VSA 10: Version 10.20 release notes

NOTE  During release deployment, all active web application sessions will be disconnected, and customers will need to log in again at the beginning of the maintenance window. SaaS customers will be informed of their maintenance window via status.kaseya.com.

Schedule*

Region Date Starting Time (EST)
APAC Tuesday, July 22, 2025 14:00
EMEA Thursday, July 24, 2025 15:00
US Tuesday, July 29, 2025 20:00
On-Premises Tuesday, August 5, 2025 12:00

NOTE  *The schedule is subject to change. Check the Status page for regular updates. Any changes made to the original schedule are denoted in red.

In this release, agents will be updated to version 10.20. Some features will only be available once the agent has been updated. For each tenant, agents are programmed to automatically, randomly update within a 36 hour window following the release deployment. A device's agent version can be viewed and can be manually updated by navigating to Device Details > Software > Agent Version.

The agent version for this release is 10.20.

Key feature enhancements

Cooper Copilot for Workflows now available for all customers

With this release, Cooper Copilot for automation workflows will be available for all users with team permissions to edit Automation.

Content creators will be able to use our powerful Cooper Copilot feature to ease the process of building automation workflows. Users can start using Cooper Copilot by going to Automation > Workflows > User Defined > Actions > Create with Cooper Copilot.

For more information, refer to Create Workflows with Cooper Copilot.

iOS Remote View now available for US

In this release, Remote View for iOS devices is now available automatically for accounts in the US service region. While this feature will be available for all regions later this year, you can still reach out to us to request early access.


NOTE  This feature is still currently in early access for other regions, and can be enabled upon request.

Policy Management: Global profile enforcement

With this release, administrators can now quickly apply or remove policy configurations across the whole environment without having to individually modify each organization level policy or extension. With this new feature:

  • When creating or editing a global policy, an optional Enforce Globally setting is available when assigning profiles. If selected, the profile will be automatically applied to all organizational policies and extensions.​ An Enforce All selector can be used for bulk enabling the setting for multiple profiles.

  • Globally enforced profiles are displayed in downstream organizational policies and extensions with a chip to identify them. Any non-cumulative profile of the same type that was directly assigned or inherited from an organizational root policy will be shown in the Replaced or Removed list, and replacement cannot be undone without removing the enforcement from the global profile.

  • When removing a globally enforced profile from the global policy or disabling enforcement, the profile is automatically removed from organizational policies and extensions, and any profiles it replaced are automatically reapplied.

Kaseya VSA 10 mobile app updates

  • With this release, multi-instance support has been enabled in the VSA X mobile app, allowing users to configure and access multiple VSA 10 instances without needing to reconfigure the app or use separate devices. Users will be able to switch between configured instances seamlessly within the mobile application.

  • The VSA X mobile app has been updated for Android and iOS users with the following diagnostic and visibility enhancements: 

    • Mobile clients now display detailed local IP address information, including interface names, IPv4/IPv6 addresses, subnet, gateway, and DNS.
    • You can now view all policies currently assigned to a device in the mobile app, across all policy types.
    • The device management type is now visible in the mobile app for better context during troubleshooting.
    • Diagnostic logging (enable, monitor, disable) can now be controlled from the Manage section of the mobile app.

Device card storage browser: File management enhancements

Technicians can now perform the following file and folder operations directly on a remote device using the Device Card storage browser, eliminating the need for a remote desktop session or to upload and download files:

  • Create Directory: Creates a new directory in the currently selected location on the device.​
  • Copy To: Copies files/folders to another location in the device’s file system (supports bulk action)​
  • Move To: Moves files/folders to another location in the device’s file system (supports bulk action)​
  • Rename: Rename a file or folder

Remote Desktop Secure Clipboard

This release introduces a new security feature to prevent accidental sharing of clipboard content between technicians and end users during concurrent remote desktop sessions:

  • Added a new configuration to the Settings menu in the Remote Desktop client application called Enable Secure Clipboard. If checked:
    • No content will be automatically copied from the technician’s clipboard to the remote machine, or vice versa. It will not be possible to copy content between the technician and remote machine using standard operating system controls such as Ctrl+C/Ctrl+V.
    • A Secure Paste button is displayed in the toolbar which can be used to paste text from the technician’s clipboard to the remote device.

  • Added a new setting Enforce Secure Clipboard to the Remote Desktop configuration profile (disabled by default). If enabled, the Secure Clipboard setting will be enforced for remote desktop sessions to applicable devices.

Automation Updates

Managed Files - support for updating existing files and content package import

The Managed Files feature has been updated to support updating existing files and import via content packages.

  • It is now possible to upload a new file with the same name as an existing managed file. If a file being uploaded has the same name as an existing file, the technician will be prompted whether to overwrite the existing file or provide a new name. If they opt to overwrite it, any workflows referencing the file in a Write File action will automatically be updated to use the newly uploaded file for future executions.
  • Content packages import now supports managed files.

Technician prompt for variable input when executing workflows: 

Sometimes execution of a workflow is dependent on a variable which can change between executions. Enabling technicians to input the value during execution avoids the need to manually update the workflow or associated custom fields each time it's executed. With this new feature:

  • A new Prompt Technician for Value toggle is displayed in the Workflow editor when defining a Constant Value within an ad-hoc or scheduled workflow.​ It supports string, numeric or date values. A default value is required, with an optional custom message prompt.​
  • Multiple prompts can be defined within the same workflow.​
  • On ad-hoc execution of the workflow from the Automation > Workflows or Devices > Device Management page, the technician will be prompted to enter a new value or keep the default one for each defined prompted variable.​
  • For recurring scheduled executions, the default value defined in the workflow will be used.
  • The VSA9 migration wizard has been updated to convert getVariable() agent procedure steps with “Prompt When Procedure Is Scheduled” option to Get Device Value steps in the target workflow with technician prompt enabled.

Workflow template visibility improvements when creating workflows: 

Kaseya provides a range of Workflow templates to address common use cases and enable customers to quickly benefit from the power of VSA10 automation. In this release, we have enhanced the Automation > Workflows management page for better visibility of templates when creating workflows:

  • Added a new Create from Template button in place of the previous Actions.
  • Replaced Create Workflow with a new Create button with drop-down selection for Create New, Create from Cooper Copilot, Import Workflow and Import from VSA9.

Additional Workflow notification triggers: 

This release adds four new notification types as Workflow triggers, enabling automated response and remediation of a wider range of monitored conditions:

  • Reboot Pending
  • Patches Available
  • Antivirus Disabled
  • Antivirus Out Of Date

NOTE  the Reboot Pending trigger will be enhanced in a future release with a parameter to evaluate the pending action requiring a reboot (patch deployment, file rename, etc), so that conditional logic can be used in the workflow to perform specific actions depending on the reason a reboot is required.

Enhanced audit logging of Workflow executions: 

An Audit Log record is now created each time a workflow is executed, including the workflow name and additional details based on execution type:

    • Ad-hoc execution: Name of the user who initiated the execution.
    • Scheduled execution: Name of the user who created the schedule.
    • API initiated: User or integration name associated with the authentication token.
    • Execution by another Workflow: Name of the user who executed or scheduled the parent Workflow.
    • Triggered by Notification: Notification type.

    • API Improvements

    With this release, four core organization API endpoints have been updated to support team access management: 

    • Create Organization: Now supports initial team assignment during creation
    • Update Organization: Modify team access levels for existing organizations
    • Get Organization: Returns team access information
    • Get All Organizations: Includes team access data in bulk queries

    Put simply, new Team Access Control organizations can now be created and managed with granular team access permissions directly through the API, eliminating the need for manual UI configuration after organization creation.

    Enhanced Help menu

    The Help menu in the top navigation bar has been enhanced with:

    • A new Interactive Guides section, providing access to training videos and self-guided onboarding tasks.
    • Updated version reporting to show the currently installed version instead of the latest released version. A tooltip will be displayed if there is a newer version available.

    Device Management: Installed application filtering

    With this release, Device Management views have been enhanced to support filtering by installed (or not installed) application and version:

    • Available Application Name operators:
      • Is equal to: An application is installed with exact name match
      • Is not equal to: No application is installed with exact name match
      • Contains: An application is installed with a name containing the specified text
      • Does not contain: No application is installed with a name containing the specified text
    • Available Application Version operators:
      • Any: Version filtering is not applied, matches only by application name.
      • Is equal to: Installed version exactly matches specified value.
      • Is not equal to: Installed version does not exactly match specified value.
      • Is greater than: Installed version is newer than specified value.
      • Greater or equal: Installed version matches or is newer than specified value.
      • Is less than: Installed version is older than specified value.
      • Less or equal: Installed version matches or is older than specified value.
      • Contains: Installed version string contains the specified value.
      • Does not contain: ISnstalled version string does not contain the specified value.
    • Filter results are based on the standard application audit data (visible in the Device Card > Software > Applications section) for the following device types:
      • Windows
      • macOS
      • Linux
      • MDM devices (iPad / iPhone)

    Operations at scale: enhanced data grids

    Enhanced data grids on several pages to reduce the height of each row, allowing more data to be displayed without scrolling.

    Secure auditing of Windows command executions

    With this release, a new application event log called VSA X-CommandAudit has been created on managed Windows devices, accessible only to users with administrator permissions, for auditing of commands executed from the device card via a Terminal or Powershell session. In the general Application event log, the command is replaced with a reference to the secure audit log. This change was made to prevent exposing commands, which may contain sensitive information, to non-elevated users.

    Proxy server support for macOS agent

    macOS agents can now be configured using the VSA X Manager application to communicate with VSA through a proxy server. If configured, all communication to the server, including remote desktop sessions, will be routed through the proxy.

    MDM Updates: 

    • This release introduces the ability to view, search, and manage iOS devices by their IMEI number. Technicians can now easily check a device’s IMEI from the device card, and look up a device by IMEI, enhancing asset tracking and management across enrolled devices.
    • This release introduces support for Apple’s WebClip payload, allowing administrators to pin web-based applications directly to the home screen of managed iOS devices. Organizations can now deliver internal or third-party web apps with the look and feel of native apps, enhancing accessibility and user experience. The WebClip configuration is available under the Apple MDM System Configuration profile.
    • Updates for MDM profiles:
      • MDM profiles settings can now be filtered by operating system (iOS, iPadOS, macOS). This allows technicians to view only the applicable settings for the selected platform.
      • Deprecated MDM profiles settings are now indicated visually with a flag. This helps identify settings that are no longer recommended for use.
      • All MDM profile settings and metadata have been updated according to the latest Apple MDM repository.

    3rd-Party Patching: May-June Updates

    New titles: 

    • PowerShell 7.4 (32-bit)
    • PowerShell 7.4 (64-bit)
    • PowerShell 7.5 (32-bit)
    • PowerShell 7.5 (64-bit)

    Discontinued titles: 

    • Java(TM) SE Development Kit 8 (64-bit)
    • Java(TM) SE Development Kit 8 (32-bit)
    • Skype

    Refer to VSA 10 software application catalog.

    Fixes

    Advanced Reporting

    • Fixed an error rendering "Installed Patches" report if scope includes devices with no installed patches.

    API

    • Resolved API pagination limitation that restricted device, workflow, and notification endpoints to displaying only 100 records by implementing OData nextUrl support for complete data retrieval in Power BI integrations.

    Automation

    • Improved Workflow execution performance for the following actions, eliminating a 1-2 minute delay between execution of the task on the agent side and processing of the next Workflow action:
      • Run Task
      • Kill Top Process
      • Start Service
      • Stop Service
      • Restart Service
      • Get Device Value
      • Execute File
      • Execute Powershell
      • Execute Shell
    • Fixed a rare case where a workflow containing Run Script actions could fail due to missing script references.
    • Fixed a formatting issue with the trigger name column on workflow folder content grids.
    • Fixed an issue where a back button was not displayed when viewing a task's execution history, meaning the user could not navigate back to the previous page.
    • Fixed an issue where the "Skip if Offline" setting in scheduled workflows was not respected, resulting in unexpected later execution on devices which were offline at the scheduled time.
    • Fixed an issue where delete file actions were not registered correctly after importing a workflow, causing the action to fail on execution of the workflow.
    • Fixed an issue where default workflow templates were incorrectly migrated to the User Defined folder on new tenants.

    Apple MDM

    • Fixed an issue where Apple Business Manager (ABM) enrollment profiles could fail to assign during device enrollment due to a missing profile. If the enrollment profile is not found, the system now attempts to recreate it and reassign it automatically, ensuring smoother enrollment.
    • Fixed an issue where duplicate MDM commands were being queued for devices, especially when devices are offline. VSA now intelligently detects and blocks redundant commands with identical parameters, reducing command queue bloat and improving system efficiency.
    • Fixed an issue where the management type was not displayed for offline devices, except for those managed by an agent. The correct management type now appears consistently across all offline devices.
    • Resolved an issue affecting MDM-enrolled devices where applications without an identifier were repeatedly stored, leading to duplicate entries in the installed application list.

    BMS/Vorex Integration

    • Fixed an issue in the BMS/VSA10 integration where remote control sessions do not display the last logged-on user.

    Device Management

    • When viewing device details, the EMM device category has been renamed to MDM to reflect current terminology.
    • The Device Management page now displays serial numbers for MDM-enrolled devices. You can also search devices by serial number to quickly locate specific entries in the list.
    • When initiating bulk actions from the Device Management page, the Select Script and Select Workflow dialogs have been enhanced to allow more space for longer folder paths.
    • Fixed an issue where the Devices > Groups page failed to load due to an object reference error.
    • Fixed an issue where device move bulk actions initiated from Device Management page got stuck in a "pending" state.
    • Fixed an issue where a timeout error would trigger when downloading larger files from a Linux device.
    • Fixed an issue where "Data not available" error would occur on Device List page after removal of devices.
    • Fixed an issue where the Device List page showed a "data not available" error when trying to view data for SNMP devices.
    • Fixed an issue where the current user session on a macOS device could not be logged out using the Users section of the Device Card.

    IT Glue Integration

    • Fixed an issue where one-click credentials from IT Glue stop working after a remote session has been open for more than 15 minutes.

    Organizations

    • Fixed an issue where saving an organization would intermittently result in a "Cloudflare 524" error.
    • Fixed an issue where non-admin users were unable to manage Organizations, Sites, or Agent Groups they created.

    Patch Management

    • Fixed an issue where Edit button would not respond after initially opening a patch policy in view mode.
    • Fixed an issue where Patch History was not updated after deployments under certain circumstances.

    Site Maps

    • Fixed an issue where a network discovery stopped prematurely due to a failed ARP request from the probe to a single device, preventing full network device discovery. After this fix, only devices where the request failed will be missed from the scan.

    Web App

    • Fixed an issue where the left navigation menu selection was not updated to reflect the current page after using device click-through links on Patch Status views to access device details.
    • Fixed an issue where notification text was truncated on the Devices > Notifications page.
    • Fixed an issue where "Legacy" device groups could not be deleted in certain cases.