MobilGest - Release Afaria 7 SP5

What is New in SAP Afaria

Afaria 7 SP5 introduces new features for mobile device management and improves the performance of the loading and handling large amounts of data in the Afaria Administration console, such as the devices lists and views, server logs, and device activity results.

Android Device Enhancements

The feature enhancements specific to Android devices are:

Note
Samsung KNOX functionality is not available in SP5 GA, but will be available in a post-SP5 hotfix

Component	Description	Documentation Location
Samsung SAFE	New settings in the Restriction Policy for Samsung SAFE devices	Device Management > Samsung SAFE Pages

iOS Device Enhancements

The feature enhancements specific to iOS devices are:

Component	Description	Documentation Location
Apple Device Enrollment Program	Support for enrolling and managing iOS devices using the Apple Device Enrollment Program	Device Management > Device Enrollment > iOS Device Enrollment > Apple Device Enrollment Program

Windows Phone Device Enhancements

The feature enhancements specific to Windows Phone 8 and Windows Phone 8.1 devices are:

Feature	Description	Documentation Location
Windows Phone Client branding	Customize the Afaria client (xap) for Windows Phone devices, with your own corporate brand images and text.	Device Management > Windows Phone Custom Branding
Auto-discovery support	Auto-discovery service, if enabled, automatically detects the enrollment server address and enrolls the Windows 8.1 device in management.	Device Management > Enabling Auto-Discovery for Windows 8.1 and Windows Phone Devices
Domain support	Configure domains in the Afaria Administration console to support the enrollment of Windows Phone devices using the auto-discovery service.	Configuring Afaria > Configuring Domains for Enrolling Windows Phone and Windows DM Devices
Device actions: Windows Notification Service Lock Device Remove Control Remote Wipe	Windows Notification Service works only for Windows Phone 8.1 devices. The lock action applies only to Windows Phone 8.1 devices, though it appears on both Windows Phone 8 and Windows Phone 8.1 devices. For the lock action to work, a passcode should have been applied on the device. Lock action is applied only in the next DM session initiated from the device.	Device Management > Device Administration> Security Actions for Windows Phone Devices
Certificate payload	Upload the root or intermediate certificate for Windows Phone device authentication. Certificate payload is applicable only for Windows Phone 8.1 devices.	Device Management > Policies > Windows Phone Policies > Creating a Configuration Policy for Windows Phone
Restriction payload	Define the restrictions for users to access certain features such as account settings, application management, security settings, user experience etc. The entire set of restrictions are supported by Windows Phone 8.1 devices. Only the following restrictions are supported by Windows Phone 8 devices: Disable Use Of Storage Card Require Device Encryption (requires UEFI secure boot enabled device) For upgrades on Windows Phone 8 devices, the above two restrictions must be set explicitly again.	Device Management > Policies > Windows Phone Policies > Creating a Configuration Policy for Windows Phone
WiFi payload	Configures connections to Wi-Fi networks on Windows Phone devices. Connection Mode 'Auto' is applicable only for Windows Phone 8.1 devices.	Device Management > Policies > Windows Phone Policies > Creating a Configuration Policy for Windows Phone
Workplace link in the Self Service Portal	A link on the Self-Service Portal to access workplace account on the device .	Device Management > Device Enrollment > Windows Phone Device Enrollment > Enrolling Windows Phone Devices

Windows 8.1 Device Enhancements

The feature enhancements specific to Windows 8.1 (Windows DM) devices are:

Component	Description	Documentation Location
Auto-discovery support for Windows 8.1 device enrollment	Auto-discovery service, if enabled, automatically detects the enrollment server address and enrolls the Windows 8.1 device in management.	Device Management > Enabling Auto-Discovery for Windows 8.1 and Windows Phone Devices
Self-Service Portal support for device enrollment	Support the enrollment of Windows 8.1 devices from Self-Service Portal	Device Management > Device Enrollment > Windows 8.1 Device Enrollment
Afaria application for Windows 8.1 devices	Afaria application silently installs on the device, after the device is enrolled in management.	Device Management > Device Enrollment > Windows 8.1 Device Enrollment
Hardware inventory collection	Collects hardware inventory details such as device details, disk space, network adapter details, operating system details, and security settings	Device Management > Device Inspector > Hardware Inventory for Windows DM Devices
Certificate payload	Upload the root or intermediate certificate for Windows DM device authentication, and stores the certificate in the desired location.	Device Management > Policies > Windows DM Policies > Creating a Configuration Policy for Windows DM
Passcode payload	Define the passcode requirements for the Windows DM device.	Device Management > Policies > Windows DM Policies > Creating a Configuration Policy for Windows DM
WiFi payload	Configure connections to Wi-Fi networks on Windows DM devices.	Device Management > Policies > Windows DM Policies > Creating a Configuration Policy for Windows DM
SCEP payload	Configure settings that allow devices to obtain certificates over the air from a certificate authority (CA) server that uses SCEP.	Device Management > Policies > Windows DM Policies > Creating a Configuration Policy for Windows DM

Administration Enhancements

The generic feature enhancements related to Afaria Administration console and Self-Service Portal are:

Component	Description	Documentation Location
Self-Service Portal enhancements	Only one Self-Service Portal installation is used to host all Self-Service Portals in the enterprise network. The virtual directory in IIS will be the root part of the URL that is shared by all portals created in the Afaria Administration console. The SSP root directory value will be part of each URL used to access every Self-Service Portal using the following format: http://[host]/[ssp root dir]/[Relative URL] and it cannot be changed once the SSP is installed, without uninstalling and reinstalling SSP. The [Relative URL] value is the tail portion of each URL used to access every Self-Service Portal that uniquely identifies each portal in the system.	Installing SAP Afaria > Installing Afaria > Installing the Self-Service Portal Installing SAP Afaria> Afaria Self-Service Portal Upgrade Configuring SAP Afaria> Configuring Afaria Components > Self-Service Portal
Search by app name while creating an application policy for iOS app store applications, Volume Purchase Program for iOS devices, and Windows Phone app store applications.		Device Management > Policies > iOS Policies > App Store Application Policies for iOS Devices > Creating an Application Policy for iOS App Store Apps Device Management > Policies > iOS Policies > Volume Purchase Program Licensed Application Policies for iOS Devices > Creating a Volume Purchase Program Licensed App Policy Device Management > Policies > Windows Phone Policies > Windows Phone App Store Application Policies > Creating an Application Policy for Windows Phone App Store Applications
Get log files from an Android device or an iOS device and use Device Inspector to download client log		Device Management > Device Administration > Getting Log Files from Devices Device Management > Device Inspector > Downloading the Client Log
Unmatched Email Devices	Support for matching Microsoft Exchange device records with SAP Afaria device records to ensure that devices are under SAP Afaria management	Device Management > Unmatched Email Devices

Infrastructure Security Enhancements

The feature enhancements specific to access control are:

Component

Description

Documentation Location

Network Access Control
enhancements

NAC has been modified and is no longer a system service, but is now hosted in IIS as a web service under the /NetworkAccessControlvirtual directory.
SP5 NAC web service is only accessible via https port 443 through IIS.

Installing SAP Afaria >
Installing Afaria > Installing Afaria Network Access Control Service

Configuring SAP Afaria >
Configuring Afaria Components > Support for Network Access Control