v15.6 SOTI MobiControl Release Notes Build 1018 | September 19, 2022

Upgrade Considerations

  • In SOTI MobiControl version 15.5.0 onwards, “GetDeviceGroupConfiguration” and “ApplyDeviceGroupConfiguration” APIs will require “Configure Devices/Device Groups” permission. This permission is automatically assigned to SOTI MobiControl Administrators, SOTI MobiControl Technicians and SOTI MobiControl Viewers roles. Custom roles must have the “Configure Devices/Device Groups” permission granted manually.
  • If you are using an older version of the Cloud Link Agent (CLA) (e.g.,1.x, 2.x ,3.x or 4.0), you must upgrade to CLA 4.1. Before upgrading, you must uninstall the older version of CLA. If CLA 4.1 is not set up with SOTI MobiControl 15.6.0, any operation or functionality related to LDAP and AD CS will not work.
  • If you are installing or upgrading to SOTI MobiControl 15.6.0 and above, .NET Runtime 6.0 and ASP.NET Core Runtime 6.0 must be installed with all critical updates on the host server before you proceed with running the SOTI MobiControl installer.
  • If you are installing or upgrading to SOTI MobiControl 15.6.0 and above, port 13131 needs to be open for outbound communication on the Management and Deployment Servers for communication with the SOTI MobiControl Signal Service.
  • As of the August 2022 update to SOTI Identity, improvements were made to streamline user role management across all SOTI ONE products. These changes only impact MobiControl versions 15.6.0 and greater.

    On upgrading from a version of MobiControl less than 15.6.0 to version 15.6.0 or higher the following impacts will be observed:

    • Functions to add, modify and remove roles are no longer accessible within the SOTI Identity console.
    • SOTI Identity roles that appeared in MobiControl as SOTI Identity user groups will be removed as part of the upgrade.
    • SOTI Identity users and groups that were mapped with SOTI Identity roles will be listed directly in MobiControl with the same permissions that those users and groups previously inherited from SOTI Identity roles.
    As a result of the above impacts, you may also have to recreate roles in MobiControl and associate them with the correct SOTI Identity users and groups. If you were using SOTI Identity for device side authentication through Add Device rules or Enrollment policies, or if you had mapped SOTI Identity user groups in the MobiControl Shared Device configuration, you must remap these in MobiControl after upgrading. Click here for a detailed explanation on these changes.

Release Highlights

Indoor Location Service

Indoor Location is a new premium feature of SOTI MobiControl that provides the real-time location of devices based on Wi-Fi positioning, allowing businesses to track their devices indoors. A device's current location or last known location is available to users with an option to see that device's movement over a 24-hour period. Additionally, by incorporating geofencing and SOTI MobiControl's Signal Policies, Indoor Location service can quickly track down devices indoors and trigger actions and notifications based on devices entering or leaving specific indoor zones. The Indoor Location functionality is available only to SOTI MobiControl customers who have purchased the SOTI Premium Plus or Enterprise Plus Service.

Signal Policy

Signal is a new policy type in SOTI MobiControl that allows the administrator to create customized conditions for triggering automated actions. Signal Policies are platform agnostic, meaning creating a policy per device platform is unnecessary. Signal can leverage information across Indoor Location and SOTI MobiControl for building conditions that best fit your business needs.

Notification Panel

The Notification Panel can display alert messages that a Signal Policy triggers, as well as Announcements, enabling SOTI MobiControl administrators to quickly view critical information about the state of their system or device fleet.

Microsoft 365 App Protection Policy – iOS and Android

In SOTI MobiControl, you can now create Microsoft App Protection Policies for Microsoft 365 apps on Android and iOS devices, ensuring corporate data is protected and contained within the apps. This policy provides granular access controls to protect the corporate data in the apps, such as copying data to the clipboard.

Simplified Certificate-based Windows Modern Enrollment

Certificate-based bulk enrollment of Windows Modern devices is now streamlined in 15.6.0. You can now directly download a Windows provisioning package from the enrollment rule, distribute it to the target devices and enroll in SOTI MobiControl. Here, we provide the ability to download a PPKG (Provisioning Package) file from the SOTI MobiControl web console instead of creating it using a Microsoft tool (Windows Configuration Designer).

New Features and Improvements

Administrative Console

iOS and macOS Enrollment Policies Migration

Apple Add Device Rules are now split into iOS and macOS Enrollment Policies. The creation and management of these policies is migrated to the next-generation user interface for a better user experience and overall consistency. The new design provides a view of all iOS and macOS Enrollment Policies in a list, along with a detailed view of each policy.

Note: The Apple Enrollment URLs have changed in this version of SOTI MobiControl. If you are upgrading SOTI MobiControl to this version, the Enrollment URLs of the Enrollment Policies created before upgrading to this version of SOTI MobiControl will no longer work. After the upgrade, new URLs for the existing Enrollment Policies will be regenerated automatically and should be used for device enrollment moving forward.

Linux Enrollment Policies Migration

Linux Enrollment Policies (formerly called Add Device Rules) creation and management is migrated to the next-generation user interface for a better user experience and overall consistency. The new design provides a view of all Linux Enrollment Policies in a list, along with a detailed view of each policy.

SOTI MobiControl has added support for LDAP authentication in the Linux Enrollment Policy along with this migration.

SOTI Identity User and Group Management in SOTI MobiControl

Users and Groups that have been assigned to SOTI MobiControl through SOTI Identity can now be viewed under the Users and Permissions section of SOTI MobiControl. Administrators can now manage the permission of these Users and Groups through SOTI MobiControl itself. Additionally, administrators can now retrieve matching users/groups from SOTI Identity directly while searching rather than relying on user input which eliminates the risks of misconfiguration.

Note: Customers with on-premises installations of SOTI MobiControl 15.6.0 or later must open a port or whitelist an IP address for SOTI Identity to ensure communication between products.

Android Enterprise

Knox Platform for Enterprise (KPE) Standard License Support

Samsung devices secured by Knox can now activate the KPE Standard License instead of the Enterprise License Management (ELM) license when enrolled as either Android Classic or Android Enterprise Work Managed to provide continued access to Knox-specific features. Previously enrolled Samsung devices with a Samsung ELM license activated remain unaffected.

Note: Android agent version 15.2.0 or above is required for new enrollments on Samsung devices.

Knox Service Plugin (KSP) Payload Support via Profiles

You can configure and deploy the Knox Service Plugin, Samsung’s OEMConfig, directly via Profiles for Samsung devices enrolled as Android Enterprise Work Managed. This allows administrators to easily discover and manage Samsung KSP features within the context of other Android Enterprise Work Managed profile configurations and avoid creating an App Policy.

Note: You can still configure and deploy KSP via App Policies if required.

Lockdown Template Macro Selection Support

Select Macros to add to your Lockdown Template from within the payload and avoid having to navigate to the help document to identify all available Macros.

New Password Policy - Complexity

You can configure a new password policy option in authentication called Complexity with the ability to set it as Low, Medium or High. This is available on Android 12 devices and is mandatory for Work Profile authentication by Google.

Android EMM API Deprecation and Update

We have updated to the latest Google EMM APIs available to maintain support for installing and configuring Google Play Store applications. New versions of these APIs are more scalable and provide additional future functionality. Previous versions of the API are being deprecated and, as a result, older versions of SOTI MobiControl will lose the ability to manage Google Play Store apps after September 2023.


Home Screen Layout for iOS

For customers deploying dedicated devices or kiosk scenarios, Home Screen Layout adds the ability to add a Home Screen Layout configuration to a profile giving SOTI MobiControl administrators control over what and where applications can be located on the home screen.


Bootstrap Token Support

Apple automated the process of generating the secure token for mobile/network logins using the new concept of Bootstrap Tokens. Starting with macOS Catalina, this will help device users to generate a secure token for mobile/network accounts, without the need for administrator intervention.

Indoor Location Service

Indoor Location is a new premium feature of SOTI MobiControl that provides the real-time location of devices based on Wi-Fi positioning, allowing businesses to track their devices indoors.

Location Dashboard

The Location Dashboard offers a central view to critical information such as the number of devices in a location, including their management status and network connectivity. In addition, it allows you to configure and manage all locations in a similar manner to the existing Device Dashboard.

Indoor Location Portal

The Indoor Location Portal is where you can visually locate devices on a full-screen map view. This gives the clearest and most accurate presentation of your device activities, whether managed, unmanaged, connected or disconnected. The portal allows you to personalize the map using the map filter option and provides informative charts on all devices at your location.

Device Actions

As a SOTI MobiControl administrator, you can perform actions such as Play Sound, Rename, Send Script, Remote Control, Send Message or View Historical Location on a selected device. All actions can be performed from the Indoor Location Portal, which empowers device management with the most significant benefit being reduction in asset loss.

Geofences and Exclusion Zones

The indoor geofence and exclusion zone functionality allow you to create virtual zones on the map. One of its many uses is tracking devices entering and leaving these virtual zones. With this information, you can set up Signal Policies to trigger actions and notifications based on devices entering and leaving these zones. For the scenarios where you do not want to track devices in private zones such as dressing rooms or washrooms, Exclusion Zones can be drawn in a similar manner to geofences. Devices in exclusion zones are not shown on the map, and historical data is not saved for devices in these zones.

SOTI Design Studio

SOTI Design Studio is a new feature of SOTI MobiControl that supplements the Indoor Location feature and is accessed through the new Location Dashboard. No indoor map to upload when creating a location? No problem! Use this new design tool to create a detailed map of your indoor space and upload to Indoor location.

Signal Policy

Signal Policies enable businesses to automate the deployment of business policies, installation or removal of device applications, enforcing device configurations and much more. This includes conditions based on the entry or exit of indoor geofences supported by the Indoor Location Service.

Customizable Conditions

Administrators can configure complex conditions by leveraging information reported by Indoor Location and from SOTI MobiControl. For example, it is possible to create a condition which monitors the number of devices within an Indoor Location geofence. The conditions which can be created are highly customizable and can be associated with each other by using nested logical expressions.

Automated Actions

Signal can direct SOTI MobiControl to take automated actions once the configured conditions of a Signal Policy are fulfilled. Supported actions include Send Script, Send Message, Send Email, Trigger Alert and Relocate Devices.

Policy Scheduling

Signal offers a wide range of options for administrators to configure the schedule of their Signal Policy according to their business needs. For example, the policy can be set so that it is only activated on certain days of the week and within a specified time range.


Proglove Scanner Integration

SOTI Surf now supports integration with ProGlove Scanners on Android devices to capture data from ProGlove scanners, eliminating the need for field staff members to enter data in SOTI Surf manually and improving their overall productivity.

SOTI Settings Manager

Wi-Fi management in accordance with DFC

Settings Manager Wi-Fi can now be managed according to Feature Controls defined by an administrator.


Microsoft Windows Server 2022

You can now host the SOTI MobiControl server components and the SOTI MobiControl database on Microsoft Windows Server 2022.

Notification Panel

The Notification Panel can display alert messages that are triggered by a Signal Policy, enabling SOTI MobiControl administrators to quickly view critical information about the state of their system or the device fleet.


The following new REST APIs are included in this release:

  • Microsoft 365 App Protection Policy
    • Create a new Microsoft App Protection Policy integration
    • Delete the Microsoft App Protection Policy integration
    • Get the Microsoft App Protection Policy integration settings
    • Get a list of Microsoft App Protection Policies
    • Return the specified Android App Protection Policy
    • Return the specified iOS App Protection Policy
    • Create a new Microsoft App Protection Policy for Android
    • Create a new Microsoft App Protection Policy for iOS
    • Update the specified Android App Protection Policy
    • Update the specified iOS App Protection Policy
    • Delete the specified Microsoft App Protection Policy
    • Return a list of Microsoft Azure Active Directory groups
  • Android Configuration
    • Retrieve the Samsung KPE configuration
    • Update the Samsung KPE configuration
  • Apple Automated Device Enrollment
    • Creates assignment for Automated Device Enrollment devices to specified Enrollment Policy
    • Returns all Enrollment Policies associated with the specified Automated Device Enrollment Account
    • Returns all Automated Device Enrollment devices assigned to the specified Enrollment Policy
    • Creates or removes the default Mac Enrollment Policy for an Automated Device Enrollment Account
    • Creates or removes the default iOS Enrollment Policy for an Automated Device Enrollment Account


From November 2018, Samsung stopped their support to generate ELM or KLM licenses. ELM key service was deprecated by Samsung for any new enrollments starting January 2021, but existing enrollments on ELM will continue to work as is. Applications can no longer activate ELM license keys on new devices (More Details). The ELM key is replaced by BCK (Backwards Compatibility KEY) and KPE keys. To cater this change by Samsung, SOTI MobiControl also deprecated ELM support for new enrollment from v15.6.0. Already enrolled devices using an ELM key will continue to work as is.

Learn more about using these new features with What's New in SOTI MobiControl Online Help.

Resolved Issues

MCMR-24723 User screensaver settings were not getting changed even after the Screensaver profile was successfully installed on macOS devices
MCMR-26789 Users who migrated Zebra devices from DA to DO were not able to reset the binding on the group of AE devices
MCMR-27468 Users could not generate the "Installed Applications with name and version" report under the Android Platform more than once
MCMR-28570 User could not revoke a certificate that was pushed to a Windows device
MCMR-28781 Web content filter settings in profiles were not accepting custom domains in the whitelisted URL field
MCMR-28893 Help links were not working when the console language was set to Japanese
MCMR-29008 Device actions would show as successfully pushed when they were not sent to devices
MCMR-29066 Users with SOTI MobiControl Viewer permissions were not able to see devices when the View All Devices option was selected on the device listing page
Inaccurate data was displayed in charts on the Devices page
MCMR-29733 Users were unable to upgrade Zebra devices using Lifeguard OTA and were stuck in the Blocked state
MCMR-29849 File sync was generating files that were inaccessible
MCMR-29860 The lockdown browser (Electron) failed to open URLs in Linux Ubuntu 20.04
MCMR-30150 Devices would attempt to redownload their content libraries after connection issues
MCMR-30152 Users could not sort lockdown templates by name
MCMR-31395 Settings Manager got disabled after SOTI Generic AE Plugin was installed

Known Issues

MC-163798 When editing an App Protection Policy, user groups configured as excluded are shown in the assigned user group list