What’s new in Hexnode UEM

10 min readJun 2, 2021

With the pandemic and associated challenges, there is no doubt that the only way a business can stay competitive in the current market scenario is by moving to everything remote. But while shifting into such a boundless workspace, companies face multiple hurdles adjusting to new ways of working. To help with this dilemma and empower everyone, everywhere, the industry’s leading UEM solutions are chock full of innovative upgrades to their line of endpoint management offerings.

Hexnode has recently expanded its feature Matrix with a host of additional management functionalities. Hexnode, with this new set of features, goes beyond standard approaches to better manage the new systems and help businesses easily pick up the pace with the new workplace trends. Let’s take a sneak peek into the Hexnode UEM’s latest and greatest features.

What’s new in Hexnode for multi-platform endpoint management

Hexnode offers extensive support for multiple OS platforms. Here is a platform-wise breakdown of the year’s breaking changes in Hexnode for endpoint management.

Stay up to date with key insights from our experts Watch a Demo

What’s new for iOS device management?

Hexnode for iOS device management

Multiple VPN On Demand rules

VPN On Demand lets devices connect to VPN automatically when on specific networks. Otherwise, VPN enablement requires manual intervention. The VPN On Demand option allow set multiple configurations or VPN On Demand rules with the Hexnode iOS VPN policy.

Other major enhancement

Code scanner app is now a system app

Code scanner app is the QR scanner app integrated with the iOS camera on devices running iOS 14. Hexnode has now updated the system apps list for iOS devices with the new Code scanner app.

What’s new for Android device management?

Hexnode for Android device management

OEM feedback channel for better app insights

Apps written by OEMs are capable of sending back configuration results to the UEM console using a feedback channel. App feedback is a very useful option for enterprise IT admins to monitor and stay up to date with the app configuration status. The feature also alerts them of errors that need immediate action. Hexnode UEM lets you track and view application feedback data for Managed Google apps. The workflow is as follows:

  • The enterprise IT admin approve and add Managed Google apps to the UEM console
  • The admin sets managed app configurations
  • The configurations will be sent to the app and get applied in the backend. While applying the configurations, the app will send the status of the configuration to UEM in the form of a keyed app state.
  • The UEM retrieves the feedback data from these keyed app states and displays the managed configuration’s status in the UEM console.
  • The IT admins can check the feedback from the management portal and take necessary actions.

It could take up to 30 minutes to fetch the feedback from the applications. IT admins can send feedback requests to a device only 3 times per day. Prerequisites:

  • The device should be enrolled as an Android Enterprise device owner or profile owner.
  • The app should be a Managed Google app custom designed to send application feedbacks.

Android Zero Touch Enrollment enhancements

Hexnode already offers extensive support for large scale roll out of Android devices via Google’s Zero Touch Enrollment. With the groundbreaking updates Google announced in Nov 2020, Hexnode also added Zero Touch Enrollment support for few additional device types, including:

  • All Android 9.0+ devices
  • Samsung devices running Android 9.0 OS or higher

This means that organization can enroll corporate owned Android 9.0+ Samsung Knox devices hands free either via their own Samsung Knox Mobile Enrollment or using Google’s Android Zero Touch Enrollment.

Samsung’s endorsement via Knox Validated Program

Samsung Knox Validated Program is Samsung’s authentication program to distinguish UEMs and check their integrity for Samsung Knox device management. Hexnode UEM is now a Samsung Knox Validated Partner. Being a Knox Validated Partner, Hexnode provides its users added assurance of same day and flawless support for Samsung Knox management services.

Clear app data on Samsung Knox devices

Hexnode’s app management features allow IT admins to cover all aspects of managed apps. Clear app data action is the latest feature Hexnode offers for Play store apps running on managed Samsung Knox devices.

Usability enhancements

Enterprise management type for enrolled devices

The enterprise management type displayed in the device inventory help admins easily distinguish between generic, fully managed and work profile managed devices. This is particularly useful when pushing bulk actions to devices based on their management type.

Work account creation status for Android Enterprise devices

The device details page now showcases the work account creation status for Android Enterprise enrolled devices. In case if the work account creation fails, admins have the option to re-initiate it.

Other major enhancements

Add-ons to Kiosk peripheral settings

Some additional options have been added to the Android kiosk peripheral settings to allow new device features and user permissions while in kiosk mode.

Allow users to configure hotspot

This option allows end users to configure Wi-Fi hotspots on Android 8.0+ devices by redirecting them to the corresponding device settings.

Allow users to set password

This option prompts users to modify the device password if a password policy is associated with the device. Associating VPN or Certificate (mandatory only for non-Android Enterprise devices) policy would also prompt the user to set a device password if one is not there already. The admin can also set a time limit after which the user will be automatically exited from the Settings page.

Allow users to disconnect Wi-Fi

This option enables users to disconnect the device from already connected Wi-Fi networks while in kiosk mode.

Minimum passcode length for number passwords

Admins can set a minimum limit for the length of number passcodes in the password rules defined for managed Android devices.

What’s new for Windows management?

Hexnode for Windows management

VPN for enhanced security and access control

Everywhere enterprise concept brings in new security issues and privacy concerns. While accessing external networks, users can remain confident that they have extra online protection when the VPN is turned on. VPN help establish secure connections between external networks by encrypting the data flowing between these points. This allows enterprises to provide users with secure remote access to the company network, also enabling end users to secure their online privacy. The Hexnode VPN policy for Windows supports the connection types like L2TP, PPTP, IKEv2 and allow push configurations like:

  • Multiple Device-wide VPN traffic rules
  • Option to remember end user login credentials
  • Always On VPN
  • Bypass for local intranet traffic
  • Trusted network addresses

Real time access to PCs from anywhere in the world

Apart from generally enhancing the management functionalities by incorporating everything new in the UEM landscape, Hexnode also gives priority to user requested features. Remote view for Windows might be the most awaited feature Hexnode has released so far this year. This is a great feature for IT admins to provide the home workers real time support. This is also a powerful tool to keep note of their work progress. Windows remote view works the same way as it does for Android and iOS devices, and the only thing to note is that it can be initiated only on devices running Hexnode Agent app v4.5.0+ and Hexnode Remote Assist app v4.1.7.0+.

What’s new for Mac management?

Hexnode for enterprise Mac management

Change privacy preferences remotely

macOS Privacy preferences policy lets the admins allow or restrict important permissions without which protected Mac apps and services fail to function. You can allow, deny or set as default the preferences for apps and processes on Mac with macOS 10.14+. However, camera, screen recording, and microphone permissions cannot be granted via UEM. These preferences can only be denied or set as default. It is possible to configure preferences for multiple apps with a single policy. What is important is that the user needs to relaunch the app for the applied change to take effect.

Escrow FileVault recovery keys to Hexnode

FileVault is the built-in whole disk encryption program on macOS. FileVault encodes the data on your startup disk, which can be decoded only using a recovery key. Losing your account password and FileVault recovery key is a greater risk as the user will not be able to log into the Mac and access the data on the startup disk in that case. However, to help such situations, admins now have the option to retrieve and back up the FileVault recovery key using Hexnode, which is known by the term escrow.
FileVault recovery keys captured by Hexnode can be used to regain access to the drive. Admins have the option to display a message on the recovery key screen to help end users on how to get the recovery key for their Mac. The recovery key encryption and decryption can either be done automatically by Hexnode or manually by the admin. If admins are allowed to specify the encryption key, they should also add the encryption certificate within the policy.

Other major enhancements

MPKG file installation

Hexnode earlier supported only PKG or DMG files for enterprise app installation on Macs. But as per the user requests, Hexnode is extending this to include MPKG files. The file can be uploaded to the Hexnode repository and distributed via Policy or action just the way we do for any other enterprise apps.

Enforce user to change the password on next login

This is an additional option to prompt users during their next login to change the device password whenever a new change is made to the rules already defined via the Hexnode Mac passcode policy.

What’s new for Apple TV management?

Hexnode for Apple TV management

Easy rollout of apps with Apple VPP

VPP app installation support on Apple TV is yet another long-awaited feature for Hexnode users. VPP integration with Hexnode allows IT admins to manage the app distribution on Apple TVs effectively. The salient features of VPP integration include:

  • Silent app installation and update
  • Bulk app purchase and distribution
  • Ability to revoke, reassign and redistribute the apps as and when needed
  • Easy deployment without the need to enter Apple ID

Remote actions for real time device management

Wipe device action

This allows IT admins to entirely wipe a device when a device is lost, stolen or when the device user leaves the enterprise. Wipe remote action works for Apple TVs running tvOS 10.2 and above. Management will no longer be supported on the device unless it is a DEP-enrolled device with the option “Enroll devices in MDM” enabled in the DEP policy associated with the DEP account.

Restart device action

IT admins can restart the Apple TV on demand using this remote action. The action may be useful in a situation where the user is not available for restarting the device, perhaps for exiting a program or complete a pending reboot. The action is supported on supervised tvOS devices running tvOS 10.2 or above.

OS update management

Whenever a new OS update becomes available, it would be a hectic task for the enterprise IT to manually update all their devices one by one. But with the update OS action on Hexnode, admins can easily push the OS update to their device fleet in bulk. For Apple TVs, IT admins can either enforce to download and install the software update or download only.

2FA to secure your Hexnode dashboard

Enforce Two factor authentication to secure your Hexnode portal Sign up for free trial

Two factor authentication is a security feature or more specifically a matter of balancing security and convenience as with so many other things. Hexnode now supports third-party authenticator apps to enforce two-factor authentication for the Hexnode management portal. The admin can mandate two factor authentication for the technician and when the technician logs in for the first time, he needs to set up two factor authentication using a third-party authenticator app only after which he can access the Hexnode portal. So, rather than sending the technician an SMS or verification code via email, the third-party app like Google authenticator or Microsoft authenticator displays a verification code which refreshes roughly 30 sec.

Some FAQs on feature updates answered

  1. How can I check if I am using the latest version of the Hexnode app?

You can check the version of the Hexnode app running on your device from the About Hexnode section on the app. To know the latest published version of the Hexnode app, you can check the Hexnode app updates section of our forums and confirm that you’re running the latest version available. The Hexnode app updates section in Hexnode Connect also provides a detailed list of the features supported by each of the Hexnode app versions.

2. How can I get the new version of the Hexnode app?

The Hexnode app installed on your device will get updated automatically when a new version goes live. Users can also download and install the latest app versions from the respective app stores.

3. Why can’t I see the newly released features on my management dashboard?

There may be a pricing issue in such cases. The newly released features won’t be made available for you if you’re under a lower pricing plan than the plan for which the feature is supported. Be sure to check other pre-requisites like device compatibility for the new management feature you’re looking to implement.

Now, what’s behind these updates

Delivering an exceptional user experience is something Hexnode always takes on priority. So, when pushing out updates, we always focus on increasing the usability of our already easy-to-use product. We add to our roadmap only those features that are sure to reduce the management burden on enterprise IT, many of which are requested features from our customers which makes their experience even better.

Got an idea for a new management feature?

Feel free to reach out to us or share with us in the forums.

This is just the next step in our journey. Hexnode will continue to get better and there’s more to come. Stay tuned!

Originally published at https://www.hexnode.com on June 2, 2021.




Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.