Feature Roundup: Windows and Linux – August 2025

SureAccess

4x faster than traditional VPNs – SureAccess is a robust Zero Trust Network Access (ZTNA) solution that ensures secure, seamless access to corporate resources for your employees—anytime, anywhere.
Empower your workforce without compromising on security.

Custom ADMX & Browser Management

Configure third-party app policies and browser settings beyond the basics.

• Use Custom ADMX to apply settings from any .admx/.adml template.
• Browser Management lets you configure key settings for Edge, Chrome, and Firefox — including homepage, security, updates, proxy, cookies and more.

Device Actions

Perform key device control functions like Wipe, Lock, Lost Mode, Reboot, and Shutdown from a single job.
Enjoy a smoother experience with fewer logins—reducing friction and making access seamless across apps.

New Data Analytics Policy

Enable MTD data capture with the Data Analytics Policy job. Configure and deploy on Windows devices to start collecting and displaying threat data on the MTD Dashboard.
Ensure faster and more efficient MTD data capture.

Windows MTD Enhancements

We’ve enhanced the Windows MTD Dashboard with new controls and smarter insights. A platform filter (Choose from All, Android, iOS/iPadOS, or Windows) offers clearer visibility and platform-specific device management, and a new ‘Scan’ button lets you run Quick or Full scans every 8 hours.
Get accurate, timely threat visibility—and take action without waiting for the Default Windows sync intervals to catch up.

SureMDM Local Administrator Password Solution (LAPS)

Automatically rotate unique local admin passwords, add local administrator accounts, configure password complexity options, and enforce ‘Online LAPS’ across Windows devices with SureMDM LAPS.
No more shared admin passwords floating around in emails or sticky notes taped to monitors.

Run Script Job Upgrade

The Run Script job now supports multi-line scripts, syntax highlighting, and file imports. Script results are shown in Job History with color-coded statuses for easier troubleshooting. PowerShell, Batch, and VB scripts are automatically detected, with formatting preserved.
Easier scripting = fewer errors and faster troubleshooting.

Application Compliance Policy

Set allowed/blocklisted apps, detect non-compliance, and trigger automated remediation.
Stop shadow IT in its tracks—ensure only approved software runs on company devices.

Enhanced SureMDM Agent & Agent Settings

The SureMDM Windows Agent now features a refreshed UI and a smoother experience. Highlights include QR-based self-enrollment, built-in file and app stores, improved admin–user communication, easy log uploads, ability to request remote sessions with admins, and customizable access controls.
More flexibility for your end-users, quick resolution times, better communication.

SureLock Settings: Use System Wallpaper

The new checkbox option lets you apply the system wallpaper in SureLock mode.
Maintain branding—even in kiosk or locked-down environments.

App Locker Enhancements

The Windows App Locker Policy now supports Customer Managed App Inventory, allowing you to curate and sync your app list for easier policy enforcement. The updated UI allows granular control over Store apps, .exe, .msi, and scripts, with new options like explicit Allow/Deny, User Group permissions, and Folder-level rules.
Take precise control of what app runs on your devices—down to the folder level.

Windows 11 Readiness Report

Analyze device hardware for compatibility with Windows 11 and upgrade readiness.
Avoid upgrade surprises—plan migrations with confidence.

Windows CVE Dashboard

We’ve added a new CVE Dashboard to help you track vulnerabilities across your Windows 10 and 11 devices with details on severity breakdowns and real-time remediation progress.
Reduce manual vulnerability tracking and patch with precision—no Excel sheets required.

Enhanced Windows OS Updates

You can now install Windows updates almost instantly from the SureMDM console. The revamped interface includes a new Discovered Updates tab to show what’s available, and an updated All Deployed Updates tab for tracking historical installs.
Patch management just got easier. Fewer delays, fewer clicks, more control.

Microsoft Office 365 Conditional Access

Now integrated with Microsoft Entra ID (formerly Azure AD), SureMDM’s device compliance is validated before allowing access to Office 365 apps. You can configure policies right from the console.
Ensure only compliant devices and managed devices get access—giving you a security safety net without slowing down end users.

Dynamic Device Renaming

You now have more flexibility when renaming Windows devices. Choose whether to update the device name on both the console and device or just within the SureMDM console.
Keep your device names organized (and human-readable) without confusion for you and your end users.

Remote PowerShell Script Import and Execute

During a Remote PowerShell session, easily upload and execute .ps1 script files directly with the ‘Import’ and ‘Execute’ buttons.
No more jumping between your local editor and the console. One click, and your script’s in action.

Domain Binding (Microsoft Entra & Google Workspace)

Admins can now configure Domain Join settings on devices for both Microsoft Entra Domain Services and Google Workspace directory services from SureMDM.
Achieve centralized authentication—align your Linux login experience with enterprise standards.

Branding and Personalization

Customize lock screen, wallpapers, login messages, and prevent non-sudo users from changing branding.
Deliver a polished, corporate-branded Linux experience.

User Account Management

Create, modify, or remove user accounts with time-based access controls and password management.
Centralize user control—no more SSHing into every machine to manage accounts.

New Text Messaging Options

Send messages as pop-ups or system tray alerts—temporary or persistent.
Send helpful nudges, alerts, or warnings directly to Linux users without needing email or Slack.

Linux Kiosk Mode Improvements

We’ve added auto-login, simplified account creation, and full auto-launch of Kiosk Mode on reboot.
Perfect for out-of-the-box ready kiosk experience.

System Settings: Bluetooth Controls

Allow/block Bluetooth by device type or MAC address; build allowlists/blocklists.
Keep rogue Bluetooth accessories (and the risks they bring) off your network.

Certificate Management: SCEP Support

Request and install certificates via SCEP, override profile settings, and remove user-installed certificates for Linux devices.
Automate PKI deployment for secure, scalable authentication.

URL Filtering Enhancements

URL Filtering Policy now supports domain-based filtering. Administrators can now allow or block entire domains including all subdomains.
Filter URLs more efficiently—less configuration, more coverage.

User Accounts Report (Windows, Linux, macOS)

Generate detailed reports on user accounts by platform or group—on demand or scheduled.
Maintain visibility into user activity across your entire device fleet.