VSA 10: Version 10.3 release notes
The VSA 10.3 release offers many new innovations and integrations to better support your IT operations. This release includes major enhancements in Remote Control, Managed Files, and several other improvements.
Release schedule
EAP: Friday, June 16, 2023
General availability: Thursday, June 29, 2023
Known issue
This release contains a few known issues related to the Remote Control 1-Click functionality. The team is actively working to resolve each issue as soon as possible:
- 1-Click and IT Glue integration (existing feature prior to 10.3)
- IT Glue Related Passwords are missing from the 1-Click drop-down menu. Only IT Glue Embedded Passwords are currently available for use.
- Native 1-Click (a new feature introduced in 10.3)
- The 1-Click option and the Native 1-Click selection item are showing in the Remote Control section only under certain conditions.
We are working to resolve these issues and will update this message as we have more information.
Key feature enhancements
Remote Control
This release includes two new features to improve the Remote Control experience:
- Native 1-Click Access: Native 1-Click is a new option to our existing 1-Click capabilities. The feature allows a technician to establish a Private Remote Desktop Session with a target Windows Agent while the Windows login process is simultaneously and automatically performed in the background using a preconfigured local administrative user account, all with a single click.
One of the key benefits of this feature is to enable a technician to establish a remote administrative session without the requirement to first create a user account on the target device and without the requirement of knowing the credentials of an existing local user account.
NOTE The use of this feature can be restricted with a team permission setting.
NOTE Allow 1-Click Access is enabled by default for all user-defined teams but can be explicitly disabled for each team.
- A local administrative user account with a randomized password is automatically created on the target Windows Agent.
If the user already exists, from a previous 1-Click session (for example, the account will be enabled, and a random password will be applied).
The name of the local account can be customized via Configuration > Settings > Remote Control Settings.
- A Private Remote Desktop Session is launched, and the credentials from the previous step are used to automatically log in.
- Upon termination of the session, the local user account is disabled.
- The use of 1-Click is logged and can be tracked via Server Admin > Audit Log.
- A local administrative user account with a randomized password is automatically created on the target Windows Agent.
- Blackout end user's screen: This new capability is useful for working with sensitive information and devices during Remote Control sessions. It allows the technicians to optionally block a local user (end user) from viewing the technician's screen activity while the Remote Control session is active.
When active, the technician's remote activities will not be visible on the monitor or display of the local device. Instead, a banner will be displayed on the local monitor to inform a user that a remote administrator is working on the device. This banner is meant to prevent the end user from powering off their device.
In addition to blocking the local display, the local inputs (that is, keyboard and mouse) will be disabled to prevent a local user from inadvertently interfering with the technician’s remote activity.
To further understand this feature, the following outlines the steps that occur when using Native 1-Click:
Managed storage support (Managed Files)
VSA 10 now includes the ability to centrally and securely store and distribute files to devices. Upload files to VSA 10 from the user interface and use the Write File Workflow Action for common automation tasks such as custom applications installers, font configuration files distribution, and printer drivers. Files are encrypted at rest and in transit, decrypted by the device.
Upload and store files on VSA 10:
Use Workflow Action Write File to download files to devices: 
Patch Management
CVE/CVSS rules: With this release, it is now possible to configure Patch Policy automation rules using vulnerability codes (CVEs) or vulnerability severity scores (CVSS). This simplifies the risk-based patching configuration.
Prioritization of software catalog updates based on severity: VSA uses a tiered approach to prioritize the testing of software updates and adding them to the catalog. With this release, we improved this process by prioritizing updates according to the severity of resolved vulnerabilities. This ensures that the most critical updates are addressed first.
The following table outlines the updated schema of the processing of software new versions:
| Tier 1 | Tier 2 | Tier 3 |
|---|---|---|
| 1 business day | 5 business days | 10 business days |
Critical Patch Severity (CVSS v3.0 9.0-10.0) or any update on the following software:
|
High Patch Severity (CVSS v3.0 7.0-8.9) or any update on the following software:
|
All other updates. |
Windows update configuration: To help you stay compliant with Patch Policy, VSA now offers the ability to fine-tune the Windows Update service. With this feature, you can prevent end users from making modifications to patching configuration and also have control over automatic updates. You can also defer quality or feature updates, and configure active working hours.
Additionally, Patch Policy now supports driver updates.
NOTE This option is turned off by default.
macOS update configuration: With this release, you can now configure updates for macOS computers. It is possible to control automatic updates of the operating system, internal software, and AppStore applications. Additionally, you can specify a deferred period for major and minor operating system updates.
These settings are supported only for computers enrolled through MDM.
Mobile application: Launch ad-hoc workflows: This release includes a feature to run ad-hoc workflows from the mobile application for active workflows that contain ad-hoc or scheduled triggers.
The key benefit of this feature is it allows a technician to quickly execute ad-hoc workflows directly from their mobile device without having to access the web application.
To access the new feature, complete the following steps on your mobile device:
- Tap Workflows on a system.
- Tap an active workflow from the list. (A green dot indicates a workforce is active.)
- Tap Start to continue.
- To confirm, tap Start.
- A toast message is displayed that indicates that the start workflow command was sent.
- The Workflow Executions list is displayed once the workflow is completed.
New BSD Agent: This release includes a new Agent, which supports installation on BSD platforms such as pfSense, FreeBSD, and OpenBSD.
The BSD Agent is based on the VSA 10 Linux Agent and will support the same functionality. It will also be included in search and other query results when using pre-defined Linux filters.
KaseyaOne SSO v2: VSA 10 has been updated with a new version of KaseyaOne single sign-on (SSO).
The new version includes several important updates:
- Introduction of a new SSO flow based on the OIDC standard: This change greatly simplifies the configuration and account mapping process by reducing the previous four-step configuration and mapping process from version 1 into one step in version 2. Refer to the new configuration steps below.
- Introduction of a new requirement for mapping VSA 10 and KaseyaOne user accounts: Version 2 requires a VSA 10 user account email address to match a corresponding KaseyaOne user account email address.
The mapping, or association, of the VSA 10 user accounts with the KaseyaOne user accounts will occur automatically using the email address. - Migration of existing VSA 10 and KaseyaOne account mappings from v1 to v2: For each VSA 10 user account that was previously mapped to a KaseyaOne account, it will either be migrated to v2 automatically or the mapping will be removed.
An existing mapping will be removed if the email address of the VSA 10 user account does not match the email address of the KaseyaOne user account it was associated with. To reestablish a mapping, update the email address of the VSA 10 account and the KaseyaOne account to match. - General usability improvements: Once KaseyaOne login has been enabled for a VSA 10 instance, all VSA 10 users with a corresponding KaseyaOne account will be able to log in with their KaseyaOne account from the VSA 10 login page and from the VSA 10 KaseyaOne app launcher icon in the upper-right corner of the VSA 10 header.
Complete the following steps to configure and use KaseyaOne SSO:
- Login with KaseyaOne must be enabled for the VSA 10 instance. This step can only be performed by a VSA 10 built-in administrator and can only be enabled once for the entire VSA 10 instance.
- Once enabled, each user will have the ability to log in with KaseyaOne from the KaseyaOne icon in the VSA 10 header or from the VSA 10 login page.
- After a VSA 10 user has performed a successful login with KaseyaOne, the KaseyaOne icon in the VSA 10 header will be automatically replaced with the KaseyaOne app launcher (the waffle icon).
Content
Additional SNMP templates
Six new report SNMP templates are available in Advanced Reporting:
- Antivirus Protection Summary
- Antivirus Protection
- TOP problem devices
- Unsupported Windows OS versions
- Hardware compliance
- Device Performance
Additional filters were added to templates: Agent Group and Device Name.
Integrated Customer Billing for Autotask and BMS
This release includes the capability for BMS and Autotask to update contracts with each customer’s usage of VSA 10 products. Intuitively map consumption data from VSA 10 to BMS and Autotask services.
Integrated Customer Billing is a new feature introduced as part of billing automation. Eliminate hours of manual reconciliation and optimize your revenue.
- In BMS, Integrated Customer Billing is now available under Finance > Contracts > Recurring. The Integrated Customer Billing tab shows under Automated Billing options. Find the detailed guide.
- In Autotask, Integrated Customer Billing is now available under Admin > Extensions & Integrations > Kaseya Integrations > Integrated Customer Billing. Find the detailed guide.
| Metric Type | Description |
|---|---|
| Total Licensed Devices | Total number of devices under management (defined as having consumed a single device license whether it is network-enrolled, has an Agent, is MDM-enrolled. A device will only count once regardless of its enrollment types). |
| Network Devices | Number of enrolled devices that do not have an Agent installed and are not enrolled in MDM. |
| Agented Devices | Number of devices that have an Agent installed. |
| MDM Devices | Number of devices that are enrolled in MDM (includes Agentless and Agented devices). |
| Devices with Webroot | Number of devices that have an Agent installed and have Webroot installed. |
| Devices with Bitdefender | Number of devices that have an Agent installed and have Bitdefender installed. |
| Devices with Ransomware Detection | Number of devices that have an Agent installed and have Ransomware Detection installed. |
| Devices with Patch Management | Number of devices that have an Agent installed and have an active Patch policy applied. |
| Monitored Network Devices | Number of enrolled Network Devices (enrolled devices that do not have an Agent and are not enrolled in MDM) that have a Monitoring assigned directly or through a Monitoring policy. |
| Monitored Agented Devices | Number of Agented devices that have a Monitoring policy assigned. |
| Webroot Enabled |
Webroot is active for at least one device in a given organization, site, or group. |
| Bitdefender Enabled |
Bitdefender is active for at least one device in a given organization, site, or group. |
| Ransomware Detection Enabled |
Ransomware Detection is active for at least one device in a given organization, site, or group. |
| 3pp Enabled |
3pp is active for at least one device in a given organization, site, or group. |
Header improvements
This release includes several user interface and user experience improvements to the header.
These improvements bring consistency to the Header utilities in terms of behavior and styles, provide a new help utility for accessing all VSA 10 Help content and include improvements to the What’s New feature.
- The header height has been reduced to maximize space on the page.
- The styles of the search bar and menu have been updated.
- The button styles in the header have been updated.
- The icons for the header utilities have been updated.
- A new hover state has been added to the header utilities.
- A new active state has been added to the header utilities.
- New tooltips have been added to the header utilities.
- A new drop-down menu has been added to the Notifications utility in the header for quick access.
- A new Help utility has been added to the header with links to VSA 10 Help content.
- The What’s New feature has moved from the header to the bottom of the Help menu and now includes version and date information.
Bugs
Automation
- Fixed an issue where a line break was showing in the subject line of workflow notification emails.
- Fixed an issue with the Send Message action where messages with more than 1,000 characters were not displayed properly on the endpoint.
- Fixed an issue where workflow with ad-hoc or scheduled triggers did not execute Patch Policy actions.
- Fixed an issue where the workflow condition on the scope failed on all machines.
Dispatcher
- Fixed an issue where the access token failed to get created without errors.
- Fixed an issue where the dispatcher was called although the token was missing on the Apple MDM tab.
Integrations
- Fixed an issue in the Bitdefender Integration where incorrect descriptions were displayed on confirmation dialogues when running virus updates or scans.
- Fixed an issue in the ConnectWise Manage Integration where a non-admin user with full PSA team permissions was unexpectedly logged out when trying to create a ticket.
- Fixed an issue in the ConnectWise Manage Integration where organization mapping could not be deleted.
- Fixed an issue where ConnectWise companies were sorted by the date created instead of alphabetically.
Networks
- Improved device discovery when scanning across subnets.
- Fixed an issue in SNMP profiles where fake OID was displayed as correct if it had a specific value.
- Fixed an issue where the status for discovered Hyper-V device was reported as Unknown instead of Saved.
Onboarding
- Fixed an issue where new systems erroneously displayed No License Available.
Patch Management
- Fixed an issue where OS patching errors do not appear in the patch history.
- Fixed an issue where patch policies could not be deleted.
Policies and profiles
- Fixed an issue where an exported device configuration profile exposed sensitive information for Autotask and Zendesk profiles.
- Fixed an issue where running process from a Linux agent could not be added to a Monitoring: Processes Profile.
Remote Desktop
- Fixed an issue where error detail was not logged or displayed when native RDP web socket failed.
- Fixed an issue with mouse control during a multi-monitor remote control session.
Reporting
- Fixed an issue where Executive Summary and Local Disks Usage reports were failing to render.
Team permissions
- Fixed an issue where a user without appropriate team permissions was able to add a new system and download an Agent.
VSA 9 upgrade
- Fixed an issue where VSA 10 agents were not deployed during the upgrade from VSA 9.
