VSA 10: Version 10.6.1 release notes

We are excited to announce the VSA 10.6.1 release. The release will begin on January 25 at 2 AM EST and should conclude at 7 AM EST. This release includes extensive improvements to policies, major enhancements to patch management, and several updates to UI/UX.

NOTE  All active web application sessions will be disconnected, and customers will need to log in again at the beginning of the maintenance window.

Release highlights

Key feature enhancements

Policies

This release includes major enhancements to policies, bringing the next iteration of policy design improvements to the product.

Refer to Policies overview for a detailed explanation of policies and the updated design.

NOTE  The changes in this release apply only to Device Configuration and Monitoring Policies. Other policy types, such as Patch Management and Endpoint Protection, will be converted to this new design in future releases.

Following is a summary of the specific changes to Device Configuration and Monitoring policies included in this release:

Introduction of targeting capabilities directly within the policy editor, including selection preview

  • Context targeting

    Although context targeting was already supported before this release, it required the manual step of assigning a policy directly to each organization, site, and/or group. This release adds the ability to assign organizations, sites, and/or groups directly within the policy editor.

    As of this release, context targeting is only supported within a root policy and is not available for editing within extensions. However, context targeting within extensions is currently planned as an improvement for Q1 2024.


  • Device targeting criteria

    Device targeting is an entirely new feature to policies and enables the ability to use certain device attributes for automatically assigning policies to specific devices based on these attributes. For example, by creating an extension and selecting Windows Servers as an OS type, the extension will automatically apply to Windows servers within the context that the policy has been assigned to.
    As of this release, device criteria targeting is only supported within extensions. Root policies are automatically applied to All Devices. Extensions can be used to refine settings for specific types of devices.

    Device criteria targeting currently supports three device attributes:

    • Device type
    • OS type
    • Device manufacturer

Introduction of an All Organizations object on the Organizations page

This new entity enables the ability for a policy to be assigned to all current and future organizations.

Introduction to extensions

An Extension allows you to adjust a policy’s settings for a subset of the policy’s targeted devices. This includes the use of deterministic targeting criteria for the following device attributes:

  • Operating system (includes major category of OS and major versions)
  • Device type
  • Device manufacturer

    An extension is effectively a child policy that remains associated with its parent. The extension automatically inherits the settings and targeting criteria from its parent; however, you can adjust the targeting criteria to refine your device selections and you can add, change, and remove profiles while leaving any relevant profiles from the parent intact.


Designation of profiles as cumulative and non-cumulative

Before this release, all profiles were non-cumulative, meaning any given profile could be applied only once to any given device through its policy. This release introduces the concept of cumulative profiles to ensure that certain types of profiles can be assigned multiple times within a given policy.

  • Cumulative Profiles: They are specific types of profiles that can be applied to a device more than once because their settings are considered safe for layering, meaning their settings do not exactly conflict if applied more than once. Examples of cumulative profile types can be found in Monitoring Profiles.
  • Non-Cumulative Profiles: They are specific types of profiles that can only be applied to a device once because their settings within the profile are considered problematic for layering, meaning their settings directly conflict if applied more than once. Examples of non-cumulative profile types can be found in Device Configuration Profiles.

If you try to add an additional non-cumulative profile of the same type within the same policy, the UI will automatically replace the current non-cumulative profile with the newly selected profile. You will be able to instantly view this result within the policy editor and quickly adjust it if needed.

Introduction of Effective Settings

Effective Settings provide the visibility of the policies, their profiles, and the actual settings that have been assigned and applied at all levels of your environment. This includes organizations, sites, groups, and most importantly, devices.

UI/UX enhancements to several product pages

  • Policies page

    Updated to accommodate the new features of Policies.

  • Profiles page
    Updated to include a new folder called All Profiles that includes paging and enhanced filtering when working with all your profiles.

  • Organizations, sites, groups

    Policies have been migrated to a new Policies tab.

  • Device card

    Introducing a new Policies entry within the Overview section.

Introduction of the basic profiles and policies package

  • Refer to Basic device policies and profiles for details about the content and the settings.
  • This release includes various preconfigured profiles based on common configurations. A basic set of policies has also been included and contains a subset of the preconfigured profiles, along with extensions that provide settings adjustments for different Windows platforms.
  • The policies will automatically be applied to new customers. However, for existing customers moving to this new release, the policies will be added but will not be assigned to any context. To make use of the new policies, simply edit the root policy and assign a Context.

Patch Management

Approval workflow

With this release, we introduce the Patch Status page with the list of patches identified within each Patch policy.

The page allows a technician to review patches individually and either approve or reject installation. The list can be filtered by the patch category. Tabs are used to show only Pending, Approved, Rejected, or All Patches.

The following information is shown for each patch:

  • Patch name with an identifier and release date.
  • Link to Microsoft Support article.
  • List of applicable operating systems (Microsoft products).
  • Security-related CVSS score.
  • Reboot behavior.
  • Patch category.

Additionally, by clicking on a specific patch, the list of applicable devices will be listed.

End user reboot prompt

This release makes the patching reboot on end devices more predictable by displaying reboot prompts in advance. An end user can either postpone the reboot or execute it right away.

A technician specifies a reboot deadline and the time up to 23 hours before the deadline to start showing prompts.

UI/UX enhancements

Multi-selection and bulk actions

This release adds multi-selection and bulk action capabilities to the Advanced Search page.

There are several selection options available, including the ability to perform single selection, multiple selections, page selections, and select all.

Select a device by clicking its check box:

Press the SHIFT key after making the first selection to select multiple devices on the same page:

Click the Select Page check box in the header of the selection column to select all the devices on the current page only:

Click Select All Items underneath the Search input to select all devices across all pages:

Consider the following when using this option:

  • Final device selection is determined at the time that a bulk action is executed.

    • EXAMPLE   For example, if you choose Select All Items and in the time between this selection and performing a bulk action a new device has been added to the table, that new device will also be included for bulk action execution. This same behavior exists for devices that may have been removed.

  • Devices can be explicitly excluded from the Select All Items option by using the following deselect options:

    • Clicking the check box again to remove the selection.
    • Clicking the Select Page check box in the header of the selection column to remove the selections for the current page.
    • Pressing the SHIFT key to deselect multiple devices (on the same page) at once.
    • Using the Deselect Page option.

  • To exit or clear Select All Items, use the Clear All Selections option from the drop-down menu.

These options can also be accessed via selection options menu:

The following bulk action will be available in this release:

  • Run Script
  • Run Workflow
  • Move Devices
  • Delete Devices

NOTE  Additional bulk action capabilities will be added in future releases.

The bulk actions can be accessed from the Actions menu, which will be enabled when at least one device has been selected on the Advanced Search page:

In this example, the user has selected the Run Workflow bulk action and is required to select a workflow to continue:

The user must confirm that they want to run the bulk action.

NOTE  Certain selected devices may not be eligible for execution of a bulk action and will be skipped during execution.

The progress and results of the bulk action can be viewed by clicking the Bulk Action History button:

NOTE  The device-level history will be added to the Bulk Action History window in a future release.

In this release, device-level results can be viewed from the Audit Log by selecting the new Bulk Action category:

Automation

Replace workflow action in editor

Workflow actions can now be replaced with any other action in the editor. This makes it easier to quickly edit a translated VSA 9 Agent Procedure where some workflow actions may be marked red, not currently supported. It also improves the general workflow editing experience, swapping any current action with a few simple clicks.

Improved workflow action descriptions

We want to build the most intuitive and flexible automation engine available. We are not only investing in features and functions but also ease of use and educational elements. In this release, we have updated all available workflow actions with new informational messages explaining how each action works, required inputs, and currently available device support.

Remote Control

Automatic reconnect for Windows

Automatic reconnect has been enhanced with some minor UI changes and major functional improvements, which include automatically reconnecting in the following scenarios:

  • Dropped connections.
  • Restarting a device.
  • Signing off a user account.
  • Switching user accounts.
  • Any event that involves a loss of connection, other than graceful exiting of the application or invalidation of the session token.

macOS improvements

This release adds new functionality to macOS Remote Control, bringing macOS in parity with Windows for the following features:

  • Black out end user’s screen: This feature allows a technician to black out the end user’s screen and block end user inputs such as keyboard and mouse.

  • File transfer support in Remote Control sessions (Copy/Paste): This feature allows a technician to transfer files between source and destination macOS devices and includes cross-platform support when using Windows and macOS as either combination of source or destination devices.

MDM

MDM devices license

With this release, we introduce a new category of licensed devices called Mobile Endpoints. This category refers to MDM-enrolled devices, such as iPhones and iPads.

Keep in mind that macOS device will consume an Endpoint license regardless of enrollment type (MDM or agent).

Update device info

This release introduces an automatic update of asset information for MDM-enrolled devices, including the version of operating system.

The information is updated once per day.

Advanced reporting

Patch Policy Compliance template

The new Patch Policy Compliance report template is a further development of the Missing Patches report. It shows the number of confirmed updates against the selected Patch policy.

Performance improvements

Internal performance optimizations are designed to significantly speed up the handling of large datasets, like RMM - Applications.

Content

Built in profiles and policies

VSA 10.6.1 introduces a new powerful way to manage and assign policies to your devices. To help you get started with these new features, we provide a set of recommended Basic Device Policies out of the box. If you just recently got access to VSA, the Basic Device Policies will be applied automatically to all organizations, meaning the policies and their associated cevice Configurations and monitor sets are enabled automatically. Refer to Basic device policies and profiles.

IMPORTANT   If you started using VSA 10 before version 10.6.1, the Basic Device Policies will not get automatically installed. You have the option to download and import the Basic Device Policies manually. Refer to Manually importing basic device policies and profiles.

Bug fixes and other improvements

Agent

  • macOS 14 is now officially supported for standard Agent functions.

Automation

  • Fixed an error when non-admin users tried to edit a task.

Client Portal

  • Fixed an issue in the Profile editor where customers in the Select Customers list remained selected after deselecting the Select all box.

IT Complete

  • Fixed an error that prevented access to the 2FA configuration page if a user was logged in with KaseyaOne.
  • Fixed an issue with Autotask Integration where non-admin users were unable to map a company for which they had permissions.

Monitoring

  • Fixed an issue with the hardware monitoring library which could cause the hardware type to be shown as unknown in the Notifications > Hardware section of VSA X Manager.

  • Fixed an issue where users with read-only access to a system did not receive email notifications.
  • Fixed an issue where event log filters that were saved from VSA X Manager containing unsupported Application and Services event log types could be imported to the web application but in an incomplete state. Unsupported log types will now be displayed as disabled and cannot be selected for import.

NOTE  The web application only supports monitoring of Windows event logs (System, Application, Security). Support for Application and Services event logs will be added in a future release.

Networks

  • Fixed an issue where SSH session could not be established to enrolled devices with Ubuntu v22.x.

Patch Management

  • Fixed an issue where Patch policies could not be deleted even though they had no machines assigned.