Product Documentation

What's new in XenMobile Apps

Oct 11, 2017

Important

Before upgrading to Android O (version 8), users must upgrade Secure Hub and all XenMobile Apps to version 10.6.20. Otherwise, users might not be able to sign on to Secure Hub or open XenMobile Apps. For more information about XenMobile Apps and Android 8, see the information later in this article, the XenMobile Apps Known issues, and XenMobile supported device operating systems

Before upgrading to iOS 11, users must upgrade Secure Hub and XenMobile Apps to version 10.7. That upgrade sequence is required because Secure Hub no longer supports SHA-1 certificates on devices running iOS 11. For more information about anticipating this change, see the Knowledge Center article on XenMobile iOS 11 and Android O Support.

Prerequisites for feature flag management

If an issue occurs with Secure Hub or Secure Mail in production, we can disable an affected feature within the app code. To do so, we use feature flags and a third-party service called Launch Darkly. You do not need to make any configurations to enable traffic to Launch Darkly, except when you have a firewall or proxy blocking outbound traffic. In that case, you enable traffic to Launch Darkly via specific URLs or IP addresses, depending on your policy requirements. For details about support in MDX since XenMobile Apps 10.6.15 for the exclusion of domains from tunneling, see the MDX Toolkit documentation. For a FAQ about feature flags and Launch Darkly, see this Support Knowledge Center article.

XenMobile Apps 10.7.5

The following features are new in XenMobile Apps 10.7.5.

Secure Hub

Enable and disable biometric authentication for Samsung devices. XenMobile now allows you to enable and disable biometric authentication (fingerprint and iris scan authentication) for Samsung devices without requiring any action from users.

If you disable biometric authentication in XenMobile, users and third-party apps cannot enable the feature.

Secure Mail

Support for Skype for Business. Secure Mail for iOS and Android is now integrated with Skype for Business. You can use Skype for Business to seamlessly join online meetings.

XenMobile Apps 10.7.1

The XenMobile Apps 10.7.1 release includes public app store versions of:

  • Secure Web for iOS
  • Secure Mail for iOS

The release includes bug fixes. For details, see Fixed issues

XenMobile Apps 10.7

The following features are new in XenMobile Apps 10.7.

Same-day support for iOS 11. XenMobile Apps 10.7 support iOS 11. For details about testing and preparing for iOS, see XenMobile supported device operating systems and Known issues.

XenMobile Apps 10.7 enterprise versions. The Secure Mail and Secure Web enterprise apps for iOS in this release contain all new features and enhancements that we introduced in versions 10.6 and later in the XenMobile Apps public app store versions.

Secure Mail

In Secure Mail for iOS with multiple Exchange accounts, you can view the Contacts folders or subfolders of individual accounts.

Support for PPTM file format. Secure Mail for iOS supports the Microsoft PowerPoint PPTM file format. Users can attach, view, and open .pptm files in Secure Mail.

XenMobile Apps 10.6.20

The XenMobile Apps 10.6.20 release includes:

Enterprise

  • Secure Hub 10.6.20 for Android 
  • Secure Mail 10.6.20 for Android
  • Secure Notes 10.6.20 for Android
  • Secure Tasks 10.6.20 for Android
  • Secure Web 10.6.20 for Android

Public App Store

  • Secure Hub 10.6.20 for Android
  • Secure Hub 10.6.20 for iOS
  • Secure Mail 10.6.20 for Android
  • Secure Mail 10.6.20 for iOS
  • Secure Notes 10.6.20 for Android
  • Secure Tasks 10.6.20 for Android
  • Secure Web 10.6.20 for Android
  • Secure Web 10.6.20 for iOS

The following features and enhancements are new in XenMobile Apps 10.6.20.

Same-day support for Android O. XenMobile Apps 10.6.20 noted in the preceding list support Android O (version 8). With the release of Android O, Android 5 becomes the minimum supported version. For details about testing and preparing for Android O, as well as for the iOS 11 release, see XenMobile supported device operating systems. Also be sure to review the Known issues

Note: Google support for SSLv3 connections ends. XenMobile Apps that run on an Android O device cannot connect to internal servers that use SSLv3 connections. Plan ahead to anticipate this change to avoid connectivity issues for users.

MDX no longer enforces app upgrades on Android by default. You can modify a new policy, Disable Required Update, to enforce upgrades for Public App Store apps. MDX does not enforce the upgrade by default. This feature was available for iOS apps in the 10.6.10 release of MDX. 

Secure Hub for Android

XenMobile shows the security patch level only for Samsung devices running Android 6.0 and later. [CXM-36345]

Secure Mail for Android

In Secure Mail for Android, all replies or forwards to an encrypted email are encrypted even if the Encrypt by default setting is OFF.

Multiple Exchange accounts on Android. Secure Mail now supports multiple Exchange accounts on Android. From Settings within Secure Mail, you can now add multiple Exchange email accounts and switch between them. This feature allows you to monitor all your mails, contacts, and calendars in one place. This feature was first available for iOS in version 10.6.15.

Secure Web for Android

Offline pages. The Enable offline pages policy now controls the offline web pages feature for Android devices. The default value is OFF. Enable this policy to allow users to save offline web pages on their devices. XenMobile does not encrypt these offline pages, but you can use device level encryption to achieve the same.

Additionally, previously saved offline pages will not be accessible after you upgrade to XenMobile Apps 10.6.20.

XenMobile Apps 10.6.15

The following features are new in XenMobile Apps 10.6.15.

Secure Mail 10.6.15

Secure Mail now supports multiple Exchange accounts on iOS. From Settings within Secure Mail, you can now add multiple Exchange email accounts and switch between them. This feature allows you to monitor all your mails, alerts, and calendars in one place. For details, see Multiple Exchange accounts on iOS

Secure Mail for iOS and Android supports new features on swipe gestures. You perform the following actions by swiping an email either left or right.

  • More
  • Flag
  • Delete
  • Mark

For details, see Swipe to delete

Encryption for replies or forwards. In Secure Mail for iOS, all replies or forwards to an encrypted email are encrypted even if the Encrypt by default setting is OFF.

Personal calendar conflicts. Secure Mail for Android displays conflicts with your personal calendar event while you create or reschedule an Exchange account calendar event.

Support for super-wide device screens for Secure Mail for Android. This release supports displays on device screens with aspect ratios of 18.5:9. Screens with this aspect ratio are available on devices including the Samsung S8.

Secure Web 10.6.15

Support for super-wide device screens for Secure Web. This release supports displays on device screens with aspect ratios of 18.5:9. Screens with this aspect ratio are available on devices including the Samsung S8.

The following features are new in XenMobile Apps 10.6.10.

Secure Hub 10.6.10

Support for super-wide device screens on Android. This release supports displays on device screens with aspect ratios of 18.5:9. Screens with this aspect ratio are available on devices including the Samsung S8.

Secure Mail 10.6.10

Battery enhancements. Improvements to Secure Mail reduce battery consumption on Android devices.

Personal Calendar account selection. On Secure Mail for Android, you can select which personal calendars appear on the settings screen. This feature first appeared in Secure Mail for Android version 10.6.5. 

Secure Mail for Android displays the following details about a personal calendar event:

  • Account name of the sender
  • Invitees
  • Meeting notes

For details, see Personal Calendar Overlay.

Restrict users from using unknown or personal domains. In Secure Mail for iOS, as a security feature, you can keep users from configuring email accounts from specific domains. For example, you may want to restrict users from using an unknown or personal domain. To do so, you configure the Allowed Email Domains MDX policy when you update Secure Mail in the XenMobile console.  

To allow Secure Mail to filter for prohibited domains, you need to add the allowed domains to the list. Secure Mail then compares the domain with the allowed list. For instance, if you list server.company.com as an allowed domain name, if the user's email address is user@internal.server.company.com, Secure Mail supports the email address. In that example, Secure Mail does not support any other email address with a domain name that is not server.company.com.

In the policy settings, you add the allowed domains in comma-separated format, such as server.company.comserver.company.co.uk

For a matrix of MDX app policies per platform, see MDX Policies at a Glance

The following features are new in XenMobile Apps 10.6.5.

Secure Hub 10.6.5

Secure Hub Touch ID on iOS: Fingerprint authentication when offline or for app inactivity. When fingerprint authentication is enabled, users can now sign on by using a fingerprint when offline authentication is required because of app inactivity. Users still have to enter a PIN when signing on to Secure Hub for the first time and when restarting the device. Fingerprint authentication is supported on iOS 9 and iOS 10.3 devices and some Android devices.

Secure Mail 10.6.5

Personal Calendar account selection. On Secure Mail for Android, you can now select which personal calendars appear on the settings screen.

localized image

New MDX analytics policy for Secure Mail for iOS and Android. Citrix collects analytics data to improve product quality. The Google Analytics level of detail policy allows you to specify whether the data collected can be associated with your company domain or collected anonymously. Selecting Anonymous opts users out of including the company domain with the data that is collected. This new policy replaces an earlier Google analytics policy. 

When the policy is set to Anonymous, we collect the following types of data. We have absolutely no way to link this data to an individual user or company because we do not request user identifiable information. No personally identifiable information is sent to Google.

  • Device statistics, such as the operating system version, app version, and device model
  • Platform information, such as ActiveSync version and Secure Mail server version
  • Failure points for product quality like APNs registrations, mail sync failures, mail send failures, attachment download failures, calendar sync failures, and so on

Note that other than company domain, no other identifiable information is collected when the policy is set to Complete. Default is Complete.

Secure Web 10.6.5

Fixed issues. To learn more about the issue fixed in this release see XenMobile Apps Fixed Issues.

What's New in XenMobile Apps 10.6.0

Secure Mail 10.6

  • Upgrade to Exchange ActiveSync (EAS) version 16. Secure Mail supports both EAS version 16.1 and version 16.0 on iOS and Android. However, an upgrade to the respective EAS version depends on the EAS protocol supported by Exchange Server 2016 in your environment. During the upgrade, Secure Mail resynchronizes all your local data and preserves any draft or unsent emails that you may have.
  • Personal Calendar overlay enhancements. Secure Mail now notifies users when they make a calendar event that conflicts with events in their native calendar. Additional fields appear for personal events as well. Users can see whom an event is from and can show the invitee count. For details, see Personal Calendar Overlay.

Secure Hub 10.6

Citrix VPN connection type for Android devices

The VPN device policy for Android now supports configuring Citrix VPN. Citrix VPN is a mobile application that connects to NetScaler Gateway in full VPN mode, as opposed to a clientless VPN or ICA proxy mode.

On the Configure > Device Policies page for Android, the Connection type menu now includes Citrix VPN.

localized image

Citrix VPN settings:

  • Server name or IP address: Type the FQDN or IP address of the NetScaler Gateway.
  • User name and Password: Type your VPN credentials for the Authentication types of Password or Password and Certificate. Optional. If you don't provide the VPN credentials, the Citrix VPN app prompts for a user name and password.
  • Identity credential: Appears for the Authentication types of Certificate or Password and Certificate.
  • Enable per-app VPN: Select whether to enable per-app VPN. If you don't enable per-app VPN, all traffic goes through the Citrix VPN tunnel. If you enable per-app VPN, specify the following settings. The default is OFF.
    • Whitelist or Blacklist: Choose a setting. If Whitelist, all apps in the whitelist tunnel through this VPN. If Blacklist, all apps except those on the blacklist tunnel through this VPN.
    • Application List: Specify the whitelisted or blacklisted apps. Click Add and then type a comma-separated list of app package names.
  • Custom XML: Click Add and then type custom parameters. XenMobile supports these parameters for Citrix VPN:
    • disableL3Mode: Optional. To enable this parameter, type Yes for the Value. If enabled, no user-added VPN connections are displayed and the user cannot add a new connection. This is a global restriction and applies to all VPN profiles.
    • userAgent: A string value. You can specify a custom User Agent string to send in each HTTP request. The specified user agent string is appended to the existing Citrix VPN user agent.
localized image

For general information about configuring the VPN device policy, see VPN device policy.

Derived credentials for iOS device enrollment

Derived credentials provide strong authentication for mobile devices. The credentials, derived from a smart card, reside in a mobile device instead of the card. The smart card is either a Personal Identity Verification (PIV) card or Common Access Card (CAC).

The derived credentials are an enrollment certificate that contains the user identifier, such as UPN. XenMobile stores the credentials obtained from the credential provider in a secure vault on the device.

XenMobile can use derived credentials for iOS device enrollment. If configured for derived credentials, XenMobile doesn't support enrollment invitations or other enrollment modes for iOS devices. However, you can use the same XenMobile server to enroll Android devices through enrollment invitations and other enrollment modes.

For information on how users enroll using derived credentials, see Enrolling devices by using derived credentials. For more information about requirements and the configuration for derived credentials, see Derived credentials for iOS.

What's new in XenMobile Apps 10.5.20

The following features are new in XenMobile Apps 10.5.20:

Secure Mail 10.5.20

  • Personal calendar support on Android. Import your personal calendar from the native calendar app and view events from Secure Mail. Enable this feature by going to Secure Mail settings and then turning On Personal Calendar. Select a color for your personal events and the calendars that you want to display in Secure Mail. This is a read-only view only visible to the user. The personal calendar information does not sync back to the Exchange or Lotus Notes mail server.
  • Select multiple emails in search mode. When searching for emails on iOS, you can now select multiple mails on which to perform an operation. Long press an email to begin selecting multiple mails.
  • Insert inline images on devices running iOS. Secure Mail now supports inserting inline images in the mail body.
  • Export contacts even if a native mail account exists. On iOS, Secure Mail contacts can be exported and synced with the phone contacts even if a Hotmail or Exchange account is set up on the device. You configure this feature in XenMobile through the Override Native Contacts Check policy for Secure Mail. This policy determines if Secure Mail should override the check for contacts from an Exchange/Hotmail Account configured in the native Contacts app. If On, the app syncs contacts to the device even if the native Contacts app is configured with an Exchange/Hotmail Account. If Off, the app continues to block contacts sync. Default is On.

Secure Notes and Secure Tasks for Android

  • Support includes a fix for Samsung Android 7 devices related to SQLite encryption issues.

Secure Notes and Secure Tasks for iOS

  • Fix for a TMobile VPN issue with Secure Notes and Secure Tasks.
  • Fix for an autodiscovery failure for Secure Tasks.

What's new in XenMobile Apps 10.5.15

The following features are new in XenMobile Apps 10.5.15.

Secure Hub 10.5.15

  • Supports the following devices:
    • Nexus 6P (operating system 7.1.1)
    • Moto Turbo (operating system 6.0.1)
  • Fingerprint authentication support on Android. The Enable Touch ID Authentication client property enables users to sign on by using a fingerprint when offline authentication is required because of app inactivity. When prompted, users can sign on by using a fingerprint or choose to use a Citrix PIN or passcode instead.

    Fingerprint authentication for Android was tested on the following devices:

    • Nexus 5X
    • Samsung S7 Edge
    • Samsung S6 Edge+
    • LG G5
    • Google Pixel

To add and enable this property

  1. In the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.
  2. Under Client, click Client Properties. The Client Properties page appears.
  3. Click Add. The Add New Client Property page appears.
  4. Configure these settings:
    Key
    = ENABLE_TOUCH_ID_AUTH
    Value
    = True
    Name = Enable Fingerprint Authentication
    Description = Enable Fingerprint Authentication
  5. Click Save.

Secure Mail 10.5.15

S/MIME public key retrieval from LDAP directories. Secure Mail now supports the retrieval of public key certificates from LDAP. Users can encrypt or sign their emails with S/MIME. To enable the search of LDAP directories, you configure the following new MDX policies in the XenMobile console.

  • S/MIME public certificate source: Specifies the source of S/MIME public certificates. If Exchange, Secure Mail fetches certificates from Exchange Server. If LDAP, Secure Mail fetches certificates from the LDAP server. Default value is Exchange.
  • Ldap server address: LDAP server address including port number.
  • Ldap Base DN: LDAP Base distinguished name.
  • Access LDAP Anonymously: If this policy is ON, Secure Mail can search LDAP without prior authentication.

Select multiple emails in search mode. When searching for emails on Android devices, users can now select multiple mails on which to perform an operation. Long press on an email to begin selecting multiple mails.

Phone number format support. Secure Mail 10.5.15 for Android and iOS supports more phone number formats and conference code formats. Users can join meeting directly from invitations in their calendars. The following formats for Conference IDs or extensions are new in version 10.5.15.

For an audio conference, the following formats let users tap the Dial In button. If they tap the phone number from the body of the calendar meeting, however, they can dial into the meeting. ; They must then enter conference codes manually. The following phone number and conference code formats are supported.

Codes Phone number formats

"

+1 (631) 992-3240,,958209234#

'

+1 (631) 992-3240,958209234#

,,,

+1 (631) 992-3240,,,958209234#

,,,,

+1 (631) 992-3240,,,,958209234#

passcode

+1 (631) 992-3240 passcode 958209234#

ext:

+1 (631) 992-3240 ext:958209234#

ext.

+1 (631) 992-3240 ext. 958209234#

;ext=

+1 (631) 992-3240;ext=958209234#

extn

+1 (631) 992-3240 extn 958209234#

HC

+1 (631) 992-3240 HC 958209234#

xtn

+1 (631) 992-3240 xtn 958209234#

xt

+1 (631) 992-3240 xt 958209234#

x

+1 (631) 992-3240 x 958209234#

PC

+1 (631) 992-3240 PC 958209234#

pc

+1 (631) 992-3240 pc 958209234#

What's new in XenMobile Apps 10.5.10

The following features are new in XenMobile 10.5.10.

Secure Hub 10.5.10

  • Zebra device support. With Secure Hub 10.5.10, for enrolled Zebra devices, the XenMobile console shows the MXMF version, and patch version if applicable, in device properties.
  • Security improvements. Secure Hub no longer trusts certificates issued by StartCom and WoSign Root certificate authorities based on findings by Mozilla and other security teams.

Secure Web 10.5.10

  • Turkish language support. Secure Web for Android now supports the Turkish language.

Secure Mail 10.5.10

  • Support for .pass files. You can download and import .pass files received as email attachments into the iOS Wallet app.
  • Personal calendar support on iOS. You can import your personal calendar from the native calendar app and view events from Secure Mail. Enable this feature by going to Secure Mail settings and then turning On Personal Calendar. Select a color for your personal events and the calendars that you want to display in Secure Mail. This view for users is read-only. The personal calendar information is not synced back to the Exchange or Lotus Notes mail server. To enable the personal calendar overlay, you can either enable the feature from the pop-up notification or from Secure Mail settings.
localized image
localized image

After enabling the feature, ensure that you grant Secure Mail permission to read the native calendar.

localized image

Select a color for your personal mail items.

localized image
localized image
localized image

For a demonstration of this feature on an iOS device, see the following video: