Product Documentation

About XenMobile Server 10.1

Jul 30, 2015

You can upgrade XenMobile 10 to XenMobile 10.1 in the XenMobile console. To perform the upgrade, you use the xms_10.1.0.62986.bin. In the XenMobile console, go to Settings > Release Management. Click Upgrade and then upload the xms_10.1.0.62986.bin file. For more information about upgrades in the console, see Upgrading XenMobile

New Features and Enhancements for Android and iOS

Resource deployment ordering. In XenMobile MDM Edition, you can change the order in which resources are deployed within a delivery group. In the XenMobile console, you change the deployment order in Configure > Delivery Groups. When you add or edit a delivery group, on the Summary page, next to Resources, you click Deployment Order, where you can change the position of the resources that appear in the list to set your preferred order.

  • The resources you can order for deployment must be resources that XenMobile fully manages, such as policies and apps. However, in this release in XenMobile MDM Edition, you cannot yet order actions.
  • This feature is not supported for Windows Phone and Windows Tablet. To enforce a deployment schedule for resources on those devices, you must carry out multiple deployments.

Exporting table data. For every table in the XenMobile console - Apps, Policies, Actions, Delivery Groups, Local Users and Groups, Enrollment, and Devices - you can click Export to create a .csv file containing all displayed columns.

REST APIs. XenMobile supports public APIs for REST services to let you call the services that are exposed through XenMobile through any REST client directly. You can do the following with the APIs that are supported in XenMobile 10.1:

  • Configure licenses, NetScaler Gateway, LDAP, certificate management during initial installation.
  • Retrieve delivery group details with assigned resources and groups.
  • Reset the administrator password.
  • Export a PKI certificate.
  • Configure notification server settings, such as adding and editing the SMS and SMTP server, deleting the server, and activating the server.
  • Retrieve app details and delete apps.
  • Set the host fully qualified domain name (FQDN).

RBAC. The DEVICE_PROVISIONING role is removed from XenMobile 10.1, and the Support console feature is added. In XenMobile 10, this feature was available automatically for the ADMIN role; in XenMobile 10.1, the feature is only available when you select Support for the role.

New Features and Enhancements for iOS

Device lock security action. You can lock a device with an accompanying display of a message and phone number that appears on the device lock screen. You can lock a device in the XenMobile console in Manage > Devices.

After you select an iOS device in the list, in the dialog box that appears, you click Secure.

In the Security Actions dialog box, you click Lock.

Then, in the confirmation message, you can optionally enter a message and phone number and then click Lock Device. This feature is supported on iOS 7 and 8 devices.

Note: The message and phone only appear on a locked device if you have also set the Passcode policy in the XenMobile console, or if users have enabled the passcode manually on the device.

VPP enhancements. The following features extend the capabilities of the Volume Purchasing Program (VPP) within XenMobile.

  • Allows you to import multiple VPP tokens into XenMobile; for example, for tokens purchased in multiple locations, or for multiple organizations, business units, or divisions that require different VPP tokens.
  • Partners can create and deploy B2B apps to users with iOS devices from a private business-to-business (B2B) app stores by adding the logon credentials to the VPP configuration in the XenMobile console in Settings.
  • Supports the management of multiple VPP/B2B apps for organizations who use XenMobile to manage apps and devices for several VPP customers and multinational companies. Apps from all VPP/B2B accounts are automatically uploaded to XenMobile and are automatically updated. You can assign particular VPP/B2B apps to users in the XenMobile console, where you can also view the VPP/B2B account to which an app applies.

Provisioning profile policies and device details. In XenMobile 10 and earlier, you distribute the profile to user devices by using an email attachment; users add the profile on their iOS device by clicking the attachment. XenMobile 10.1 supports the following provisioning profile policies and device details that make it easier to track the provisioning profile status for enterprise apps on iOS devices, and no longer require users to install the profiles on their devices manually.

  • iOS Provisioning Profile policy. Lets you remotely install a provisioning profile on an iOS device. When you configure the policy, you upload an iOS provisioning profile and then deploy the profile to user devices.
  • iOS Provisioning Profile Removal policy. Lets you remove a provisioning profile from an iOS device. You configure these device policies in the XenMobile console in Configure > Device Policies.
  • iOS provisioning profile lists. You can view an inventory iOS profiles for the device and a list of provisioning profiles that are installed on the device, listing the universally unique identifier (UUID), expiration date, and managed status for each profile. You view these details in the XenMobile console in Manage > Devices.

Apple Device Enrollment Program (DEP) pre-enrollment. Lets resellers pre-enroll devices in the DEP in order to install managed apps on devices before distributing the devices to users.

Integration with Apple Configurator. Simplifies the large-scale enrollment of corporate-owned devices. Devices can connect to an Apple Configurator and are automatically configured to install a pre-generated XenMobile profile.

New restriction device policies for iOS supervised devices.

  • Allows or prevents predictive keyboards, keyboard auto-correction, keyboard spell check, and keyboard definition lookup. Available for iOS 8.1.3 on supervised devices only.

  • Allows or prevents podcasts. Available for iOS 8.0 and later versions on supervised devices only.

New Features and Enhancements for Android

Android for Work. A secure workspace on devices that separates corporate apps and data from personal apps and data. Organizations can set up an Android for Work account with Google. You can then deploy approved apps from the Google Play for Work store to user devices. You can also set app restriction policies to control access and functionality. You configure Android for Work settings in the XenMobile console in Settings > Server > Android for Work, and in Device Policies > Security > Android for Work App Restrictions.


Android for Work does not support wrapped apps. Users must install Worx Home on their Android device and then add Android for Work apps to Worx Home.

Samsung KNOX container. The following table lists the MDM policies for the Samsung KNOX container and the operating system to which they apply. The Samsung KNOX container is a secure workspace on devices that separates corporate apps and data from personal apps and data. You configure these policy settings in the XenMobile console in Configure > Device Policies > Restrictions.

Policy Applies to Samsung KNOX Standard; previously applied to Samsung SAFE Applies to Samsung KNOX Premium (KNOX 2.0)
Allows for the use of the Samsung SAFE API to configure Access Point Name (APN) and General Packet Radio service (GPRS) settings on an Android device. X X
Enables or disables the use of Common Access Card (CAC) authentication in the KNOX container that includes the authentications necessary for email and browser use in the container.   X
Sets the Unlock method as the combination of a fingerprint and a password.   X
Enables or disables whether users can move applications inside the KNOX container.   X
Enables or disables the use of non-secure keyboard in the KNOX container.   X
Enables or disables sharing through a list in the KNOX container.   X
Allows or prevents users from sending or receiving Short Message Service (SMS) and Multimedia Messaging Service (MMS) messages X  
Allows or prevents users from changing the date and time manually. X  
Allows users to install apps that are already installed in their personal area to the KNOX container.   X
Enables or disables GMS apps in the KNOX container.   X
Enables or disables the device to be placed into the Common Criteria configuration.   X
Enables or disables the TIMA keystore that provides TrustZone-based secure key storage for the symmetric keys.   X
Enables or disables the device to log events to be used for forensic analysis of the device.   X