Android

  1. Speed up Android BYO enrollment

When your users enroll Android BYO devices using Email + ORG-ID, they can now skip static permissions and grant all required runtime permissions using a single checkbox.

This means:

  • Faster setup

  • Fewer interruptions

  • Less confusion during enrollment

If they skip permissions, they can complete them anytime from: Hamburger Menu → Complete Setup

  1. Knox activation is now handled automatically 

If you're enrolling your Samsung Knox corporate-owned devices via Android Enterprise, Scalefusion now attempts to auto-activate the Knox SDK for you.

That’s one less step your users need to manually complete. 

If activation fails due to network or system issues, users can still finish it via the standard flow, so your enrollment doesn’t stall.

  1. You no longer need to worry about mistyped instance URLs

Users enrolling via email can now simply select your Scalefusion instance:

EU | India | MEA | US | Immenza | Accops

No more manual URL entry. No more enrollment errors due to typos.

  1. Better support for specialized Android devices

You now get:

  • Seamless enrollment support for Sunmi devices, including boot animation configuration

  • Boot animation support for Wishtel devices

  • Improved performance on Techno devices using auto-start permissions

  • Automatic detection and enabling of required Camera-dependent apps (like Photos/Gallery) on BYO devices

  1. Important Android fixes

You’ll also see improvements across:

  • Geofence compliance accuracy

  • Captive portal Wi-Fi handling

  • License Code screen visibility (afw# enrollment)

  • Wingman-based enrollment flow issues

  • Notification access enforcement

Fewer inconsistencies. More predictable behavior.

Updates to On-Prem Connector (OPC)

  1. OPC in High Availability mode

You can now run OPC in High Availability mode for improved uptime and resilience for critical integrations. You can create clones of an existing OPC setup and deploy multiple nodes for HA.

Here’s how it works:

  1. Complete setup on one machine

  2. Create a clone

  3. Install OPC on another Windows machine

  4. Bootstrap using copied files

  5. Configure HAProxy, NGINX, or IIS for load balancing

No changes required on the dashboard.

  1. Map additional AD attributes directly to Dashboard

You can now map custom AD properties like department and employee to user custom properties in the dashboard.

This gives you more flexibility in user management and reporting.

  1. Updated default OPC login (for compliance)

For fresh installations of OPC v2.3.11 and above, the default login is now: sf-admin@local

Older installations will continue using admin@local.

Linux

  1. Remotely lock user accounts

You can now lock or unlock user accounts remotely. From the dashboard, you can:

  • Lock or unlock a single user

  • Lock all user accounts on a device

  • Remotely log out the currently logged-in user

This gives you immediate control when access needs to be restricted.

  1. App Locker for Linux

You can configure an allow list of applications on managed Linux devices.

Test safely before enforcing restrictions and reduce risks. Push a custom script via Enterprise Store and choose between:

  • Monitoring mode (observe usage first)

  • Enforcement mode (restrict access strictly to allowed apps)

Windows

  1. Deploy MSU updates manually

You can upload Microsoft Update Standalone (MSU) packages to the Enterprise Store and push them to devices.

This is ideal when:

  • A patch hasn’t yet been reported by the device

  • You want to deploy specific OS updates manually

Note: This is an on-demand add-on feature. Pushing unsupported MSU files may impact OS stability.

  1. Enhancements  to remote support

Remote support just got easier. You can now:

  • Run the app as a different user (SHIFT + Right Click)

  • Select multiple folders easily (SHIFT + Left Click)

Plus, we’ve fixed:

  • Multi-monitor issues

  • Occasional lag

  1. Additional Windows improvements

You’ll also see:

  • App version numbers in third-party patch listings

  • Improved OS update detection

  • Reduced antivirus flagging (native Windows API usage)

  • Better handling of Secure Web Gateway bypass lists

SSO / OneIdP

  1. Assign SSO using user groups

Instead of assigning users one by one, you can now:

  • Assign entire user groups to SSO configurations

  • Add user groups as Conditional Access exceptions

When you add or remove a group, assignments update automatically.

Less manual effort. More scalable identity enforcement.

  1. Password change protection with Keycard

You now get stronger password integrity controls:

  • Users cannot set empty passwords on Windows

  • Local password changes on Windows and macOS are monitored

  • Users are forced to sync passwords with their IdP

This prevents passwords from going out of sync with your identity provider.

  1. Force logout based on SSO session duration

You can now enforce automatic logout from:

  • Google Workspace

  • Microsoft Entra

Based on your configured SAML or OIDC session duration.

If triggered, users are logged out across devices based on their oldest session.

Enhanced user experience for Intune Partner Compliance

When users access apps protected by Entra Conditional Access, they now see:

  • A more detailed message explaining enrollment requirements

  • A Sign-In button that launches the Scalefusion app

You also get:

  • DeviceID visibility for troubleshooting

  • Re-authentication support if the Authenticator is reinstalled

  • Clear error messaging if DeviceID fetch fails

On the dashboard, you can now view sync status and failure reasons, so you can resolve issues faster.

Workflows

  1. Holiday Calendars for Lock/Unlock 

You can now define Holiday Calendars for Lock/Unlock workflows

Across Android, iOS, and macOS, you can:

  • Create Holiday Calendars

  • Define multiple schedules and date ranges

  • Override existing lock schedules during selected holidays

On selected days, devices stay unlocked automatically.

Perfect for schools, seasonal teams, or regional offices.

  1. Periodic reboot for macOS

You can now schedule periodic reboots on macOS. Create a reboot workflow and automatically restart managed macOS devices on a schedule.

  1. Extended Storage Compliance 

Storage Compliance workflows now support:

  • Windows

  • macOS

You’ll receive email alerts when configured thresholds are crossed.

Apple tvOS

You can now use Return to Service for tvOS. After a factory reset or device reassignment, you can quickly re-provision Apple TVs.

Available via feature flag under IoT Device Management.
Available from Business 2025.

Dashboard enhancements

  1. You can now force a password change after reset (UAM)

When resetting a user's password, you can require the user to change it at the next login.

This ensures:

  • You never permanently know the user’s password

  • Compliance requirements are met

Note: If enabled, the previously shown “Last Known Password” will not work once changed.

  1. Device identifiers added to App Version Report

Your App Version Report now includes:

  • IMEI

  • Serial Number

So you can correlate app versions more precisely to specific devices.