Join Our Newsletter
Receive our latest blog posts directly in your inbox!
BEM_Web_Console 9.1.1 (build 70 ) is now available as a GA release.
New features and bug fixes:
9.1.1 ------- - Remove dependency on .Net Framework 3.5 for installation of BEM. - Fix for an issue where a new Yubikey DEK was not being generated during BEM installation. - Added Paradox policy option to Wifi entries to hide/unhide Wifi access points. - Added a Paradox and SE device policy option to disable print screen - Added a Paradox and SE device policy option to disable the ability to edit network configuration on the device. - BCE-3396 - Fix for an issue where BEM dashboard was loading slowly after logging in. - BEMD-11607 - Added ability to set Login Page hostname which will resolve an issue where login page will show a 500 error after upgrading. 9.1.0 ------- - Dropped support for multi tenancy. - Dropped macOS device management. - BEM setup tool migrated to .Net Core. - Global Admin role has been removed . iOS Features and Fixes: - BCE-3346 - Fixed an issue where refresh DEP devices would fail due to an expired cursor. - BCE-3164 - Fixed an issue where report filtering was not working based on last contact time interval. - BCE-3375 - Fixed an issue where Rapid security responses install status was not shown correctly in BEM UI - BEMD-11010 - Resolved an issue where a failed VPP licence request will unintentionally set the app status to failed for all apps on the device. - BEMD-10201 - Allow access to USB Accessories. - Introduced certificate pinning for iOS device management. Paradox and Paradox SE Features and Fixes: - BEMD-11184 - Added an option to set SAM account name to the device name in device certificates. - Added the option to choose whether or not Paradox and Paradox SE devices are created as computer objects in Active Directory. - Added SMB share support in Paradox SE. - Added USB Mass Storage support for Paradox SE devices. - Added new column to Paradox SE devices page to display OS Version installed on the device. - Paradox USB Device Control expanded to include Read-Only / Read-Write and SID options. Yubikey New Features and Fixes: - Enrollers can be restricted to enroll Yubikeys to the users in the same OU as enroller. - Restricted Enrollers can be promoted to global enrollers to enroll devices to any user from the estate/domain. - Introduced Strict mode which means OTP enrollments are blocked when BEM is this mode. - Added the ability to renew user certificates by enroller. BCES Features and Fixes: - Improved BCES registration process. - Introduced "Strict mode" in BCES. 9.0.1 BETA ------- - Added support for Postgres SQL. - Added new feature, Becrypt Resident CA that issues and manages device, user and server certificates. - Added Becrypt Identity Provider that is used to create, authenticate and manage local BEM users. - Added silent installer that supports easy deployment of BEM. - User assignment is now option for DEP device enrolment. 9.0.0 BETA ------- iOS Features and Fixes: - Added support for ECC device certificates for iOS devices - Added ECC signature verification in BEM - Added support for use of HiTMAN as High Assurance Gateway when using BEM with MDM Proxies - Improved support for configuring outgoing Docker proxies when using BEM with MDM Proxies ____________ Additional Notes ____________ BEM Specific: - After upgrading to BEM 9.1.0 the login url for BEM will be changed, therefore existing browser bookmarks will not work. Please create new browser bookmarks. - All the existing BEM console users with super user role before upgrade will have permissions equivalent to a Global Admin. - It is recommended to decide on the type of CA (BEM CA or Direct CA or BCSE) before installing BEM. Yubikey Specific: - Please ensure that users are synchronised from Domains page before configuring BEM to manage Yubikey devices. - Please ensure that the PUK code you enter when importing the first user using Yubikeyimport tool is set to 8 characters. Paradox specific : - Please use the username in the format .\<username> when registering PDX devices in an off domain environment using IDP / Resident users. - Please remove from BEM any browser extensions that were uploaded after upgrading to 8.1.0, and re-upload them before assigning to an application policy. - After upgrading BEM Web, update the authorisation url to introspect url when using OAuth2 as your authentication method in Paradox device policy. - After upgrading BEM Web, all the Paradox device groups will have "TPM required" checkbox ticked. Please do untick if you would like to modify those device groups. - yubikeys and Human Interface Devices will be implicitly allowed as part of the device control policy for Paradox devices. - In order for the Xerox printer to be discovered, add both Presets under the firewall rules in BEM Web Policy: i) Generic Printer Discovery ii) Xerox Printer Discovery Paradox SE : - Revoking a device certificate manually from CA may not prevent the device from communicating to BEM Web server. Either use the "Revoke Device" function from BEM Web console or follow the below steps on BEM Web server: - From command prompt run certutil -setreg chain\ChainCacheResyncFiletime @now - Restart cryptographic services. iOS Specific : - It is recommended to purchase ample licenses for required apps in your VPP to avoid licensing issues. - It is recommended that all devices are un-supervised before re-profiling. - Note that if the MDM Profile is set to be removable, any devices which are still within Apple's grace period after first being added to DEP will display the option "Leave Remote Management". If a user actions this it will completely wipe the device and remove it from DEP - and BEM will receive no notification of this. ____________ Known Issues ____________ BEM 9.1.0 ======== - As per Android (Convex) design, BEM CA generates RSA type device certificates for Android devices when BEM CA is set to ECC type. iOS Device Management issues: - If Home Screen wallpaper is not set in policy, any Lock Screen wallpaper configured is also being displayed on the Home Screen. - Devices may fail to keep up with policy and/or application changes if moved between multiple device groups rapidly. BEM 9.0.1 BETA Limitations: ================== - BEM Web setup tool is not fully functional . - Silent installation only supported for Postgres with Resident CA and Resident Users. - Apple configurator devices cannot be enrolled when the CA is set to use ECC. BEM Web specific issues: - Requesting user certificates fails when CA is set to issue certificates using KSP. - Internet Explorer 11 is known to fail loading important items in the Paradox Application Policy page. It is recommended that an alternate browser is used while managing Paradox and Paradox SE devices. - The error "No DEK loaded" may be seen when doing an initial synchronize with Active Directory. An IIS restart is required, to fix this issue. - Paradox SE Applications with (.) character in the file name when added are lost on saving the application policy. - Template names set in general settings will only be checked against templates published on the Active Directory the server is located in. - Changing the device certificate template does not affect certificate renewals for certificates already issued. - Side by side installation of multiple .NET core versions can occasionally cause BEM Web to not load. iOS and macOS Device Management issues: - The "Delete VPN certificate" command for iOS devices will not remove the certificate whilst a VPN profile is still deployed on the device. The profile must also be removed (from Policy) to complete deletion of the certificate. - The iOS policy restriction to disallow "Erase All Contents and Settings" is not obeyed by devices running iOS 15.0. - Enabling bluetooth on the device during provisioning only is now deprecated. Bluetooth may now be enabled/disabled within Device Policy at any time. - If an iOS device with only Wi-Fi connectivity available has been placed into Lost Mode and then subsequently powered off, it may not be possible to disable Lost Mode again. This is because although the device is powered on again it may not be possible to start Wi-Fi without unlocking the screen. - In iOS Device Policy editing an existing Standard VPN item into a PerApp VPN will fail. Remove the Standard VPN first and then apply a new PerApp VPN. - Make sure "Send all traffic" is ticked for IPSEC VPN profile. - IKEv2 VPN profile installation is currently failing for macOS devices. - Enabling "Allow configuring restrictions" in iOS policy allows screen time settings on devices running iOS12 and later. - iOS device may not register a correct push notification secret (Push Magic) after preparation. This will cause the device to stop communicating with the server. - The values displayed for iOS device "Capacity" and "Available Capacity" may be incorrectly reported in the Details tab. This is an issue that requires a fix from Apple. - Enabling profile encryption is currently not supported for EC certificates. - If a new VPP account is used, apps from the previous account may remain. ____________ Installation BEM Web ____________ - Framework prerequisites to be installed on the server prior to BEM Web installation/Upgrade.: - .NET 4.7.2 framework - .NET Core 6.0 Hosting Bundle (download from https://dotnet.microsoft.com/download/dotnet/3.1). - Latest version of 6.0 recommended, product tested with 6.0.11 - Visual C++ Redistributable for Visual Studio 2019 (download from https://aka.ms/vs/17/release/vc_redist.x64.exe). - An admin document on how to perform an installation can be found in the full package of the product. ________ Upgrades ________ Upgrades from BEM 8.4.6 and BEM 9.1.0. ___________________________ Supported Operating Systems ___________________________ The BEM Web Server components support installation on the following Windows OS: - Windows server 2019 64 bit - Windows server 2022 64 bit ___________________________ Supported Database Systems ___________________________ The BEM Web Server components support installation on the following SQL servers: - SQL Server 2014 - SQL Server 2019 - POSTGRES 13 _________________________________ Interoperability with other products _________________________________ Provisioning iOS devices require: - Apple Configurator 2.14 The supported email servers are: - Microsoft Exchange 2016 The supported VPN are: -Cisco ASA IPSEC VPN Concentrator. -5.3.5-1ubuntu3.8 Strongswan ___________________________ Supported End User Devices ___________________________ BEM Web Supports: - iPad Air and iPhone platforms running iOS 16.6 _______ Support _______ - email@example.com - 0345 838 2070
+44 (0) 845 8382050
+44 (0) 345 8382070
Receive our latest blog posts directly in your inbox!