Check out our forums for insights on what we are building next.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Jun 2, 2021
13 min read
With the pandemic and associated challenges, there is no doubt that the only way a business can stay competitive in the current market scenario is by moving to everything remote. But while shifting into such a boundless workspace, companies face multiple hurdles adjusting to new ways of working. To help with this dilemma and empower everyone, everywhere, the industry’s leading UEM solutions are chock full of innovative upgrades to their line of endpoint management offerings.
Hexnode offers extensive support for multiple OS platforms. Here is a platform-wise breakdown of the year’s breaking changes in Hexnode for endpoint management.
VPN On Demand lets devices connect to VPN automatically when on specific networks. Otherwise, VPN enablement requires manual intervention. The VPN On Demand option allow set multiple configurations or VPN On Demand rules with the Hexnode iOS VPN policy.
Code scanner app is the QR scanner app integrated with the iOS camera on devices running iOS 14. Hexnode has now updated the system apps list for iOS devices with the new Code scanner app.
Apps written by OEMs are capable of sending back configuration results to the UEM console using a feedback channel. App feedback is a very useful option for enterprise IT admins to monitor and stay up to date with the app configuration status. The feature also alerts them of errors that need immediate action. Hexnode UEM lets you track and view application feedback data for Managed Google apps. The workflow is as follows:
It could take up to 30 minutes to fetch the feedback from the applications. IT admins can send feedback requests to a device only 3 times per day. Prerequisites:
Hexnode already offers extensive support for large scale roll out of Android devices via Google’s Zero Touch Enrollment. With the groundbreaking updates Google announced in Nov 2020, Hexnode also added Zero Touch Enrollment support for few additional device types, including:
This means that organization can enroll corporate owned Android 9.0+ Samsung Knox devices hands free either via their own Samsung Knox Mobile Enrollment or using Google’s Android Zero Touch Enrollment.
Samsung Knox Validated Program is Samsung’s authentication program to distinguish UEMs and check their integrity for Samsung Knox device management. Hexnode UEM is now a Samsung Knox Validated Partner. Being a Knox Validated Partner, Hexnode provides its users added assurance of same day and flawless support for Samsung Knox management services.
Hexnode’s app management features allow IT admins to cover all aspects of managed apps. Clear app data action is the latest feature Hexnode offers for Play store apps running on managed Samsung Knox devices.
The enterprise management type displayed in the device inventory help admins easily distinguish between generic, fully managed and work profile managed devices. This is particularly useful when pushing bulk actions to devices based on their management type.
The device details page now showcases the work account creation status for Android Enterprise enrolled devices. In case if the work account creation fails, admins have the option to re-initiate it.
Some additional options have been added to the Android kiosk peripheral settings to allow new device features and user permissions while in kiosk mode.
This option allows end users to configure Wi-Fi hotspots on Android 8.0+ devices by redirecting them to the corresponding device settings.
This option prompts users to modify the device password if a password policy is associated with the device. Associating VPN or Certificate (mandatory only for non-Android Enterprise devices) policy would also prompt the user to set a device password if one is not there already. The admin can also set a time limit after which the user will be automatically exited from the Settings page.
This option enables users to disconnect the device from already connected Wi-Fi networks while in kiosk mode.
Admins can set a minimum limit for the length of number passcodes in the password rules defined for managed Android devices.
Everywhere enterprise concept brings in new security issues and privacy concerns. While accessing external networks, users can remain confident that they have extra online protection when the VPN is turned on. VPN help establish secure connections between external networks by encrypting the data flowing between these points. This allows enterprises to provide users with secure remote access to the company network, also enabling end users to secure their online privacy. The Hexnode VPN policy for Windows supports the connection types like L2TP, PPTP, IKEv2 and allow push configurations like:
Apart from generally enhancing the management functionalities by incorporating everything new in the UEM landscape, Hexnode also gives priority to user requested features. Remote view for Windows might be the most awaited feature Hexnode has released so far this year. This is a great feature for IT admins to provide the home workers real time support. This is also a powerful tool to keep note of their work progress. Windows remote view works the same way as it does for Android and iOS devices, and the only thing to note is that it can be initiated only on devices running Hexnode Agent app v4.5.0+ and Hexnode Remote Assist app v220.127.116.11+.
macOS Privacy preferences policy lets the admins allow or restrict important permissions without which protected Mac apps and services fail to function. You can allow, deny or set as default the preferences for apps and processes on Mac with macOS 10.14+. However, camera, screen recording, and microphone permissions cannot be granted via UEM. These preferences can only be denied or set as default. It is possible to configure preferences for multiple apps with a single policy. What is important is that the user needs to relaunch the app for the applied change to take effect.
FileVault is the built-in whole disk encryption program on macOS. FileVault encodes the data on your startup disk, which can be decoded only using a recovery key. Losing your account password and FileVault recovery key is a greater risk as the user will not be able to log into the Mac and access the data on the startup disk in that case. However, to help such situations, admins now have the option to retrieve and back up the FileVault recovery key using Hexnode, which is known by the term escrow.
FileVault recovery keys captured by Hexnode can be used to regain access to the drive. Admins have the option to display a message on the recovery key screen to help end users on how to get the recovery key for their Mac. The recovery key encryption and decryption can either be done automatically by Hexnode or manually by the admin. If admins are allowed to specify the encryption key, they should also add the encryption certificate within the policy.
Hexnode earlier supported only PKG or DMG files for enterprise app installation on Macs. But as per the user requests, Hexnode is extending this to include MPKG files. The file can be uploaded to the Hexnode repository and distributed via Policy or action just the way we do for any other enterprise apps.
This is an additional option to prompt users during their next login to change the device password whenever a new change is made to the rules already defined via the Hexnode Mac passcode policy.
VPP app installation support on Apple TV is yet another long-awaited feature for Hexnode users. VPP integration with Hexnode allows IT admins to manage the app distribution on Apple TVs effectively. The salient features of VPP integration include:
This allows IT admins to entirely wipe a device when a device is lost, stolen or when the device user leaves the enterprise. Wipe remote action works for Apple TVs running tvOS 10.2 and above. Management will no longer be supported on the device unless it is a DEP-enrolled device with the option ”Enroll devices in MDM” enabled in the DEP policy associated with the DEP account.
IT admins can restart the Apple TV on demand using this remote action. The action may be useful in a situation where the user is not available for restarting the device, perhaps for exiting a program or complete a pending reboot. The action is supported on supervised tvOS devices running tvOS 10.2 or above.
Whenever a new OS update becomes available, it would be a hectic task for the enterprise IT to manually update all their devices one by one. But with the update OS action on Hexnode, admins can easily push the OS update to their device fleet in bulk. For Apple TVs, IT admins can either enforce to download and install the software update or download only.
Two factor authentication is a security feature or more specifically a matter of balancing security and convenience as with so many other things. Hexnode now supports third-party authenticator apps to enforce two-factor authentication for the Hexnode management portal. The admin can mandate two factor authentication for the technician and when the technician logs in for the first time, he needs to set up two factor authentication using a third-party authenticator app only after which he can access the Hexnode portal. So, rather than sending the technician an SMS or verification code via email, the third-party app like Google authenticator or Microsoft authenticator displays a verification code which refreshes roughly 30 sec.
Sign up now and try out all these features absolutely free of cost!Sign up now
Delivering an exceptional user experience is something Hexnode always takes on priority. So, when pushing out updates, we always focus on increasing the usability of our already easy-to-use product. We add to our roadmap only those features that are sure to reduce the management burden on enterprise IT, many of which are requested features from our customers which makes their experience even better.
Got an idea for a new management feature?
Feel free to reach out to us or share with us in the forums.
This is just the next step in our journey. Hexnode will continue to get better and there’s more to come. Stay tuned!