VSA 10: Version 10.7 release notes
NOTE During release deployment, all active web application sessions will be disconnected, and customers will need to log in again at the beginning of the maintenance window. SaaS customers will be informed of their maintenance window via status.kaseya.net. Deployment for SaaS customers is expected to roll out in stages based on region. On-Premises deployment will follow a week later.
General Availability: March 21, 2024
Key feature enhancements
Apple MDM configuration profiles
In this release, we introduce the Apple MDM configuration profiles. With the MDM configuration profiles, you can create predefined setup templates for supported Apple devices and associate them with management policies.
With MDM configuration profiles, you can automate the setup of networking settings, security policies, hardware, operating system, and application restrictions from the moment the device is enrolled.
MDM configuration profiles relate to the Device Configuration policy type and are split into the following profile types:
Policy type | Profile type | Description | Profile section |
---|---|---|---|
Device Configuration | Apple MDM Networking | Manage network configuration, including WiFi, Ethernet, and VPNs. | WiFi, Ethernet, cellular, firewall, DNS, proxy, VPN, AirPlay, AirPrint, and so forth. |
Device Configuration | Apple MDM Security | Control sensitive security-related device settings. | Authentication, Certificates, Parental controls, Encryption, Passcodes, and so forth. |
Device Configuration | Apple MDM Restrictions | Manage hardware, operating system, and application restrictions. | Bluetooth, Camera, Game Center, App Store apps, Lock screen configuration, Authentication configuration, and so forth. |
Device Configuration | Apple MDM System Configuration | Enable or disable interface elements, manage login behavior, and control system updates. | Login behavior, User experience, Preferences, System extensions, and so forth. |
For more information, refer to VSA 10 MDM: Apple MDM profiles.
Other feature enhancements
Device monitoring
This release includes several improvements to agent and network device monitoring.
SNMP monitoring
SNMP alerts now include the ability to trigger notifications based on a change to a previous value regardless of what the existing value was or the new value is.
There are two ways to take advantage of this new SNMP condition:
- Configure as a condition type: Useful for when a monitored value changes from its previous value and you don't require additional logic.
- Use as a variable value: Useful when comparing the latest value against the previous value combined with various condition types, like equal to, greater than, less than, and so forth.
Service monitoring
Service monitoring now includes the ability to trigger notifications when a monitored service is missing on an agented device and when a monitored service was in place but has been removed.
NOTE This feature is applicable only to services that are explicitly listed in the Additional Services and Exclusions section of the Monitoring: Monitored Services profile. It does not apply to Automatic Services.
The device details pane has been enhanced to show any monitored services that are missing, even if the service is not configured to generate an alert. If a particular service is configured to generate an alert, a notification will be generated for each individual service.
This release includes support for Windows agents only. Support for Linux and BSD agents will be added in a subsequent release.
Patch Management
- In this release, we improved patch history error messages to provide more details about common issues, including missing prerequisites or unsupported application versions.
UI improvements
- An improvement was made to the left navigation menu, adding a static footer with a predetermined size to ensure all navigation entries can be accessed regardless of browser or display resolution.
Automation
Execute workflow actions as current user
We have enhanced the execute as current user feature in supported workflow actions. No longer do we emulate the current user from the NT AUTHORITY\SYSTEM account; instead, we proxy and execute the commands as the true current user logged on to the console.
The following workflow actions are supported for this feature:
- Execute File
- Execute Shell Command
- Execute PowerShell Command
- Run Script
Executing as the true current user delivers valuable new features, such as the following:
- Enables automation targeting the current user context not previously possible from System, such as managing and executing user-specific files, policies, registry, and desktop settings.
- Full environmental variable support from the current user context.
- Allows for running scripts to execute onboarding, Microsoft Teams cache cleanups, user audit, and remediations as the current user, both for Microsoft 365 and Active Directory-joined devices.
EXAMPLE For example, %UserName%, %Downloads%, and %OneDrive%.
Send Message improvements
The Send Message and Get Device Value > Has User Confirmed workflow actions can now be fully customized with text and variables.
- The message icon in the upper-left corner is now the custom tray icon from server settings.
- The message title text is configurable, including variable support.
- The message text is configurable, including variable support.
- The YES/NO confirmation buttons presented to the current user in Get Device Value > Has User Confirmed is now customizable with text up to 20 characters.
Distributed workflow templates
This feature will be released by Wednesday, March 13.
We now support workflow templates as part of our distributed automation content packs. To access the template library, navigate to Automation > Workflows > Actions > Create from Template. This list will be updated frequently, so please revisit the library for new templates and ideas. The following templates will be available for the initial launch:
- System Registered: On-Boarding New Device
- Ad-Hoc: App Deploy: 7zip MSI Example
- Ad-Hoc: App Deploy: 7zip EXE Example
- Ad-Hoc: Ask For User Approval To Reboot
- Scheduled: Send Message If Uptime Is More Than 10 Days
- Ad-Hoc: Audit BitLocker Status
- Service Stopped: Print Spooler Cleanup And Remediation
- User Logged In: Map Network Drive As Current User
Onboarding checklist
- The endpoint policies tutorial video on the Setup Checklist page has been updated to reflect the new policy design.
Integrations
Enabling unified login with Kaseya One
VSA 10 now supports KaseyaOne Unified Login, which provides single sign-on capabilities and a range of user management tools.
For more information, refer to Unified Login with KaseyaOne
Integrated service ticketing with BMS/Vorex
Refer to BMS live ticketing in BMS/Vorex Integration.
A new ticketing module has been released for technicians and IT teams within VSA 10. A technician who uses VSA 10 can access ticketing from either the VSA 10 web application or the VSA 10 mobile application (iOS or Android).
With this innovation, VSA 10 has improved the ticketing process, as technicians can manage tickets within the same tool they will use to identify and fix the issue — and they can do this anywhere with the full functionality of the VSA 10 mobile app.
Prerequisites
- BMS/Vorex integration enabled in VSA 10
- Ticketing permission in VSA 10 (Edit)
- BMS/Vorex credentials
A ticketing menu item will be available in the VSA 10 left navigation menu to access this feature. Here, users can view, create, update and monitor the real-time status of tickets that are being resolved using any device of their choice.
The launch of this in-app ticketing module has simplified the process and made it more efficient.
Web application instructions
- From the left navigation menu, click Tickets.
- Click Log In to BMS Account and enter your BMS or Vorex credentials.
- You can view and edit all the tickets that you created or any ticket that you have permission to view/edit.
- You can create or edit a PSA ticket directly from VSA 10 using the Create Ticket button in the upper-left corner of the page.
By reducing the time spent on ticketing, technicians will be able to concentrate on other key tasks without having to switch dashboards or log in to a separate portal.
Mobile application instructions
The BMS/Vorex integrated service ticketing feature will also be added to the mobile app as part of this release. Complete the following steps:
- Navigate to the integration in the app.
- Enter valid credentials.
- View the list of tickets.
- View the ticket details.
Upgrade Wizard
The Upgrade Wizard now includes select and transfer agent-based VSA 9 monitor sets to VSA 10 device monitoring profiles. Once transferred, the profiles can be used in any device policy as part of the monitoring. The supported VSA 9 monitor sets are as follows:
- Performance Counters
- Services
- Processes
API
API enhancements in this release focus on platform information, custom data, and object filtering. As follows are several new API endpoints:
- Get Environment Information: Use this endpoint to get platform information, including version, server type, language, region, and more.
- Scopes
- Get All Scopes: Returns a list of scopes.
- Get a Specific Scope: Returns the details of a specific scope.
- Get Scope Usage: Returns the list of places where the scope is used.
- Custom Fields: This set of APIs can be used for organization, site, group, and device custom fields.
- Get All Custom Fields: Returns a list of custom fields.
- Get a Specific Custom Field: Returns the details of a specific custom field.
- Get Custom Field Usage: Returns a list of places where the custom field is used.
- Assign a Custom Field: Assigns a custom field.
- Update an Assigned Custom Field: Updates the value of an assigned custom field.
- Unassign a Custom Field: Unassigns a custom field.
API documentation can be found at your server domain followed by the path /api (for example: https://exampleserver.vsax.net/api).
API rate limiting
An error was affecting the following v3 endpoints:
- Get All Groups
- Get a Specific Group
- Get Group Custom Fields
- Get All Custom Fields
- Get a Specific Custom Field
- Get Custom Field Usage
- Get All Scopes
- Get a Specific Scope
- Get Scopes Usage
- All Notification Webhook-related endpoints
Before the fix, these endpoints were limited to 1,440 calls per day. After the fix, they will accept 3,600 requests per hour.
Bug fixes and other improvements
Systems
- The Account > Manage Systems page has been deprecated. Its functionality is superseded by the Systems > Advanced Search page. Refer to Finding and managing devices.
- Fixed an issue where Favorites could take a long time to load when rendering a device details pane.
Automation
- Fixed an issue in workflow creation where a system-registered workflow trigger failed to send a notification or email to indicate a new system is registered.
- Fixed an issue where a workflow failed to execute successfully, and the Workflow History page was displayed as blank.
- Fixed an issue where users were unable to save, edit, or run a workflow by middle-clicking on the workflow section.
- Fixed an issue that could cause custom field assignments to be unexpectedly removed.
- Fixed an issue where the Workflow History page was accessible by a user who did not have access to the Automation module.
- Fixed an issue where a workflow with an event ID trigger did not execute when a matching event was logged on the managed machine.
iOS application
- Fixed an issue where a browser registration form was incorrectly displayed during the KaseyaOne login flow.
VSA 9 Upgrade Wizard
- Fixed an issue with the alignment of the username check box on the Users and roles page of the Upgrade Wizard.
Networks
Fixed an issue where the network discovery would not complete if a device is discovered with a MAC address that is already associated with a custom (user-defined) device.
This scenario is now handled in the following way:
- The custom device will be automatically converted to a discovered device (user will not be able to delete it).
- It will inherit all user-defined attributes (name, position on the map, and so forth).
- Validation has been added to prevent a custom device being created with a MAC address matching an existing device.
Ransomware detection
- Fixed an issue where machines with the Network Isolated status were still connected to the internet and had access to other network resources.
Monitoring
- Enhanced the Pending Reboot notification to report the trigger condition that requires the managed machine to be rebooted.
Web application
- Fixed an issue where a machine could not be found using the Find systems by name or logged in user search box if it was not currently displayed on the All Systems page.
- Fixed an issue where certain user interface elements were displayed in the wrong language.
BMS Integration
- Fixed an issue where the integration failed if the BMS instance name contained '-'.
Reporting
- Fixed an issue where the Windows backup report failed if data contained French characters such as "é".
ConnectWise Integration
- Fixed an issue where the PSA Ticket Closed workflow failed on the Update PSA Ticket step.