FileWave Release History
FileWave issues major releases on a roughly quarterly basis. You'll find the history of features in previous releases shown below.
FileWave 15.5.x (October 2024)
FileWave Management Suite
End user notifications: Now, admins using FileWave Anywhere or FileWave Central can send custom messages to enrolled devices, displaying them as system notifications for users. This feature empowers administrators to communicate important information directly to users' devices, enhancing engagement and user experience. More...
Keycloak IDP integration for admin login: We’ve introduced support for Keycloak as an Identity Provider (IDP) in FileWave Anywhere and Central. Administrators can now log in using their Keycloak accounts, enhancing security and simplifying credential management.
Qt 6 Upgrade: FileWave 15.5 is now using Qt 6 open-source library, which brings better support for recent operating systems, security fixes and optimizations. On macOS, FileWave Central is now a fully universal (Intel and Apple Silicon) application, Rosetta 2 is not required anymore. It also brings better support for internal web browser thanks to updated Chromium engine. Windows components are now 64-bit only.
Add to deployment: It is now possible to easily add devices or filesets to existing (or new) deployments, using new context menu options in FileWave Central.
Dark Mode improvements: Window decoration (typically window header) is now properly following dark mode setting.
API Improvements: New public API endpoints have been introduced to facilitate external service integration. These endpoints allow users to fetch results of stored inventory queries in FileWave and execute ad-hoc inventory queries via the Preview API without saving them. The results are returned as JSON objects, with customizable page sizes to enhance flexibility. Detailed Swagger documentation is available for these endpoints, ensuring clear guidance on their usage. These updates provide seamless access to inventory data for external integrations. New APIs that are now available:
-
/reports/v1/reports
-
/reports/v1/reports/{id}
-
/notifications/v1/notifications
New Fileset dialog: With the addition of the different new fileset types (DDM configuration, DDM asset, Winget, Autopkg…), revisiting the New Fileset dialog was required - the new one is lean and much simpler !
FileWave Appliances: There are a few key changes for someone setting up a new FileWave Server, Booster or IVS appliance that should be noted for 15.5.0.
- HyperV images are now provided as Gen1 as well as now Gen2 allowing you to take advantage of more modern HyperV features when setting up a new appliance. Gen1 images will continue to be provided for those who need them until further notice.
- fail2ban has been added to all of the Appliance images to protect them from brute force SSH attacks. Existing images will not get this, but it can be manually added if you would like. SSH shouldn't normally be exposed to the Internet, but also some attacks can happen on a protected network by an infected host.
- When setting up a new Appliance the root user is not enabled. Instead you will login via console or SSH as "fwadmin" with a password of "filewave" and you will be forced to change the password on first login. To do actions as root you will use sudo. Existing Appliances will not be changed by filewave but you can make the same changes.
#!/bin/bash # Ensure the script is run as root if [ "$EUID" -ne 0 ]; then echo "Please run this script with sudo or as root." exit 1 fi # Prompt for the password echo "Creating user 'fwadmin'." read -s -p "Enter password for 'fwadmin': " password echo read -s -p "Confirm password: " password2 echo # Check if passwords match if [ "$password" != "$password2" ]; then echo "Error: Passwords do not match." exit 1 fi # Create the 'fwadmin' user without a password prompt adduser --gecos "" --disabled-password fwadmin # Set the password for 'fwadmin' echo "Setting password for 'fwadmin'." echo "fwadmin:$password" | chpasswd # Add 'fwadmin' to the sudo group usermod -aG sudo fwadmin echo "'fwadmin' has been added to the sudo group." # Lock the root account passwd -l root echo "The root account has been locked." echo "Setup complete. You can now log in as 'fwadmin' and use sudo."
Inventory-Specific changes
MDM Command history: MDM command history is now available in inventory, allowing troubleshooting or reporting related to MDM based features.
New "Last Changed" Field in FileWave Inventory: We've added a new "Last Changed" field in FileWave Inventory.
-
"Last Changed" Field: This new field records the date and time when any custom or built-in field value is updated for a client or when the client reports to the inventory.
-
Field Updates: The "Last Changed" field is also updated when a new custom field is associated or disassociated with the device.
-
API Integration: The "Last Changed" field is visible in existing public inventory API responses, enabling more accurate data synchronization and integration.
This feature ensures that any changes made to client data are accurately tracked, improving workflow automation and third-party integrations.
Apple-Specific Changes
Autopkg integration
In addition to Winget support in 15.4, Autopkg, a well-known package tool in mac admin community is now supported in FileWave:
-
Not need to run Autopkg ; FileWave runs autopkg, creates packages and hosts them.
-
Filesets are made available via a CDN, using private to your instance links.
-
Currently, autopkg repositories are selected and curated by FileWave. Please contact us if you have suggestions for other repositories or recipes.
-
Package versioning is managed with revisions ; automatic upgrade is managed when selecting “latest” specific revision.
Signed Profiles: Profiles deployed using FileWave are now signed before being installed on the device. FileWave 15.5 also allows:
-
modifying imported signed profiles ; in that case, existing profile signature will be removed and replaced by a new one
-
exporting profiles as signed, making sure profiles can be shared without being altered
-
duplicating signed profiles ; in that case, as payload UUIDS are regenerated, existing profile signature will be removed and replaced by a new one
ACME Certificate profile: ACME certificate profile can now be configured ; other payloads can reference ACME payloads the same way as SCEP payloads.
Extensible SSO: Various new options have been added to the Extensible SSO profile, allowing to define various policies like FileVault, Authentication Grace period or unlock behavior.
Login Window: Login Window Profile has been updated to replace a non-functional combobox with a checkbox labeled "Show heading information when clicking the clock." When checked, this option will allow the macOS login screen to display hostname, OS version, and IP address in rotation when the clock is clicked. If unchecked, the clock will have no effect. This update simplifies the user interface and aligns it with macOS behavior.
Network: Made sure WPA2 Enterprise is used for Passpoint interface.
Network Usage Rules: SIM Attributes can now be directly edited in the form.
Parental Control (macOS Restrictions): Options to configure Allowed Applications based on application signature have been added.
Passcode: Minor description update related to Maximum Failed Attempt behavior
Restrictions: New options:
-
control if transferring eSIM to another device is allowed
-
control if auto dim is available for OLED iPads
-
control if Genmoji is available
-
control if Image Playground is available
-
control if iPhone Mirroring is available
-
control if Writing Tools are available
-
control if Image Wand is available
-
control if Personalized Hand Writing is available
-
control if Remote control and Video Conferencing is available
- control if Apps can be hidden
- control if Apps can be locked
- control if Call recording is available
- control if RCS messaging is available
- control if Mail summary is available
- control if Media Sharing is available
- prevents user notifications for content capture technologies on managed devices
Security and Privacy: New setting to control XProtect malware upload
Security and Privacy (Privacy and Consent Control): New Bluetooth service
System Extension (macOS): New options for Non Removable from UI and Non Removable System extensions settings
System Logging (macOS): It is now possible to configure system logging options profile.
VPN: New options to configure Post-Quantum Pre-shared Key (PPK) for IKE.V2
DDM configurations: FileWave 15.5 brings Apple’s new way of configuring devices, DDM configurations. While profiles are still widely used, Apple is extending DDM config every release.
To simplify device management, parts of the configurations can be shared amongst different configurations. Typical example is user credentials, used to authenticate to different services. The same credentials will be used by many configurations (caldav, mail…) ; instead of duplicating the settings, you can now create a unique Asset and use the asset in multiple configurations. Assets are available in the form of a new fileset (so you can organize them the way you need, grant permission….) and will be automatically handled as dependency of the configuration using the asset.
FileWave 15.5 introduces a first set of DDM configurations:
-
CalDAV account
-
Passcode settings
-
Screen Sharing application settings (configures connections)
-
Screen Sharing host options
-
Software Update settings
More configurations will be added in future versions.
New or modified device management options:
Admin Password management (MDM Command - macOS): Adds the ability to change the admin password from FileWave Central, for devices enrolled via Automated Device Enrollment (DEP). The admin account must have been created during enrollment using DEP profile options.
Control Await Configuration state (DEP enrolled devices): When enrolled via DEP, devices are in a specific mode where the user is not allowed to interact with the device, which will stay in this state until configuration is over. By default, FileWave releases the device as soon as possible to shorten initial setup times. FileWave 15.5 now allows controlling when the device is released:
-
DEP profile has a new setting to not automatically release the device from the state
-
it is possible to send the Device Configured command either manually (context menu) or via Command Policy fileset.
DEP skip keys: The following skip keys have been added to DEP profile (together with Setup Assistant Profile):
-
Action Button
-
Apple Intelligence
-
Voice Selection
iOS application installed on Apple Silicon mac devices: iOS application filesets can now be associated to macOS devices ; if both application and device are compatible, application will be installed, as long as a license is available.Service Background (DDM status - macOS): Background tasks based on a launch daemon are now reported in Inventory for macOS devices supporting DDM.
Return to Service (RTS) for Apple TVs: Return to Service options are now available for Apple TVs (tvOS 18+) ; this allows Wi-Fi only Apple TVs to have zero-touch wipe and re-enroll process.
Account Driven Enrollment: For iOS/iPadOS devices, supports new BYOD workflow based on Apple Account Driven Enrollment.
Chromebook-Specific Changes
Chrome Extension: New version is available with 15.5 release. Extension is needed for Notifications to function properly and also contains several issues fixed. The extension should automatically update on clients.
Chrome Management in FileWave Anywhere: Verify option is now available in FileWave Anywhere for single and bulk devices action. It is also supported as a bulk action for different platforms (i.e mac and chrome). Note: “Modify Chromebook” permission is not needed to preform Verify action.
Android-Specific Changes
Android Lost Mode: EMM devices which are in “Missing” device state will now use Android Lost Mode mechanism. As Android Lost mode allows the end user to exit lost mode by entering device passcode, FileWave will then report in inventory the current state and the expected state. It is also possible to “Play Lost Mode Alert” on lost devices.
Windows-Specific Changes
64-bit client
FileWave relies on several opensource components - you can find exhaustive list on each download page. Keeping these components up to date is mandatory for both security reasons and for better features. Starting with version 15.5, FileWave uses now Qt 6, which is running only on 64-bit operating systems. FileWave 15.5 can’t run on Windows 32-bit edition anymore.
The change from 32-bit to 64-bit executable on Windows has an impact on how filesets are delivered:
- On a 32-bit Windows, programs are located on c:\Program Files.
- On a 64-bit Windows, 32-bit programs are located on c:\Program Files (x86)\ while 64-bit programs are on C:\Program Files\
To facilitate the transition to the 64-bit platform, Microsoft added silent, automatic redirection. When a 32-bit program tries to access c:\Program Files\, Windows automatically redirects file system calls to C:\Program Files (x86) ; this allows legacy program to work smoothly on both platforms. This redirection applies in several concepts and is documented by Microsoft in the WOW64 (Windows On Windows 64) page.
As FileWave Agent (fwcld) 15.4 is a 32-bit application, it is impacted by the silent redirect from Windows ; files deployed using FileWave may then be deployed in a different location. A Fileset property setting allows to control wether redirection mechanism should be disabled or not.
Starting with FileWave 15.5, filesets can be configured as 32-bit or 64-bit:
This has an impact on:
- files delivery, depending on the redirection setting
- registry modifications
- script interpreter environment. Typically, Powershell can run as 32-bit or as 64-bit
To facilitate migration:
- filesets created with FileWave 15.5 will be 64-bit by default and can be marked as 32-bit if required
- all existing filesets, created prior to 15.5, are marked as 32-bit (redirection setting is kept) and can be marked as 64-bit if required
FileWave Imaging (IVS)
FileWave Windows Imaging solution relies on PXE Boot, which delivers a tiny Linux image containing all required components to run the imaging process. Compatibility with different hardware depends on how the tiny linux image is built - mainly which Linux kernel version and embedded packages and modules.
- The list of modules and packages embedded with IVS 15.5 has been entirely revisited and supports a much broader set of hardware.
- NFS shares on the IVS are protected in a new way. When a device boots up to image or capture its image there is a VPN session created in order to access the NFS shares. Unauthenticated access to the NFS shares was removed.
FileWave Kiosk
Company Information
With 15.4.0 - Company information are now available in Desktop versions of the Kiosk (macOS, Windows):
Reinstall and Go To App Store actions
Reinstall and Go To App Store actions have been added in Fileset Details and Browse Filesets views:
-
Go To App Store button is visible for all VPP filesets.
-
Reinstall button is visible for non-VPP filesets in the following scenarios:
-
If the fileset is already installed.
-
If the installation of the fileset failed.
-
New design for Join Organization modal
New organization modal is showing both active and retired VPP invites. Red indicator is shown only if the action is required (pending organization(s) to join).
Deprecated Features
The following features have been deprecated from FileWave 15.5.0. They are present but will be removed in a future release:
- macOS Support: macOS 12 will be the minimum macOS supported version.
- Kiosk 1.0 for macOS/Windows - The original Kiosk is still bundled with macOS/Windows clients, but in a future version, this will be removed because Kiosk 2.0, introduced in FileWave 15.3.0, will be the only Kiosk.
- Minimum version of Server for upgrades: Upgrading FileWave server to version 15.6 will require to run FileWave 14.1.5 or later.
- FileWave Central Dashboard: The Dashboard in FileWave Central will be replaced by a view of a Grafana Dashboard to not maintain 2 Dashboard systems.
We encourage you to provide product feedback if you have any concerns: FileWave Product Management
Decommissioned Features
The following features have been removed from FileWave 15.5.0:
- Windows 32-bit - With FileWave 15.5, the FileWave Client, Boosters, and Admin are 64-bit only now.
The following features were removed from FileWave 15.4.0 and are worth mentioning again due to being major changes:
- CentOS - As CentOS 7 being End-Of-Life on June 30, 2024, FileWave is available and supported on Debian. New versions of FileWave won't be released on CentOS after CentOS is EOL.
- Compatibility Mode: Communication between FileWave components is encrypted and has relied on TLS certificates for several years now. Back in the day, to facilitate the transition, a Compatibility Mode was introduced, allowing clients running versions older than 13.1 to still be managed by a more recent server despite not supporting proper encryption. It is now time to drop compatibility mode to enforce secured communications. This means the minimum OS versions that can be enrolled are macOS 10.11 and Windows 7 SP1 - but it is obviously not recommended to run outdated, unsecured end-of-life Operating Systems.
-
Google FCM Deprecation Support:
-
- Legacy Firebase Cloud Messaging (FCM) APIs are deprecated by Google.
-
Enable (if are not already enabled) the following API to manage ChromeOS on FileWave:
-
Firebase Cloud Messaging API
-
Firebase Management API
- More...
-
-
FileWave 15.4.x (June 2024)
FileWave Management Suite
Bug fixes and security update
FileWave 15.4.1 brings bug fixes and 3rd party open source component updates.
Unified backend for Model Update (Technical Preview)
Model Update is one of the key features of FileWave; Model Update allows you to apply complex changes to your organization only when you’re ready to deploy them and to revert unwanted changes. FileWave 15.3.0 brings a new Model Update mechanism, now running in a single component. This is the first step before new features and improvements can be added to Model Update. In this version, we focused on consistency with existing Model Update (to make sure nothing changes in your deployments) and on shortening update times. Model Update “v2” is a Technical Preview in 15.4.0, so it is not enabled by default.
Minor improvements (Central)
- It is now possible to filter any table of Client Info dialog.
- Inventory Queries can now be imported and exported.
- Inventory Queries can easily be exposed to Grafana Dashboard
- json file format is now part of default editable file format list
More Dark Mode (Central)
Stand-alone assistants (Client Assistant, Booster Monitor...) now support dark mode
Apple-Specific Changes
macOS 15 Sequoia and iOS 18
Basica support for macOS 15 Sequoia and iOS 18 betas was added to 15.4.1 and 15.4.2 to support testing. More robust support and features will be added to FileWave 15.5.0 in October 2024.
Software Update revisited
With the introduction of Declarative Device Management, Apple announced having fixed several issues related to OS update management, mainly on macOS. This is the opportunity for FileWave to revisit how Apple updates are handled, to remove old mechanisms which are either decommissioned by Apple or known to be not reliable, in order to simplify the user experience.
GDMF (Global Device Management Framework) as unique source of truth
One major issue with Software Update Apple side is the multiplicity of sources:
- Legacy systems (older macOS version) rely on an online sucatalog file containing metadata about updates, and used by softwareupdate command line system.
- MDM capable devices can report Available OS Updates at the time they are requesting it.
- GDMF is the new, simplified online catalog, about OS updates for Apple devices.
To ease the support of a broader set of devices, FileWave would combine all sources into one, which could lead to confusions for updates available in multiple sources, as they would show multiple times due to different identifiers.
Starting with FileWave 15.4, the only source of truth will be GDMF.
Which means:
- no more duplicated entries as long GDMF has unique entries per update
- only OS updates will be displayed - while old legacy catalog could contain system apps or system items like XProtect.
On macOS DDM replaces MDM
Legacy macOS versions allowed fine control on how to install updates using softwareupdate command line tool ; using this tool has been made deprecated by Apple several years ago and using MDM protocol was the recommended approach. Unfortunately, this mechanism was not only giving very limited control (MDM can kindly ask device to install the update, that’s it), but was not as reliable as it should. Unfortunately (again), Apple has not been able to fix reported issued with the MDM protocol, preferring a complete rewrite using the new DDM system.
Therefore, starting with FileWave 15.4, macOS OS updates will be managed only using DDM - older not supported or not working mechanisms are decommissioned. Which means:
- macOS OS updates can now be triggered and managed
- only OS-Update DDM capable devices can be managed, so macOS 14 (Sonoma) is the minimum version
Apple Spring Release 2024 support
New restrictions :
- Allow Live Voicemail (iOS 17.2)
- force preserve ESIM on erase (iOS 17.2)
- allow market place installation (iOS 17.4, EU iPhones)
- allow web installation of apps (iOS 17.5, EU iPhones)
DEP new skip item (and corresponding Setup Assistant): Wallpaper
Installed Application List now reports Distributor Identifier to identify MarketPlace (EU iPhones)
Declarative Device Management (DDM)
FileWave 15.3 introduced the first support of Apple new DDM protocol. With 15.4, this support is expanded to:
- OS update (see above)
- Application Management (Technical preview as the functionality is still in developer preview Apple side and not complete)
- Status report expanded:
- FileVault status
- Battery Health report
Minor improvements
FileWave Central will now check, when renewing APN certificate, if the Common Name of the new certificate matches the one from the existing one, to avoid communication break.
Chromebook-Specific Changes
API Changes
The most important thing to talk about is the change to the Chrombook APIs. When going to 15.4 you will need to make sure 2 APIs are enabled. Firebase Cloud Messaging API and Firebase Management API are required. In fact if you do not upgrade to 15.4 the old APIs will be disabled by Google on June 20, 2024 so you should be sure to upgrade. If you miss upgrading in time, it's ok. Just upgrade and then enable the APIs. Confirming Firebase APIs are enabled for Chromebooks (15.4+) has a script that on-premise customers can run but the easiest thing is just to click https://console.developers.google.com/flows/enableapi?apiid=firebase.googleapis.com,fcm.googleapis.com and make sure your Firebase project is picked and it'll enable the 2 APIs. You can do this before or after you update to 15.4.
Chromebook commands in FileWave Anywhere
1. REMOTE_POWERWASH Command
- Description: System administrators can remotely powerwash ChromeOS devices, resetting them to factory settings for efficient troubleshooting and maintaining device security.
- Execution: Initiates the powerwash process, erasing all user data and configurations.
2. WIPE_USERS Command
- Description: System administrators can remotely and securely wipe user data from devices, ensuring compliance with data protection regulations and maintaining organizational security.
- Execution: Initiates the data-wiping process on all user accounts.
3. REBOOT Command
- Description: Introducing the REBOOT command, enabling system administrators to reboot devices for troubleshooting remotely and applying system updates.
- Execution: Initiates the remote reboot process on the selected devices.
4. Command History tab
- Description: Users can now view all information related to sending REMOTE_POWERWASH, WIPE_USERS, and REBOOT Commands in the Command History tab for Chromebook devices.
More details available → Powerwash / Wipe Users on ChromeOS (15.3+) & Reboot for ChromeOS (15.3+)
Error handling in case of missing permissions
If the user doesn’t have right permissions or looses permissions in the middle of executing an action, the appropriate error message will be shown in both FileWave Anywhere and Central:
Annotated fields in FileWave Anywhere
Admins using FileWave Anywhere now have the possibility of editing and bulk editing annotated fields in FileWave Anywhere.
Select device(s) → Actions → Edit Fields
Android-Specific Changes
Network Policy
It is now possible to set DomainSuffixMatch and UseSystemCA settings for EAP configure networks.
USB data transfer restriction
USB File transfer option has been added to both Default Policy and to Restriction Policy to allow USB data transfer on managed Android devices.
Windows-Specific Changes
Winget integration - third-party patching made easy
Deploying applications available via Microsoft Winget was already possible using FileWave, but it required script manipulation and some steps to set up properly. FileWave 15.4 introduces a much simpler way to deploy applications to Windows devices.
Welcome new Winget Fileset
A new search assistant allows creating a Winget Fileset just by searching the name of the application to deploy.
- Winget will be automatically installed or updated if required
- With FileWave 15.4.0, the most recent package will always be installed at initial deployment
- You can define if the package will be upgraded at verify if a new version is available
- You can define if the package will be uninstalled if the association is removed - in case the package allows silent uninstallation
FileWave Imaging (IVS)
FileWave Networking Imaging 15.4.x brings compatibility with FileWave 15.4.x.
- PXE Kernel: 6.7.9
- Buildroot: 2024.02
FileWave Kiosk
Company Information
With 15.4.0 - Company information are now available in Desktop versions of the Kiosk (macOS, Windows):
Reinstall and Go To App Store actions
Reinstall and Go To App Store actions have been added in Fileset Details and Browse Filesets views:
-
Go To App Store button is visible for all VPP filesets.
-
Reinstall button is visible for non-VPP filesets in the following scenarios:
-
If the fileset is already installed.
-
If the installation of the fileset failed.
-
New design for Join Organization modal
New organization modal is showing both active and retired VPP invites. Red indicator is shown only if the action is required (pending organization(s) to join).
Deprecated Features
The following features have been deprecated from FileWave 15.4.0. They are present but will be removed in a future release:
- CentOS - As CentOS 7 being End-Of-Life on June 30, 2024, FileWave is available and supported on Debian. New versions of FileWave won't be released on CentOS after CentOS is EOL.
- Windows 32-bit - With FileWave 15.3, the new Kiosk was already running only on 64-bit Windows. FileWave 15.4 can theoretically run on Windows 32-bit without Kiosk (but is not tested by our QA), but 32-bit support will be completely removed in FileWave 15.5.
- Kiosk 1.0 for macOS/Windows - The original Kiosk is still bundled with macOS/Windows clients, but in a future version, this will be removed because Kiosk 2.0, introduced in FileWave 15.3.0, will be the only Kiosk.
We encourage you to provide product feedback if you have any concerns: FileWave Product Management
Decommissioned Features
The following features have been removed from FileWave 15.4.1:
- CentOS - As CentOS 7 being End-Of-Life on June 30, 2024, FileWave is available and supported on Debian. New versions of FileWave won't be released on CentOS after CentOS is EOL.
The following features have been removed from FileWave 15.4.0:
- Compatibility Mode: Communication between FileWave components is encrypted and has relied on TLS certificates for several years now. Back in the day, to facilitate the transition, a Compatibility Mode was introduced, allowing clients running versions older than 13.1 to still be managed by a more recent server despite not supporting proper encryption. It is now time to drop compatibility mode to enforce secured communications. This means the minimum OS versions that can be enrolled are macOS 10.11 and Windows 7 SP1 - but it is obviously not recommended to run outdated, unsecured end-of-life Operating Systems.
- Legacy macOS Imaging: Changes made by Apple with APFS, T2 chips, and Apple Silicon have long been part of macOS device imaging history. With the deprecation of Compatibility mode, the last reason for keeping macOS imaging options in FileWave is gone.
-
Google FCM Deprecation Support:
-
- Legacy Firebase Cloud Messaging (FCM) APIs are deprecated by Google.
-
Enable (if are not already enabled) the following API to manage ChromeOS on FileWave:
-
Firebase Cloud Messaging API
-
Firebase Management API
- More...
-
-
- White Labeling of Chrome Extension: This is removed as a process. More...
FileWave 15.3.x (April 2024)
FileWave Management Suite
Central goes Dark
FileWave Central introduces a new Dark Mode UI - for FileWave admins working at night ! More...
Unified backend for Model Update (Technical Preview)
Model Update is one of the key features of FileWave; Model Update allows you to apply complex changes to your organization only when you’re ready to deploy them and to revert unwanted changes. FileWave 15.3.0 brings a new Model Update mechanism, now running in a single component. This is the first step before new features and improvements can be added to Model Update. In this version, we focused on consistency with existing Model Update (to make sure nothing changes in your deployments) and on shortening update times. Model Update “v2” is a Technical Preview in 15.3.0, so it is not enabled by default.
Improved Client / Booster / Server communication
FileWave 11 introduced Booster Routing, a feature that allows off-loading direct traffic to the server by routing messages via Booster. This feature provides additional security if you only allow boosters to connect to your server and have all your devices only reach boosters. With FileWave 15.0, the internal notification system has switched entirely to NATS, replacing ZMQ; NATS, in addition to built-in security features and improved performances, brings much more flexibility and can then be used in more areas. FileWave 15.3 can now use NATS as the communication protocol for all maintenance messages between client and server. Fileset delivery still uses the classic protocol, but messages like Fileset status or check-in now use the lightweight and fast delivery mechanism offered by NATS.
Apple-Specific Changes
Declarative Device Management
FileWave 15.3.0 is the first implementation of Apple’s new device management mechanism, Declarative Device Management (DDM). It will use the new Status Report for applications, providing quick and accurate Fileset Status updates for apps installed via MDM (App Store apps) on compatible iOS, iPadOS, and tvOS devices.
Therefore, FileWave 15.3.0 contains the foundations for support for more DDM features, such as software update management or application installation via DDM, which are being built and will be provided in coming releases.
Chromebook-Specific Changes
We are excited to announce the expansion of Chromebook Management, addressing significant performance improvements and introducing new features to enhance user experience.
Commands
1. REMOTE_POWERWASH Command
-
Description: System administrators can remotely powerwash ChromeOS devices, resetting them to factory settings for efficient troubleshooting and maintaining device security.
-
Execution: Initiates the powerwash process, erasing all user data and configurations.
2. WIPE_USERS Command
-
Description: System administrators can remotely and securely wipe user data from devices, ensuring compliance with data protection regulations and maintaining organizational security.
-
Execution: Initiates the data-wiping process on all user accounts.
3. REBOOT Command
-
Description: Introducing the REBOOT command, enabling system administrators to reboot devices for troubleshooting remotely and applying system updates.
-
Execution: Initiates the remote reboot process on the selected devices.
4. Command History tab
-
Description: Users can now view all information related to sending REMOTE_POWERWASH, WIPE_USERS, and REBOOT Commands in the Command History tab for Chromebook devices.
More details available → Powerwash / Wipe Users on ChromeOS (15.3+) and Reboot for ChromeOS (15.3+)
Bug Fixes and Improvements
1. Reduced Chromebook Sync Time
Issue: Some users reported extended sync times, with an average duration of around 15 minutes for certain customers. Sync was only performed once per day.
Resolution: We have addressed this concern by implementing optimizations that result in a 30% reduction in sync time. Chromebook syncing is now more efficient and streamlined, ensuring a faster and smoother experience.
2. Manual Sync Time Configuration
Issue: Users had limited control over the timing of Chromebook sync, with synchronization occurring only once daily.
Resolution: In response to user feedback, we have introduced a new feature that allows users to set up manual sync times. Sync intervals can be configured between 1 and 24 hours. If no specific time is set, the default sync interval remains at 24 hours. This enhancement provides greater flexibility in managing Chromebook updates according to your organization's needs.
3. Custom Field(s) Annotation Sync
Issue: Changes to annotated fields were causing discrepancies when updating the model.
Resolution:
-
Annotated fields in Edit Custom Fields now update immediately upon clicking Save, independently of the Model Update, ensuring swift and accurate changes.
-
The Chromebook Data tab in Device Details is removed. Users can access Chromebook-related info by double-clicking on the device, eliminating the need for an additional tab.
-
The Device Details View now offers a more informative and user-friendly experience for Annotated fields.
-
Annotated fields are seamlessly displayed and editable in the Edit Custom Fields dialog, like any other custom fields.
-
A convenient button in the Client Info dialog allows users to sync annotated fields (one way: Google to FileWave) individually for specific devices, offering granular control over data synchronization.
These comprehensive resolutions address the reported issues, providing a seamless and efficient experience in managing Chromebooks, with real-time syncing of annotated fields and enhanced control over synchronization intervals.
FileWave Imaging (IVS)
FileWave IVS Appliance is now based on Debian!
FileWave Networking Imaging 15.3.x brings compatibility with FileWave 15.3.x.
- PXE Kernel: 6.6.7
- Buildroot: 2023.11
FileWave Kiosk
App portal for iOS/iPadOS
Evolution of App Portal for iOS/iPadOS: Transition from Technical Preview to Official Release
In our commitment to continuous improvement and user-centric development, we are excited to announce a significant milestone in the journey of App Portal for iOS/iPadOS. Starting from version 15.3.0, App Portal has officially graduated from its technical preview phase, now standing as a fully realized and polished application.
Key Points:
-
From Technical Preview to Real App:
In previous releases, App Portal for iOS/iPadOS was introduced as a technical preview, allowing users to explore its functionalities and provide valuable feedback. With version 15.3.0, we are thrilled to elevate App Portal to the status of a fully-fledged, official application. -
Enhancements and Stability:
The transition signifies not only the culmination of user feedback but also substantial enhancements and optimizations to ensure the stability, reliability, and performance of the App Portal for iOS/iPadOS. -
A Seamless User Experience:
Users can now enjoy a seamless and refined experience with App Portal, harnessing its full potential for efficient and intuitive mobile application management.5.3.0 and beyond.
More details here → Automatic updating of iOS Kiosk (15.3+)
Desktop Kiosk for macOS and Windows
The transition from App Portal version 15.0.0 to version 15.3.0 represents a significant evolution, akin to the transformative experience observed when comparing the Android Play Store and the App Store. This upgrade places a primary emphasis on completely overhauling the user interface (UI) to provide a sleek, contemporary, and exceptionally intuitive platform, aligns with our users' evolving expectations.
While version 15.0.0 laid the groundwork for functionality, version 15.3.0 responds to user feedback and industry trends, recognizing the demand for a more sophisticated and streamlined UI. Here's how the new version draws inspiration from the design excellence of both the Android Play Store and the App Store:
-
Unified Design Paradigm:
The UI design seamlessly unifies elements from both the Android Play Store and the App Store, creating a harmonious blend of familiarity and innovation. -
Intuitive Navigation:
Building on the success of version 15.0.0, version 15.3.0 introduces a reimagined navigation system with intuitive menus, recognizable icons, and seamless flows, akin to the ease of navigation in both app marketplaces. -
Visual Delight:
The new UI isn't just functional; it's a visual delight with engaging animations, subtle transitions, and tastefully curated visuals, providing an immersive experience similar to the Android Play Store and the App Store. -
Enhanced Customization:
Version 15.3.0 brings enhanced customization options, allowing users to personalize their interface similar to the Android Play Store and the App Store, fostering a sense of ownership over their app experience. -
Responsive Design:
Like the responsiveness of the Android Play Store and the App Store across devices, our app now adapts seamlessly to various screen sizes, ensuring a consistent and optimized experience.
Additionally, with version 15.3.0, we've introduced some enhancements. Users will now receive clear indications when installing certain filesets that a reboot is required for optimal performance. This improvement ensures transparency and empowers users with the necessary information for a seamless experience. By incorporating these enhancements, App Portal solidifies its commitment to delivering a cutting-edge, user-friendly experience that aligns with evolving user expectations and industry trends. Version 15.3.0 sets the stage for a future where App Portal evolves dynamically, staying at the forefront of user-centric innovation.
More details here → Setting the Primary Color, Name and Logo in App Portal (15.3+)
Deprecated Features
The following features have been deprecated from FileWave 15.3.0. They are present but will be removed in a future release:
- CentOS: As CentOS 7 being End-Of-Life on June 30, 2024, FileWave is available and supported on Debian. FileWave won't be released on CentOS after CentOS is EOL.
-
Compatibility Mode: Communication between FileWave components is encrypted and relies on TLS certificates for several years now. Back in the day, to facilitate the transition, a Compatibility Mode was introduced, allowing clients running versions older than 13.1 to still be managed by a more recent server despite not supporting proper encryption. It is now time to drop compatibility mode to enforce secured communications. This means the minimum OS versions that can be enrolled are macOS 10.11 and Windows 7 SP1 - but it is obviously not recommended to run outdated, unsecured end-of-life Operating Systems.
- OS Updates on Apple Devices: Managing OS updates on Apple devices has evolved significantly. Initially relying on manual commands and customizable catalogs, the process transitioned to MDM protocols, introducing challenges in reliability and control. Apple's introduction of GDMF and the more recent DDM protocol aims to simplify and enhance the reliability of OS update management. FileWave 15.4.0 will adopt GDMF for update reporting and switch to DDM for macOS updates (Sonoma and later), while continuing to use MDM for older iOS/iPadOS versions. This update signifies FileWave's commitment to improving the management of OS updates, addressing past issues and leveraging Apple's latest technologies for a streamlined process. More...
- Legacy macOS Imaging: Changes made by Apple with APFS, T2 chips and Apple Silicon, Imaging macOS devices has been part of history for a long time. With the deprecation of Compatibility mode, the last reason for keeping macOS imaging options in FileWave are gone.
-
FCM Deprecation Support:
- Legacy Firebase Cloud Messaging (FCM) APIs are being deprecated by Google.
- FileWave will support this deprecation in the official release of 15.4.
- More...
Decommissioned Features
The following features have been removed from FileWave 15.3.0:
- As the new desktop kiosk is based on 64-bit libraries, FileWave 15.3.0 will not be supported on Windows 32-bit platforms. FileWave Agent (fwcld) is still a 32-bit executable, meaning there is no change in how Filesets are deployed, and scripts are executed. Moving to a 64-bit application is expected to happen later this year.
FileWave 15.2.x (November 2023)
FileWave Management Suite
FileWave Central User Interface has been refreshed ; FileWave Central is adopting FileWave Anywhere more modern look and feel. We hope you’ll love as much as we do the new FileWave Central !
Apple-Specific Changes
Support for macOS Sonoma (macOS 14):
Testing macOS 14, we found that some changes are required to properly restart FileWave Desktop agent (fwcld) after upgrade. These changes have been added to version 15.1.
This means that:
* It is recommended to upgrade macOS clients to FileWave 15.1 prior to upgrade to macOS 14 ;
* As the changes are related to permissions and are solved by automatically deploying a TCC profile, it is recommended to MDM-enroll macOS devices. This issue can be worked around by making upgrade fileset a reboot fileset.
FileVault 2 enforcement:
It is now possible to enforce Full Disk Encryption (FileVault 2) at enrollment time to increase security in your organization.
Return to Service (iOS / iPadOS 17): Learn More...
Parameterized WiFi profiles are now support with Return To Service.
Profile is delivered to the device at the time EraseDevice command is issued, and parameterization is done by FileWave server ; this means that parameterization happens at the time the command is sent to the device, and uses current values, including user-based values.
As WiFi profile is required prior to the enrollment, it can't use new enrollment credentials for parameterization.
New profiles or profile modifications:
- Managed Domains: new setting to configure urls to relax cross-site tracking prevention
- Dock: new settings to configure persistent items in the dock, and enforce settings like Auto-Hide or Show-Indicator, as well as new option for “Dock Fixup Override”.
- Security & Privacy : new “App Data” System Policy to pre-approve apps to access other app’s data (TCC)
- VPN Profile :
- Extend DNS options with encryption options
- Support for Transparent Proxy for Cisco AnyConnect, Cisco AnyConnect Legacy, Juniper SSL, F5 SSL, SonicWALL Mobile Connect, Aruba VIA
- new options to exclude Cellular Services or APNS
- Network Relays can now be configured using corresponding profiles
- Extensible Singled Sign On profile extended with Platform SSO options
- Network Profile : New setting to configure TLS Trusted Certificates, settings to specify AD or OD credentials, HESSID
Network Relays:
-
Applications can be configure to automatically use Network Relays as defined in the newly supported Network Relays profile
Shared iPads:
-
Passcode policy and Auto Lock time can now be configured for Shared iPads ; these settings are deployed using Command Policy profile.
VPP API : “v2” is now enabled by default (15.1)
VPP v2 API is not compatible with legacy VPP tokens (created before Apple School or Business Manager but with legacy vpp.itunes.apple.com service). Transferring licenses to Location-based token is highly recommended.
Windows-Specific Changes
MSI properties:
It is now possible to specify MSI properties to be applied during installation and, for installers supporting it, during uninstallation.
Default script:
Default script type is now PowerShell instead of Python (Central).
FileWave Imaging (IVS)
FileWave Networking Imaging 15.1.x brings compatibility with FileWave 15.2.x.
- PXE Kernel: 6.5.5
- Buildroot: 2023.08.01
Kiosk 2.0 for iOS (Technical Preview)
The transition from version 1.0 to version 2.0 of our app signifies a major leap forward in terms of user experience and visual appeal, much like the transformation seen when comparing the Android Play Store and the App Store. In this upgrade, the primary focus has been on completely revamping the user interface (UI) to provide a sleek, modern, and highly intuitive platform that caters to our users' evolving expectations.
Version 1.0 laid the foundation for the app's functionality and introduced users to a diverse array of features and content. However, user feedback and industry trends have illuminated the need for a more sophisticated and streamlined UI that aligns with contemporary design principles and enhances the overall user journey.
With version 2.0, the app undergoes a stunning visual makeover, drawing inspiration from the aesthetic excellence of both the Android Play Store and the App Store:
-
Unified Design Paradigm: Our new UI design unifies elements from both the Android Play Store and the App Store, creating a harmonious blend of familiarity and innovation. This design consistency ensures that users across various platforms feel comfortable while navigating the app.
-
Intuitive Navigation: Building on the success of version 1.0, version 2.0 introduces a reimagined navigation system. Users can effortlessly explore and discover content thanks to intuitive menus, recognizable icons, and seamless navigation flows, akin to the ease of navigation in both app marketplaces.
-
Visual Delight: The new UI is not just about functionality; it's a visual treat. Engaging animations, subtle transitions, and tastefully curated visuals combine to make every interaction with the app a delightful experience, echoing the immersive nature of the Android Play Store and the App Store.
-
Enhanced Customization: Version 2.0 introduces enhanced customization options, allowing users to personalize their interface just as they would within the Android Play Store and the App Store. Users can arrange and prioritize content according to their preferences, granting them a sense of ownership over their app experience.
-
Responsive Design: Much like the Android Play Store and the App Store's responsiveness across devices, our app now adapts seamlessly to various screen sizes and orientations. This ensures a consistent and optimized experience whether users are browsing on smartphones, tablets, or desktops.
By transitioning from version 1.0 to version 2.0 with a UI overhaul reminiscent of the Android Play Store and the App Store, our app solidifies its commitment to delivering an unparalleled user experience. This transformation isn't just about aesthetics; it's a testament to our dedication to meeting the evolving needs of our users in an engaging, intuitive, and visually striking manner. As we bridge the gap between the old and the new, version 2.0 sets the stage for a future where our app continues to evolve in tandem with user expectations and industry trends.
Kiosk 2.0 (Technical Preview) Enterprise app can be downloaded here : https://fwdl.filewave.com/15.2.0/App_Portal_Beta_15.2.0.ipa
Deprecated Features
The following features are deprecated in FileWave 15.2.0 and will be removed in a future version:
- FileWave Server, Boosters and IVS running on CentOS will cease to be published due to the pending EOL of CentOS. Debian replaces it, but we will publish a 15.3.0 for CentOS/Debian/macOS to give time to migrate: FileWave Server on CentOS End of Life
Decommissioned Features
The following features have been removed from FileWave 15.2.1 :
- Android device management prior to Android EMM (using APKs, etc)
- Reason: Android EMM is the replacement for the much older method of managing Android devices
FileWave 15.1.x (September 2023)
FileWave Management Suite
FileWave Central User Interface has been refreshed ; FileWave Central is adopting FileWave Anywhere more modern look and feel. We hope you’ll love as much as we do the new FileWave Central !
Apple-Specific Changes
Support for iOS 17, iPadOS 17, tvOS 17
FileWave 15.1 introduces support for Apple new 2023 Operating Systems for iPhones, iPads and Apple TVs.
Basic Support for macOS Sonoma (macOS 14):
-
macOS Sonoma is now reported
-
MDM enrolled macOS devices now automatically deploy a TCC profile to grant FileWave client permissions to manage the device
Testing macOS 14, we found that some changes are required to properly restart FileWave Desktop agent (fwcld) after upgrade. These changes have been added to version 15.1.
This means that:
* It is recommended to upgrade macOS clients to FileWave 15.1 prior to upgrade to macOS 14 ;
* As the changes are related to permissions and are solved by automatically deploying a TCC profile, it is recommended to MDM-enroll macOS devices. This issue can be worked around by making upgrade fileset a reboot fileset.
Minimum OS version enforcement: Learn More...
Starting from iOS 17, iPadOS 17 and macOS 14, it is now possible to enforce a minimum OS version at enrollment time on supported devices.
Return to Service (iOS / iPadOS 17): Learn More...
Erase Device command (Remote Wipe) is now capable to keep a Wi-Fi profile and use it after device has been wiped to automatically bring the device back on the network.
DEP devices will then automatically start Automated Device Enrollment. Non DEP devices will be provided MDM profile and will then automatically be re-enrolled.
New profiles or profile modifications:
-
LoginWindows (macOS) has now new options for auto login
-
Passcode (macOS) has now a Regex based validation option
-
System Settings is now part of Restriction (macOS) profile
-
DNS Settings (iOS, macOS) can now define a client certificate
-
TLS 1.3 can now be defined as minimum or maximum version in Network profile
-
Login Items profile (macOS) can now specify Team Identifier for each allowed item
-
tvOS now supports VPN profile
-
SetupAssistant profile (iOS) can skip "Intended User" Pane
Inventory:
-
Inventory Fields description related to Apple MDM has been updated following Apple documentation update
DEP changes:
-
"Intended User" Pane can be skipped during enrollment
VPP API : “v2” is now enabled by default
FileWave Imaging (IVS)
FileWave Networking Imaging 15.1.x brings compatibility with FileWave 15.1.x.
- PXE Kernel: 6.4.7
- Buildroot: 2023.05.01
Kiosk 2.0 for iOS (Technical Preview)
The transition from version 1.0 to version 2.0 of our app signifies a major leap forward in terms of user experience and visual appeal, much like the transformation seen when comparing the Android Play Store and the App Store. In this upgrade, the primary focus has been on completely revamping the user interface (UI) to provide a sleek, modern, and highly intuitive platform that caters to our users' evolving expectations.
Version 1.0 laid the foundation for the app's functionality and introduced users to a diverse array of features and content. However, user feedback and industry trends have illuminated the need for a more sophisticated and streamlined UI that aligns with contemporary design principles and enhances the overall user journey.
With version 2.0, the app undergoes a stunning visual makeover, drawing inspiration from the aesthetic excellence of both the Android Play Store and the App Store:
-
Unified Design Paradigm: Our new UI design unifies elements from both the Android Play Store and the App Store, creating a harmonious blend of familiarity and innovation. This design consistency ensures that users across various platforms feel comfortable while navigating the app.
-
Intuitive Navigation: Building on the success of version 1.0, version 2.0 introduces a reimagined navigation system. Users can effortlessly explore and discover content thanks to intuitive menus, recognizable icons, and seamless navigation flows, akin to the ease of navigation in both app marketplaces.
-
Visual Delight: The new UI is not just about functionality; it's a visual treat. Engaging animations, subtle transitions, and tastefully curated visuals combine to make every interaction with the app a delightful experience, echoing the immersive nature of the Android Play Store and the App Store.
-
Enhanced Customization: Version 2.0 introduces enhanced customization options, allowing users to personalize their interface just as they would within the Android Play Store and the App Store. Users can arrange and prioritize content according to their preferences, granting them a sense of ownership over their app experience.
-
Responsive Design: Much like the Android Play Store and the App Store's responsiveness across devices, our app now adapts seamlessly to various screen sizes and orientations. This ensures a consistent and optimized experience whether users are browsing on smartphones, tablets, or desktops.
By transitioning from version 1.0 to version 2.0 with a UI overhaul reminiscent of the Android Play Store and the App Store, our app solidifies its commitment to delivering an unparalleled user experience. This transformation isn't just about aesthetics; it's a testament to our dedication to meeting the evolving needs of our users in an engaging, intuitive, and visually striking manner. As we bridge the gap between the old and the new, version 2.0 sets the stage for a future where our app continues to evolve in tandem with user expectations and industry trends.
Kiosk 2.0 (Technical Preview) Enterprise app can be downloaded here : https://fwdl.filewave.com/15.1.0/App_Portal_Beta_15.1.0.ipa
More: Kiosk 2.0 for iOS (Technical Preview)
Deprecated Features
The following features were deprecated in FileWave 15.0.1 and will be removed in a future version:
- Android device management prior to Android EMM (using APKs, etc)
- Reason: Android EMM is the replacement for the much older method of managing Android devices
Deprecated features are still functional in a current release, but will no longer be updated and in future will be removed.
FileWave 15.0.x (June 2023)
FileWave Central & FileWave Anywhere
FileWave Anywhere is now considered fully implemented!
- For the power-admin, FileWave Anywhere is a great companion tool to use while you are on-the-go, but FileWave Central will still likely be your primary tool
- For the field-engineer who primarily:
- works with individual devices
- is super-mobile
- manages groups and assigns content
- FileWave Anywhere will likely become your everyday tool of choice!
Deployments in FileWave Central!
-
We are thrilled to announce that Deployments can now be fully managed from both FileWave Central and FileWave Anywhere.
- This change means that FileWave Central and Anywhere are now fully compatible using Deployments
- Deployments are the next-generation of Associations, and will eventually become the only supported method for assigning content
- Best practice would be to start use them going forward so you'll have less to convert in later
- And if you are not aware, there is an Associations → Deployments conversion tool in FIleWave Anywhere
Exclusions (revised):
- The meaning and the impact of exclusions in deployments have been revisited to be clearer and more predictable.
- In general terms, exclusions have been updated so that they more properly exclude devices from the singular deployment only, and not content from the device more globally (as could sometimes be the case before)
- Effectively with this change, devices are just "ignored" now in a deployment when they are set to be excluded
- Warning! Game-changing, awesome enhancement follows!
- When an inventory query returns device information, it is now possible to directly perform actions on devices in the report, without the extra "Reveal Client" step!
Default tracking state:
- There is a new option in Preferences to define what is the default tracking state for devices
- This change allows you to set the device to "Tracked" for instance before it even enrolls. Then, when enrolled it will automatically be set.
Duplicate profile filesets:
- Warning! Game-changing, awesome enhancement follows!
-
Profile filesets (Apple, Google, Windows and FileWave Policy) can new be duplicated both from FileWave Central and FileWave Anywhere admin consoles
Notes:
- New UUIDs are re-generated for Apple Profiles to ensure unicity of duplicated profiles
- As changing UUIDs would break profile signature, signed profiles can't be duplicated
Windows Imaging associations can be managed in FileWave Anywhere
- Windows images (once created) can now be assigned to devices from FileWave Anywhere
Updated Dashboard Content (FileWave Anywhere)
- A new dashboard for NATS has been added to the FileWave dashboard in FileWave Anywhere
- The NATS notification system, introduced with FileWave 14.8.0, is a critical system component: notifications are used to synchronize all admin consoles, and by all other components to quickly interact.
- Monitoring how the NATS sub-system is utilized/working is useful for maintaining your overall FileWave installation health
Updated Translations (FileWave Central & FileWave Anywhere)
- Each new release of FileWave automatically includes updated translations
- Version 15 additionally has had some housekeeping done for German translations based on feedback from customers
Apple-Specific Changes
FileWave 15 brings official support for the Apple 2023 Spring release, and more
- More detail for VPP License Usage (FileWave Central):
- Profile changes:
- Content Caching Payload has a new ListenWIthPeersAndParents setting
- Proxy Payload has new FallBackAllowed and ProxyCaptiveLoginAllowed settings
- eMail Payload has a new allowMailDrop setting
- Security And Privacy Payload Firewall setting is not limited to currently installed apps and now allows to enter any bundle id
- Web Content Filter payload has new filtering options
- Shared iPad
- There is a new setting (added to Command Policy Profile) to skip language and locale setup for new users
- DEP
- There is a new option to skip "Safety" setting panel ; the option is also available in Setup Assistant payload for upgrade setup
- Device information
- Devices are now reporting the following data:
- EACSPreflight (macOS)
- HasBattery (macOS)
- ModelNumber (iOS/iPadOS)
- RecommendationsCadence for SoftwareUpdate (iOS/iPadOS)
- SupplementalBuildVersion and SupplementalOSVersionExtra
- SkipLanguageAndLocaleSetupForNewUsers (Shared iPads)
- Devices are now reporting the following data:
- Tap to Pay Screen Lock
- There is a new setting to enable Tap To Pay Screen Lock for a specific iOS application
FileWave Imaging (IVS)
- FileWave Networking Imaging 14.10.x brings compatibility with FileWave 15.0.x.
- PXE Kernel: 6.2.6
- Buildroot: 2023.02
- FileWave Windows Imaging is now supported in FileWave Anywhere, as mentioned above
Decommissioned Features
The following features have been removed from FileWave 15.0.1:
- Device Discovery (Network Scanning) function of FileWave Boosters
- Reason: This tool was never effective in production environments, has hardly ever been used, and is easily replaced by any off-the-shelf network scanning tool
- ZMQ based features for clients running 14.7 or older
- Reason: ZMQ has been replaced by NATs, so older client devices must be updated to use the new notification framework
Some features relying on notifications require the same notification library. This means that the following features will stop working for devices running FileWave 14.7 or earlier versions:
Clients:
- CRL update handling
- TeamViewer sessions
- Reboot command (Windows devices)
- Personal Recovery Key updates (macOS)
- Verify Command from FileWave Anywhere
- Client Monitor from FileWave Anywhere
Boosters:
- CRL update handling
- Handle server certificate renewal
- Automatic Upgrade from FileWave Central
- Discovery Scan from FileWave Central (Discovery is anyway decommissioned)
Other device management and inventory report features are not impacted by ZMQ removal.
Deprecated Features
The following features are deprecated in FileWave 15.0.1 and will be removed in a future version:
- Android device management prior to Android EMM (using APKs, etc)
- Reason: Android EMM is the replacement for the much older method of managing Android devices
Deprecated features are still functional in a current release, but will no longer be updated and in future will be removed.
FileWave 14.10.x (March 2023)
FileWave 14.10.x (March 2023) Release Notes
14.10.2 is a security and bug fix release:
- Apache upgraded to 2.4.56
- Fixed Issues related to Model Update
- Fixed issues related to Wallpaper Overlay
FileWave Suite
- Deployments in FileWave Central:
-
Deployments are now visible in Native Admin Console. Deployments are mostly read-only in this release: it is possible to delete deployments, but not to edit existing ones or create new deployments.
-
- Force reboot:
- Help Menus:
- In Anywhere and Central, the Help menus now include links to the KB, Foundry, Discord, and Alliance Forums.
- Quality/Stability:
- A great deal of extra effort was placed this go-round on correcting some long standing bugs and defects that we hadn't been able to get to prior.
Apple
- Customized Wallpaper:
- It is now possible to add a text overlay on top of iOS / iPadOS wallpaper; the text can be parameterized with any inventory variable. ( Customizing iOS Device Wallpaper with Dynamic Text )
- Force reboot as mentioned in the FileWave Management Suite section.
- Login and Background Items settings has been added to Login Items Profile.
Windows
- Force reboot as mentioned in the FileWave Management Suite section.
Network Imaging / IVS
- FileWave Networking Imaging 14.10.x brings compatibility with FileWave 14.10.x.
- PXE Kernel: 5.19.9
- Grub: 2.06
Deprecated Features
The following features are deprecated in FileWave 14.10.2 and will be removed in a future version:
- Device Discovery (Network Scanning) function of FileWave Boosters
- Reason: This tool was never effective in production environments, has hardly ever been used, and is easily replaced by any off-the-shelf network scanning tool
- ZMQ based features for clients running 14.7 or older
- Reason: ZMQ has been replaced by NATS, so older client devices must be updated to use the new notification framework
- Android device management prior to Android EMM (using APKs, etc)
- Reason: Android EMM is the replacement for the much older method of managing Android devices
FileWave 14.9.x (November 2022)
FileWave 14.9.x (November 2022) Release Notes
New Features
14.9.3 is a security and bug fix release:
- OpenSSL upgraded to 3.0.8
- Apache upgraded to 2.4.56
- NATS Server upgraded to 2.9.14
- Fixed memory leaks impacting Windows Client
FileWave Management Suite
- IDP Group Name/Display improvements in Native and Webadmin consoles
- This may seem a rather small change, but if you were the one building reports or smart groups before using IDP groups, you'll be very happy to no longer see group IDs:
- Associations → Deployments Conversion Tool (Webadmin)
- Most likely, you'll want to wait to actually convert Associations until after we have included deployments in the native admin tool, but this tool is so well done, we wanted you to be able to take a test run now: Read more
- Upgrade of Grafana and Prometheus (which supports Grafana) to the most recent versions
- This change provides both security and behavioral/UI changes for the web dashboard (which is a great tool if you haven't tried it):
- German has now been added to our product translations
- Quality/Stability:
- A great deal of extra effort was placed this go-round on correcting some long standing bugs and defects that we hadn't been able to get to prior. More then 150 issues were corrected in version 14.9!
Apple
macOS 13 Ventura / iOS 16.1
- Added support for macOS 13 Ventura
- Now identified in Inventory reports/groups
- And identified in Fileset requirements
- Added to "Incompatible with SIP" fileset lookup
- Also, of course, added support for iOS/iPadOS 16.1
Profile Changes
Cellular Profile
- There is a new option to configure IPv4/IPv6 translation (464XLAT):
Restriction Profile
- New option to disable Universal Control (macOS 13)
- New option to prohibit the user from installing configuration profiles and certificates interactively (Now on macOS 13+)
- New options to prohibit the user from installing or removing Rapid Security Response (iOS 16, iPadOS 16 and macOS 13+)
Setup Assistant
- New option to hide Terms Of Address (French, Italian, Portuguese)
Finder
New options:
- Disables the Power Off menu item when the user is logged in
- Disables the Log Out menu item when the user is logged in
- Disables the Automatic Login option when using FileVault
Security and Privacy
- New option to allow FireWall settings change
Single Sign-On Extensions
- Platform SSO Authentication method can be configured if the extension supports it (Password or Secure Enclave)
- Registration Token for Platform SSO registration
- List of applications which can't use the extension for SSO
- Screen Lock behavior
Transparency, Consent and Control
- New service to grant an application permission to update or delete another application
- New option to skip Terms Of Address (French, Italian, Portuguese) during setup
- New Setting to define a list of (up to ) 3 domains which will be proposed to the end user to simplify Shared iPad login.
- New Setting to define a grace period, in days, for Shared iPad online authentication. The Shared iPad only verifies the user’s passcode locally during login for users that already exist on the device. However, the system requires an online authentication (against Apple’s identity server) after the number of days specified by this setting.
Both settings are made available via Command Policy Profile and current settings are reported in Inventory.
It is now possible to configure various accessibility settings, making it easier for IT department to prepare devices for users requiring some accessibility configurations like increased text size or increased contrast:
The following data is now reported and stored in inventory:
- Accessibility Settings (iOS)
- Managed Apple ID default domains (Shared iPads)
- Online Authentication grace period (Shared iPads)
- Installed Applications report if the application is an AppClip, if the application is being installed (iOS)
- Service subscription now replaces Carrier information and can report multiple subscriptions (iOS)
Per App Web Content Filter and DNS Proxy
Apple lets IT configure global Web Content Filter and DNS proxy via profiles ; starting with iOS 16, it is now possible, likewise with VPN, to configure those settings for a specific application, giving IT more granular control.
If you create a Web Content Filter or a DNS Proxy profile, you can now configure iOS applications to use them in Properties:
- Completion of Windows MDM Device Wipe Command
- MDM Sync is now forced after delivery of MDM based commands (like wipe above)
- Windows Defender CSP Added (Policy)
- The Windows Defender Policy allows you to define alternate sources and their priorities for Windows Defender signature downloads:
- User-Based CSPs are now applied to all AzureAD users, not simply the current user
- Implementation of Global Proxy Policy for Android devices
- This addition allows devices in the environment to have a global proxy defined:
- Migrated Chromebook Inventory Extension to manifest v3 (a maintenance update only...the plug-in will be updated through the Play Store automatically once approved/posted)
Imaging (IVS)
- FileWave Networking Imaging 14.9.x brings compatibility with FileWave 14.9.x.
- PXE Kernel: 5.19.9
- Grub: 2.06
Deprecated Features
The following features are deprecated in FileWave 14.9.3 and will be removed in a future version:
- Device Discovery (Network Scanning) function of FileWave Boosters
- Reason: This tool was never effective in production environments, has hardly ever been used, and is easily replaced by any off-the-shelf network scanning tool
- ZMQ based features for clients running 14.7 or older
- Reason: ZMQ has been replaced by NATS, so older client devices must be updated to use the new notification framework
- Android device management prior to Android EMM (using APKs, etc)
- Reason: Android EMM is the replacement for the much older method of managing Android devices
Deprecated features are still functional in a current release, but will no longer be updated and in future will be removed.
FileWave 14.8.x (July 2022)
FileWave 14.8.x (July 2022) Release Notes
FileWave Management Suite
User preferences in main views will be stored on the user account (Web Console):
- Pinned columns
- Width of the columns
- Visibility of the columns
- Order of the columns
User preferences in main views will be stored in the active session (Web Console):
- Filters
- Quick filters
- Search
- Applied sorting on a column
Profiles section error handling improvements (Web Console):
- Error handling in the profiles is more user friendly and the mandatory fields are better highlighted
Apple
Apple Silicon Support
Client and Booster components are now fully Universal - run natively on mac with Intel or Apple Silicon chips.
The server component is mostly Universal (Dashboard using Grafana still requires Rosetta)
Apple Spring 2022 Release support
- Profile changes:
- New macOS restriction to disable AirPlay Receiver
- New macOS firewall options (finer settings to allow application connectivity and logging options)
- New tvOS restriction to disable automatic screen saver
VPP changes
- When adding a VPP token, FileWave will now check if already imported tokens are not from the same location to prevent adding the same location twice.
- When renewing a VPP token, FileWave will now check that the new token has been generated from the same location as the one it replaces.
Windows
Wipe
- Windows devices can be wiped from the Web Console
Software update view improvements
- Apple and Microsoft patches have separate sections now
- The list can be sorted by the assigned subtype (e.g. successful, remaining, warning, error)
- Visual improvements in the software update section
Software updates MDM profile
- Different software updates settings can be applied to the Windows devices via MDM
- Deadlines, grace period, automatic update behavior, restart check, option to pause updates, option to check for updates
Automatic MDM certificate renewal
- Windows devices will get the MDM certificate automatically renewed before they expire
Imaging (IVS)
- FileWave Networking Imaging 14.8.x brings compatibility with FileWave 14.8.x.
- PXE Kernel: 5.17.1
- Grub: 2.06
Deprecated Features
The following features are deprecated in FileWave 14.8.0 and will be removed in a future version:
- Apple profile management is deprecated in the Native Admin Console.
- DEP profile addition and creation are deprecated in the Native Admin Console.
Decommissioned Features
The following features have been removed from FileWave 14.8.0:
- Clever is not available as an SIS source anymore.
- Engage is not supported anymore.
- Observe Client functionality has been replaced by the TeamViewer integration
FileWave 14.7.x (February 2022)
FileWave 14.7.x (February 2022) Release Notes
Software Update improvements
- Client Info reports (extended) Software Update information in a new tab (native admin)
- Windows Software update improvements:
- Devices now report "online" updates
- More information (category, support URL, KB article number...) is reported
- Devices now report on already installed updates, even if they haven't been installed via FileWave
- Provides independent confirmation outside of the fileset/payload mechanism
- Read more about Windows Software Update improvements here
- FileWave is now reading information from Apple Software Lookup Service (GDMF).
- Read more here
Web Console
- Improvements for Deployments: added the possibility to "add to deployment" from the device/device details views
- Allows for adding a group to an already existing deployment for instance
- FileWave policies can now be managed in the Web Console
- Packages (MSI, PKG) files can be dragged from explorer/finder and dropped onto the Payload list
Internals
- Improved internal code related to object identifiers to avoid possible identifiers exhaustion for large installations
Remote Control
- Unattended access is now possible for macOS and Windows devices with the use of the TeamViewer integration
- You can read more about your TeamViewer options here
FileWave 14.6.x (October 2021)
FileWave 14.6.x (October 2021) Release Notes
Apple Fall Release
Support for macOS 12 Monterey, iOS, iPadOS and tvOS 15:
- Support for macOS 12
- Additional Inventory data reported by MDM DeviceInformation Command (IsAppleSilicon, DeviceId for Software Update)
-
App portal (for Kiosk) native application has been updated for iOS 15:
- Minimum iOS supported version is now iOS 12.5
- Retrieving geo-location is now processed in the background. On iOS 13 and later, the native portal uses the native background task to retrieve more frequently the position even if the application is not in foreground.
- Preparation for Remote Session using Team Viewer.
DEP changes:
- new Skip Key "Unlock your Mac with Apple Watch"
Profile changes:
- Skip Unlock with Apple Watch and Skip Accessibility in macOS Login Window profile (Setup Assistant)
- System Extensions have additional "Removable" option
- New Restrictions:
- On device only translation
- Requires Managed Pasteboard
- Allow iCloud Private Relay
- Touch ID timeout before asking password
- DNS Proxy profile is available on macOS 10.15+
- TVRemote profile has new "Device Name" Field
- A new command policy option has been added to configure Software Update Policy (Update for current Major version, previous Major version, both)
VPP new API support (Technical preview)
Apple introduced a new version of the VPP API ; FileWave 14.6.1 allows to use the new API as a technical preview (read more):
- In 14.6.1, this will be an in-place replacement, no feature change
- Future versions will benefit from the new API's additional features (better bulk license management, notifications based communication with Apple service)
MDM Software Update Improvements (read more):
- MDM Command OSUpdateStatus is now used to report download progress
- Both macOS and iOS updates are now deployed in two steps (one command to have the device downloading the update, one command to have the device installing the update) as this process is more reliable than requesting the device to handle the whole process automatically
Web Admin Updates
There are three main changes to the Web Admin Console in this release:
- The web admin now has a great looking script editor
- And in-progress deployment definitions are now saved when you navigate away from them
- Lastly, VPP application updates can now be controlled much more easily
Native FileWave Admin Changes
Verify for Desktop devices can now be triggered from the native admin without direct network connection (within the Client Info window).
TeamViewer Integration (Technical Preview)
Version 14.6 introduces TeamViewer as the eventual replacement for Observe Client. You can read much more about that integration here.
Imaging Mac Address
A new inventory field has been added to assist with Windows Imaging for devices with pass-through MAC addresses. You can read about this change further here.
IDP Changes
Version 14.6 introduces the much-demanded Google as an IDP source. Specific instructions for setting up that integration can be found here. Additionally, you can now also setup easy smart groups using IDP group membership. That topic is covered in this kb article.
FileWave 14.5.x (July 2021)
FileWave 14.5.x (July 2021) Release Notes
New Features
FileWave 14.5.4 primarily updates Apache to Version 2.4.51 to fix a critical CVE and addresses several small FileWave-related bugs.
See below for new features introduced with FileWave 14.5:
FileWave Management Suite:
- Device enrollment conflict improvements (read more):
- It is now possible to solve multiple conflicts at once
- There is a new setting to automatically solve conflicts with a predefined option (ignore new device, remove previous client before enrolling new, replace old client with new client).
- Placeholder replacement is more robust
- Windows client fingerprint is persistent during imaging process ; this avoids conflict in case the hardware setup (on which fingerprint is based) has changed.
- Fileset (Payload) Status in Inventory (read more)
Apple:
- Profile changes:
- New restrictions:
- macOS now allows you to define different DeferUpdate delays for major, minor and non-OS software updates
- New restrictions:
- Device Information reports additional information:
- LocalHostName, Hostname (macOS)
- New options for share iPads:
-
Shared iPads can now be configured as "Guest mode" only
-
It is possible to define logout timeouts for normal or guest mode users
-
Web Admin:
- Software Update enhancements (read more):
- Deploy to groups
- Install in specific time windows
- NAT Support for Client Monitor & Verify (read more)
- Perform Actions on Multiple Devices (read more)
- MSI & PKG Payload Creation (read more)
Windows MDM (read more):
- Support for manual and AutoPilot MDM enrollment
- Guidance on importing devices into AutoPilot
- Creation/deployment of Windows MDM Policies (Profiles)
FileWave 14.4.x (June 2021)
FileWave 14.4.x (June 2021) Release Notes
New Features
FileWave Management Suite:
- Booster upgrade mechanism (see related KB Articles: Booster Auto-Upgrade):
- Starting from FileWave 14.4.0, it will be possible to upgrade boosters directly from admin console. Boosters will report if an update is available and upgrading it will be a one-click action.
- When several boosters are defined to be upgraded, they will be upgraded one after the other to avoid situation where all boosters are down at the same time.
- As Windows device names have limitations, a device used in imaging can't be renamed if the new name does not respect those limitations, and devices not respecting those limitations need to be renamed before being used in imaging
Apple:
- Per-Account-VPN support: it is now possible to associate a Per-App-VPN payload (from same or different fileset) to an "account" payload (Mail, Exchange, CalDav....), which enables corresponding VPN when device contacts corresponding account.
- Profile changes:
- New "Certificate Revocation" Profile
- New restrictions:
- AllowNFC (iOS)
- AllowAutoUnlock (iOS)
- allowGameCenterFriendsSharingModification (iOS, macOS)
- allowUnpairedExternalBootToRecovery (iOS)
- allowWallpaperModification (macOS)
- forceOnDeviceOnlyDictation (iOS)
- New setting "EnforceRoutes" and "ApplicationExceptions" for VPN (and Per-App-VPN) profile
- Web Content Filter is now available on macOS
- Single App Mode payload is not restricted to tvOS system applications anymore
- Device Information reports additional information:
- SupportsiOSAppInstalls (macOS)
- Security Info fields (macOS)
- Restart MDM macOS has a new setting to notify user instead of rebooting immediately
- DEP: " Auto Advance", and regional options are now available for macOS
- macOS MDM state is now reported into inventory, allowing to detect properly MDM enrollment issues
- Associated domain management:
- Associated Domain profile has new "Enable Direct Downloads" option
- App Store and Enterprise applications have new options for Associated Domains
FileWave 14.2.x (April 2021)
FileWave 14.2.x (April 2021) Release Notes
New Features
Apple:
- App store applications can now by managed by MDM enrolled mac running Big Sur:
- VPP Applications are really managed and not simply installed
- VPP Applications can be removed from managed device when fileset is not associated anymore
- VPP Applications can be automatically removed by macOS 11 when MDM enrollment is removed
- Client info reports Managed Application List and MDM installed application list for MDM enrolled macOS 11
- FileWave server and booster can be installed on Apple Silicon mac devices
- New OS numbering for macOS (Big Sur is macOS 11.x)
macOS 11 "Big Sur" changes:
One of the changes announced by Apple during WWDC 2020 is that macOS 11 will drop support for command line installation of profiles and Software Update.
FileWave 14.0.2 contains important change to profile installation for non-MDM enrolled macOS (or profiles installed before MDM enrollment).
Software Update Management
Command line management of software update is deprecated and limited on macOS Big Sur ; therefore, Software Update on macOS Big Sur is now managed via MDM. Unfortunately, the MDM protocol is more restrictive than what could be doable with the command line ; macOS 11 SoftwareUpdate management will behave roughly the same as what is available on iOS/tvOS/iPadOS:
- Updates are displayed in Software Update assistant when devices report it is available
- Software Update filesets are simple placeholders containing metadata about the update ; updates are not downloaded and prepared server side anymore and will be downloaded by each device from Apple CDNs. Using a Caching Server is highly recommended.
- MDM protocol currently provides less control over Update installation. FileWave will be able to trigger a Download and Install request on the device, but these actions will be entirely processed by macOS, which can decide to postpone the installation without more information. System logs (install.log mainly) can give more details.
Apple Silicon Support
- FileWave components are supported as x86 application and run through Rosetta2 translator.
- Device running on Apple Silicon reports properly the platform, filesets can have Intel or Apple Silicon only requirements
- PowerPC and mac OS X 10.7 and below support has been removed from FileWave admin. Legacy clients running older versions of FileWave should still work properly, but editing or creating PowerPC filesets is not working anymore.
Windows:
- Windows devices are now excluded from "Device with same serial number" conflict detection
Google:
- New admin permissions for:
- Chromebook de-provisioning
- EMM configuration access in preferences
Identity Provider Integration: (Read related KB Articles here: FileWave IDP Integration
- New support for IDP providers (AzureAD/Okta) for:
- Apple Device Enrollment
- FileWave Admin Authentication (which in turn can then support multi-factor authentication)
Important third party upgrade:
- Qt 5.15.2
- Various Python libraries
- OpenSSL 1.1.1k
FileWave 14.1.x (Dec 2020)
FileWave 14.1.x (Dec 2020) Release Notes
New Features
Support following iOS 14, iPadOS 14, tvOS 14 and macOS 11 features:
- Support for iOS 14, iPadOS 14 and macOS 11 "Big Sur"
- Support for Apple Silicon mac:
- New fileset requirements
- Architecture is reported in inventory
- Restart Device option has new options related to Kernel Extension management
- New / modified profiles:
- New payload to configure DNS
- Override Previous Password option
- macOS restriction, allows apps to get File provider Info
- Disable Association MAC randomization (added in 14.0.2)
- Define preview type
- Media Rating settings have been updated by Apple (Warning, some settings have been modified by Apple like UK "Cautious")
- Allow App Clips
- Force Delayed App Software Update
- Allow Apple Personalized Advertizing
- Added options to allow non-admin user to allow screen recording
- Now supports 4096 key size
- IKEv2 : MTU can be defined
- Setting to disable On Demand Override option for end user
- Certificate type can now be Ed25519
- Enable Fallback option
- Defines if a full screen web clip can navigate to an external web site without showing Safari UI
- Application bundle identifier opening the URL
- DNS Settings:
- Exchange:
- File Provider:
- Network
- Notifications
- Restrictions
- Setup Assistant (which allows skipping panes like DEP, but post enrollment, for upgrades)
- Security and Privacy
- System Extensions
- SCEP:
- VPN:
- Webclip:
- TimeZone can be defined via Command Policy Profile (reference Setting Timezones on Devices)
- on iOS and iPadOS 14, Managed VPP Applications can now be marked as unremovable (reference Unremovable VPP Applications (FileWave 14.1+))
- New DEP skip setup panes:
- Accessibility (macOS) ;
- Update and restore completed (iOS)
- Software Update are now managed using Apple MDM on macOS Big Sur
- New Device information report:
- EstimatedResidentUser (Shared iPad)
- TimeZone
- EID
Support for Geo-Fencing:
- Geo-Fencing has been added for Android Devices (reference Geofencing)
macOS 11 "Big Sur" changes:
One of the changes announced by Apple during WWDC 2020 is that macOS 11 will drop support for command line installation of profiles and Software Update.
FileWave 14.0.2 contains important change to profile installation for non-MDM enrolled macOS (or profiles installed before MDM enrollment).
Software Update Management (reference Software Updates in the age of macOS MDM (Big Sur +))
Command line management of software update is deprecated and limited on macOS Big Sur ; therefore, Software Update on macOS Big Sur is now managed via MDM. Unfortunately, the MDM protocol is more restrictive than what could be doable with the command line ; macOS 11 SoftwareUpdate management will behave roughly the same as what is available on iOS/tvOS/iPadOS:
- Updates are displayed in Software Update assistant when devices report it is available
- Software Update filesets are simple placeholders containing metadata about the update ; updates are not downloaded and prepared server side anymore and will be downloaded by each device from Apple CDNs. Using a Caching Server is highly recommended.
- MDM protocol currently provides less control over Update installation. FileWave will be able to trigger a Download and Install request on the device, but these actions will be entirely processed by macOS, which can decide to postpone the installation without more information. System logs (install.log mainly) can give more details.
Apple Silicon Support
- FileWave client is supported as x86 application and runs through Rosetta2 translator.
Rosetta2 is required and is currently not pre-installed on macOS. We recommend you to use our Custom Package service to deploy FileWave client ; the custom package will ensure Rosetta2 is properly installed.
- Device running on Apple Silicon reports properly the platform, filesets can have Intel or Apple Silicon only requirements
- PowerPC and mac OS X 10.7 and below support has been removed from FileWave admin. Legacy clients running older versions of FileWave should still work properly, but editing or creating PowerPC filesets is not working anymore.
Internals:
Important third party upgrade:
- Apache 2.4.46
- OpenSSL 1.1.1h
- Qt 5.15.1
FileWave 14.0.x (Sept 2020)
FileWave 14.0.x (Sept 2020) Release Notes
New Features
New Web admin (Beta !)
Apple devices management:
- Enhanced support for Shared iPads (iPadOS 13.4)
- User Enrollment support for iOS / iPadOS devices:
- New enrollment url to "User enroll" devices in a Bring Your Own Device scenario - see https://www.apple.com/business/it/
- Automatically create and associate VPP users to User Enrolled devices to ease VPP apps and books deployment
- Enrollment type is now shown in Client info
- 32b only applications are reported and not installed on incompatible iOS / iPadOS devices
- macOS: use of InstallEnterpriseApplication command to install FileWave agent on compatible devices
- Simplify VPP license management:
- New Licensing option "Device when possible, user if not"
- License reservation is not mandatory anymore - fileset can consume license from VPP token without reservation
- Support for universal apps
- Basic support for macOS "Big Sur"
- Devices running macOS 11 properly report macOS version
- Fixed an issue where updating profiles on non-MDM macOS 11 devices would remove the profile (see below)
- iOS 14 / macOS 11: "Disable MAC address randomization" option in Network profile
macOS 11 "Big Sur" changes:
One of the changes announced by Apple during WWDC 2020 is that macOS 11 will drop support for command line installation of profiles and Software Update.
FileWave 14.0.2 contains important change to profile installation for non-MDM enrolled macOS (or profiles installed before MDM enrollment).
Desktop devices management:
- New Fileset revision system:
- Allows regrouping different versions of the same application inside the same fileset
- More control over staging and application upgrade
- Association conflict resolution is now more consistent:
- The "Winning" association now follows clear and consistent rules for the distance (no difference between normal clones and smart group clones for instance)
- All association attributes (kiosk, licensing, schedule) are now from the winning association
- Smart groups can be used in Imaging Views to create Imaging Associations
- Verify can now be triggered via command line on device
Native console:
- Enhanced booster monitor to only accept valid settings
- "Move to..." option for fileset
- It is now possible to filter inventory query results
- It is now possible to create a smart group from an inventory query
- it is now possible to duplicate a smart group
- Added more information to Inventory-based Smart Groups to clarify membership
Installers:
- A backup of FileWave database and important settings will be taken before upgrade
Internals:
- Important third party upgrade:
- OpenSSL 1.1.1g
- Apache 2.4.43
- Postgres Log rotation now uses integrated postgres log rotation mechanism
FileWave 13.3.x (April 2020)
FileWave 13.3.x (April 2020) Release Notes
New Features
Apple 2020 Spring Release Support:
Changes in Restriction Profile
-
- Allow accessing web sites using TLS 1.0 and 1.1 (iOS, macOS)
- Allow Guest Mode for shared iPad
- Allow access to Apple ID and Family Sharing Preference Pane (macOS)
Changes in Login Window Profile
-
- Screen Time option is available in Setup Assistant
Changes in Notification Profile
-
- Notification settings are now available for macOS
Changes in VPN Profile
-
- UI clarification
- New Provider Bundle Identifier and Provider type setting
macOS Content Caching changes
-
- Additional Content Caching setting in profile
- Content Caching information is reported in inventory and in client info
Miscellaneous
- Support for shared iPad guest mode and shared iPad in Apple Business Manager
- Generated Self-signed certificates (MDM, Classroom) are not valid more than 398 days (see https://support.apple.com/en-gb/HT211025)
Google Related Updates:
EMM
-
- Embed Wifi added to EMM Enrollment QR Code
- BYOD for EMM
- Location Tracking
Chromebooks
-
- Added ability to edit Chromebook Data
-
Moving devices in Admin now moves the devices in G Suite Domain structure
-
Delete/Create OU in G Suite Domain structure through FileWave Admin
-
The FileWave extension now gathers these fields in a more reliable way
- Local Device Name
- Device Serial Number
- Current Logged in user
- Current IP
- Current Asset ID
- Certificates
Device Management:
Inventory Fields in Clients View (Native Admin)
-
- Customize your Admin clients view with inventory fields - including custom fields
Dedicated Booster Communication
-
- Boosters can now use a dedicated communication channel for Booster-Booster or Booster-Server communication to avoid congestion. To enable this feature, you may have to open additional TCP port on your server and your boosters. See TCP Port KB.
Device Identification
-
- Algorithm used to identify device re-enrollment has been improved to detect different re-enrollment scenarios to prevent duplicated clients.
- Windows agent fingerprint is now stored on disk to avoid permission issue accessing registry, which could lead to unstable fingerprint, making client identification unreliable.
FileWave 13.2.x (Jan 2020)
FileWave 13.2.x (Jan 2020) Release Notes
New Features (13.2.0, 13.2.1, 13.2.2)
Apple 2019 Fall Release Support:
Apple New OS Support
Profile Changes
DEP Changes
Bootstrap Token Management
Google Related Updates:
Android EMM and ChromeBook Feature Improvements
Device Management
Client Renaming Changes
Uninstall Script Change
Inventory
Inventory Field Changes/Additions
FileWave 13.1.x (May 2019)
FileWave 13.1.x (May 2019) Release Notes
New Features (13.1.5)
- Compatibility support for macOS Catalina
macOS Catalina brings new restrictions and security changes; one of these changes is the new Read-Only System Volume, introduced to protect the system from un-wanted changes. As your FileWave server stores files in /fwxserver, it is impacted by this change.
FileWave 13.1.5 is now locating files in /usr/local/filewave/fwxserver; if you are upgrading from a previous version, files will be moved during upgrade.
If you upgrade from a previous version of FileWave, /fwxserver will be moved to its new location. In case moving is not possible (specific mount point for instance), upgrade will stop and will require manual data folder move.
For Details please refer to fwxserver folder relocation in FileWave Server 13.1.5+ on macOS and Linux Platforms
Backup Script Update:
With the relocation of /fwxserver, the backup script must be updated on your server to ensure a proper backup is being captured.
Please reference the following for more information; https://kb.filewave.com/display/KB/Automated+Backup
- TLS self-signed certificate for MDM
Generated self-signed cert is compliant with iOS 13, tvOS 13 and macOS 15 new security requirements.
fwcontrol generateSelfSignedCert command uses previous private key, allowing to unblock already upgraded devices
- Duplicated devices detection
FileWave clients are identified by a user-friendly identifier (client name) and a machine-fingerprint identifier (device id). Re-enrolling devices with a different name or enrolling a new device with the same name as an existing client creates duplicated entries in the system, which can lead to various problems. FileWave 13.1.5 integrates duplicated detection:
- At enrollment time; enrolling a device matching either the client name or the fingerprint, but not both (so not a in place re-enrollment) will not be possible without solving the conflict (removing the old entry or ignoring the new enrollment).
- tools are provided to detect and resolve existing duplicated entries
- OpenSSL updated to 1.0.2t
New Features (13.1)
Security Enforcement
Device Management
Analytics
UCS Improvements
Apple "Spring 2019" release support
Android (EMM) support
FileWave 13.0.x (Oct 2018)
FileWave 13.0.x (Oct 2018) Release Notes
New Features (13.0.3)
MDM Profile removal
By default, FileWave is no longer answering with HTTP 401 when an unknown MDM Apple device checks in. This allows FileWave to recover data from a previous backup without un-enrolling devices, which could lead to data loss if applications were removed. For 13.0.3, a new option was added in "FileWave Admin / Preferences / Mobile / Apple" that reverts to previous behavior.
Desktop Client and Booster Affinity
FileWave 13.0.0 introduced a behavioral change related to how desktop clients are communicating with boosters. Before 13.0.0, clients would always contact the first booster, unless the booster is not reachable (off network or offline). This could lead to very long delay for fileset deployment if first configured booster would be overloaded. Starting with 13.0.0, clients will try to stay on a given upstream booster instead of changing frequently. This provides better load balancing as the connections are more stable. Clients will also fallback to the server if none of the boosters are reachable.
13.0.3 ensures that a client will retry boosters regularly if it fell back to the server.
Memory Footprint
During model update, a large amount of data is processed to determine which fileset will be deployed to which device. Fileset statuses are also processed and updated, so deleted filesets are removed, newly-associated filesets are marked as "Associated" and so on. Starting with FileWave 13.0.0, iOS fileset statuses are now properly reported, which can create a large number of entries in the database, increasing the memory consumption during model update.
The Linux operating system is more sensitive to memory fragmentation (very summarized: it is not able to to recover memory with a frequent and high number of allocations, even if the process is not using this memory anymore), and the additional features brought to FileWave in the previous versions made the Linux version consume more memory over time, which could lead to Out-Of-Memory management.
FileWave 13.0.3 is now using a more efficient memory allocation system, more efficient, and a special attention has been paid to reducing memory usage during model update to avoid memory fragmentation as much as possible.
VPN on Demand Option
IKEv2 VPN allows very granular configuration, based on VPN provider rules. For 13.0.3, VPN profile allows entering raw XML provided by VPN vendors.
New Features (13.0.2)
New Features (13.0.1)
New Features (13.0.0)
Device Enrollment Program:
MDM Commands:
Profile changes:
Push Notification changes:
FileWave 12.9.x (May 2018)
FileWave 12.9.x (May 2018) Release Notes
New Features (12.9.0)
New Features (12.9.1)
FileWave 12.8.x (April 2018)
FileWave 12.8.x (April 2018) Release Notes
New Features
This version adds support for iOS 11.3, tvOS 11.3, and macOS 10.13.4.
No Comments