (new portal)
  • Fix creating a new enrollment, so that the selection of a policy in the corresponding dialog window can be permanently cleared and does not appear again (new portal)
  • Extension of the iOS update action to include the selection of multiple iOS and tvOS devices (new portal)
  • Extension of the detail pages of Android Enterprise devices to include the serial number (new portal)
  • Extension of iOS restrictions for student devices to not be able to change the background image during an active exam session on the devices
  • Extension of the iOS weblink configuration by specifying an app with which the configured weblink should be opened on the device
  • Improved error message for invalid app approval status information when uploading apps to Relution
  • Error prevention through non-deletable system groups
  • Identifying a failed policy update on Android Enterprise devices when the management API returns invalid values
  • Display of a warning when certificate authorities or certification templates are deleted in the settings if certificates based on them have been created that may become invalid as a result
  • Fix blocking popup window that prevents using app detail page of public apps (new portal)
  • Fix changing device name via CVS upload in auto-enrollments (new portal)

Technical optimizations

  • Optimization of file upload in different organizations through a multi-tenant user (new portal)
  • Enhancement of automatic installation of iOS system apps such as Pages or Numbers with available VPP licenses on student devices when the lesson is started from the teacher device
  • Performance optimization by avoiding unnecessary pushes to devices for actions that have not yet been executed
  • Optimization in the creation of organization names in the context of self-service registration to ensure unique organization names
  • Improved error message in case of "incorrect configuration" of Android Enterprise permissions by validating entered values
  • Optimized maintenance of permissions for users in the system organization to ensure that logon to the system organization is possible
  • Automatically repeat the installation of a newly versioned iOS policy at a later time if the device cannot currently perform a profile installation
  • Web API view now uses OpenAPI v3
  • Using schema version 3.3 instead of 4.2 for the Liquibase database change log to avoid blocked XML schema downloads by restrictive proxies
  • Troubleshooting Android Enterprise policy cloning by not cloning an existing managed app configuration
  • Troubleshooting when working with the Relution App Store when two identical app release workflows have been created in the workflow settings

Technical Changelog

Find changelog of the release here

Android Client Release 3.95

OS Update

Ensuring OS updates on Samsung devices

A new Android Relution Client is available for the classic enrollment with Device Administrator (Android Legacy) of Samsung devices, which restores compatibility with the Android 7 or older operating system. The current version is now compatible with both Android 7 and older as well as Android 11. The latest Android Relution Client version 3.95 can be downloaded from the Google Play Store or alternatively from our Download Center. Basically, it is mandatory to update the Android Relution Client before performing an OS update on Samsung devices.

Android Client Release 3.94

Android 11

Adjustment of manual enrollment of Samsung devices without KME

For the classic enrollment with device administrator (Android Legacy) of Samsung devices with the Android 11 operating system, a new version of the Relution Client is available. This includes an adaptation for this enrollment type, as Samsung has changed the API and enrolled devices will otherwise be withdrawn again, as Samsung does not recognize the accepted Knox license.

Relution Portal Release 4.77


Relution Shared Device configuration for single app mode

There is now an additional checkbox “Lock device to enforce login” in the configuration. If this option is activated, the Relution app is put into single app mode as long as no user is logged in. Only after login into the Relution app access to other (authorized) apps will be granted.

For example, to be able to switch to another WiFi outside of the school WiFi, the Relution app must not be operated in single app mode to allow access to the settings. For this case, the option “Lock device to enforce login” must be disabled.

Additional restrictions for Apple Classroom on iOS

With an iOS policy different restrictions for the Apple Classroom app can be set in Relution:

  • „Allow the teacher to lock apps and devices“ - allows the teacher to lock a student's device or an app open on the device
  • „Force automatic join in Classroom classes“ - students are not asked to join a class when activated
  • „Request permission on leaving unmanaged Classroom class“ - leaving an unmanaged class requires permission from the teacher when activated

Android Enterprise

Skip password setup during device enrollment

When setting up enrollments for Android Enterprise Fully Managed Device, an additional checkbox can be set to skip setting up passwords/patterns during the enrollment process on the device.

Update enrollment:

Bulk enrollment:

Extension of the WiFi configuration

Addition of the EAP security type and proxy settings to the WiFi configuration for Android Enterprise Fully Managed Device.


Managed apps for macOS 11+

Relution is now fully compatible with macOS 11+ and supports provisioning of managed apps on macOS with Bug Sur.

Managed AppConfig for macOS 11+

Relution supports the configuration of managed apps via AppConfig for macOS with Big Sur. This feature is available as a configuration in the Relution policies for macOS.


OS update action for tvOS devices

In the device details, the button “Apply Action“ under the “Actions” tab allows for installing OS updates on the selected device.

Furthermore, the WiFi MAC address for tvOS devices is now displayed in the device inventory.


SFTP synchronization for Apple School Manager (ASM)

In order to minimize administration efforts when maintaining class records in both systems Relution and ASM, an SFTP synchronization can be set up in Relution under “Settings -> Apple School Manager Synchronization”. The required SFTP-URL, -user and -password are available in ASM.

This way, data sets with school context such as users for teachers and students as well as classes created in Relution can be synchronized with ASM. For this, at least one class, one teacher and one student must exist in Relution. Users must belong to either the “Teacher” or “Student” system group in Relution in order to be included in the synchronization.

When a user is created in ASM automatically, the first name, last name, and email address of the corresponding Relution user are used. In ASM it can also be activated that for each imported Relution user a Managed Apple ID is created in a predefined format. In Relution, the created Managed Apple ID is also stored for the corresponding Relution user in the according user profile. For example, the Managed Apple ID can be used for login to the Apple Shared iPad in order to distribute individual apps via Relution.

When setting up SFTP synchronization in Relution for the first time, an initial sync with ASM is performed. If the corresponding Relution organization is not yet known to ASM, a new location is being created automatically. Subsequently, the sync is performed once per day per organization by default.

Extension of CSV import for users

All properties that can be specified when creating a user manually are also possible via CSV import. In addition, up to 15 user-specific properties can be defined. The corresponding column names must be specified with custom1 to custom15:

userid,email,first name,last name,password,phone number,position,country,managed apple id,custom1,custom2,…,custom15

Usability / Functional optimizations

  • Improved workflow when importing users via a CSV file

Technical optimizations

  • Optimize verification of payload signatures for newly enrolled Apple devices
  • Increase frequency of periodic pushes to Apple devices to optimize action delivery
  • Optimization of VPP licenses for apps referenced in multiple VPP tokens
  • Automatic renewal of PKI certificates
  • Performance optimization by preventing server synchronization of groups when LDAP connection is interrupted
  • Fixing issue when saving auto-enrollments several times

Technical Changelog

Find changelog of the release here