VSA 10: Version 10.23 release notes

NOTE  During release deployment, all active web application sessions will be disconnected, and customers will need to log in again at the beginning of the maintenance window. SaaS customers will be informed of their maintenance window via status.kaseya.com.

Schedule*

Region Date Starting Time (EST)
APAC Thursday, November 20, 2025 12:00
EMEA Thursday, November 20, 2025 15:00
US Thursday, December 4, 2025 21:00
On-Premises Thursday, December 11, 2025 21:00

NOTE  *The schedule is subject to change. Check the Status page for regular updates. Any changes made to the original schedule are denoted in red.

In this release, agents will be updated to version 10.23. Some features will only be available once the agent has been updated. For each tenant, agents are programmed to automatically, randomly update within a 36 hour window following the release deployment. A device's agent version can be viewed and can be manually updated by navigating to Device Details > Software > Agent Version.

The agent version for this release is 10.23.

Key feature enhancements

FIPS 140-3 compliant cryptographic communications (SaaS platform)

SaaS customers can now optionally enable FIPS 140-3 certified cryptographic modules for communication between agents, client applications, and the VSA 10 platform within the boundary shown below. This capability will be extended to on-premise customers in a later release.

Configuration

A new Compliance section has been added to the Configuration > Settings > Security settings with a toggle to Enable FIPS mode (disabled by default). Enabling it will require all agents, remote control and mobile client applications connecting to the platform to use a FIPS certified cryptographic module. Additionally, remote desktop clients will use the FIPS certified cryptographic module when connecting to relay servers or directly to agents using peer-to-peer connectivity.

Auditing

  • An informational event will be written to the Audit Log when an administrator enables or disables FIPS mode.
  • While FIPS mode is enabled, an exception will be written to the Audit Log if any device or application connects to the platform without the FIPS module.
  • FIPS mode (ON or OFF) is visible for each device as a data column on the Devices > Device Management grid and the Overview section of the device details.

Introducing contextual AI assistance with Cooper Coach

This release introduces Cooper Coach, a contextual AI Assistant integrated into VSA 10. This initial release of Cooper Coach enables users to interact with the knowledge sources using natural language, providing intelligent answers based on the user’s current page and prior conversation. The assistant can be pinned or floated, allowing uninterrupted access while navigating VSA 10.

ConnectWise Integration: Improved setup and post-setup configuration

With this release, we’ve improved the ConnectWise integration, adding in several improvements, including the following:

  • Improved configuration wizard: The ConnectWise integration configuration wizard has been updated, helping to guide you through the configuration process.
    • This includes a new auto-mapping feature, which attempts to automatically match devices based on device name and/or serial number.
  • Integration page update: The integration page has been updated to allow easier navigation to, and configuration of, settings, organization mapping, and device mapping.
    • Organization and device mapping can now be manually configured from the new Organization Mapping and Device Mapping pages.
    • Overall organization and device mapping numbers and percentages will be displayed on the page, and for each organization.
  • Additional configuration field mapping: more fields from VSA 10 device records, such as serial number, model number, and OS type, will automatically map to corresponding fields in the linked ConnectWise device configuration.

Distribution window for ad-hoc and scheduled Script and Workflow execution

Bulk executing automation on many devices concurrently can create resource bottlenecks and could have a negative performance impact on a customer’s environment. This feature enables the action to be distributed over a period of up to 12 hours to avoid excessive consumption of resources such as network bandwidth.

With this release, we've added a new Distribution Window setting to the scheduling options when scheduling a workflow or executing a script or workflow from the Device Management page with the Run Later option:​

  • The distribution window can be set to a duration between 1-12 hours, or None to execute on all selected devices concurrently. By default, the window is set to 1 hour for new or updated schedules and bulk actions.​
  • If an hour value is selected, execution of the script or workflow on target devices will be distributed evenly over the selected window, starting from the selected start time.

Linux OS patching from the device card

This enhancement gives technicians visibility of available OS updates on Linux devices, and a quick way to deploy them without requiring an SSH session and manual command execution.​

With this release, the Software > Windows Updates device card function has been renamed to OS Updates and extended to support Linux devices with the following features:​

  • A list of Available Updates and Installed Packages at the time of the last scan.​
  • A Check for Updates task can be used to perform a new scan and update the data.​
  • An Install Updates task can be used to selectively install updates ("important" updates are selected by default).

Monitoring: agent status notification enhancements

The Status monitoring profile has been enhanced to provide more flexibility to configure agent online/offline status notifications with different parameters depending on device type and context, and a new notification type for when an end user disables remote control. These changes include the following: 

  • Offline and online notifications can now be configured separately.​
  • Offline and online notifications can be assigned a priority.​
  • Offline notifications can now be sent immediately, or after a specified delay in minutes, hours or days.​ If Immediately is selected, the global Systems Offline Check Interval in Minutes setting will be overridden and a notification will be sent within 1 minute of the agent being detected offline.

    NOTE  The global Systems Offline Check Interval in Minutes setting will be deprecated in a subsequent release so that check interval is entirely defined by the status monitoring profile, but in this release it will still apply for devices which are not configured for immediate notification.

  • Repeat offline notifications can be enabled or disabled. If disabled, no further offline notifications for the same device will be sent until the existing one is deleted.​
  • A notification can now be sent when an end user disables remote control using the VSA 10 Agent menu.​

MDM updates

  • In this release, we've introduced remote viewing capabilities for MDM enrolled iOS devices to streamline troubleshooting and support. To enable this functionality, the system automatically deploys the Kaseya Agent mobile app to enrolled iOS devices. The app is installed silently and kept up to date in the background, ensuring a seamless experience for both technicians and end users.


Real-time online/offline device status

Added real-time online/offline status tracking for Apple MDM devices using push notification responses instead of periodic syncs, giving technicians accurate visibility into device availability and connectivity.

Apple TV support (Phase 2)

Extended Apple MDM support to include full Apple TV management, allowing technicians to enroll via Automated Device Enrollment, and configure, group, monitor, and control Apple TV devices through VSA.

Update Apple MDM profiles metadata

Updated Apple MDM profile metadata to support new settings introduced in iOS 26.

Webhooks device enrollment

Improved synchronization speed for new devices from Apple Business Manager by enhancing the communication protocol with webhooks, ensuring newly added devices appear in VSA almost instantly.

MDM: Granular configuration profiles deployment

Improved configuration profile deployment by introducing granular and modular profile handling — large profiles are now split by payload or logical grouping, allowing independent updates of only changed segments for faster, more reliable deployments and easier troubleshooting.

3rd-Party Patching: November-December Updates

There are no notable updates to the software catalog in this release.

Refer to VSA 10 software application catalog.

Fixes

VSA X Agent

  • The Windows VSA Agent MSI installer now supports full hostnames (up to 63 characters) during installation, resolving issues where only the first 15 characters were previously accepted.
  • Reduced the frequency of the VSA XServiceCheck task from every minute to every 5 minutes to prevent flooding of event logs.

API

  • Fixed an issue where the Get Assets API returned duplicate disk drive entries for some devices, ensuring accurate and unique asset data is now provided to prevent confusion in customer databases and reporting systems.

Apple MDM

  • Resolved an issue where Apple MDM Install Application commands failed to install newly added App Store applications using the Bundle ID, by updating the process to install via the iTunes ID, restoring successful deployment of new apps to managed devices.
  • Resolved an issue where multiple entries for the same macOS device appeared in MDM, ensuring only a single entry per device is shown and preventing unnecessary license consumption.
  • Devices assigned via Apple Business Manager (ABM) using Automated Device Enrollment (ADE) that appear as unenrolled no longer consume an RMM license.
  • Fixed an issue where the Allowed field for the Camera and Microphone settings in the MDM Privacy Preferences Policy Control (PPPC) profile was incorrectly displayed as a toggle, and now correctly appears as a radio button group with only the False option, preventing deployment errors.
  • Fixed an issue where the system extension policy profile structure for macOS was incorrect, preventing policies from being applied without errors.

Automation

  • Fixed an issue where large file uploads (over 200 MB) on macOS would fail or time out in workflows, ensuring successful uploads for files of all sizes.
  • Fixed an issue where non-administrator users received 403 Access Denied errors when accessing the Workflow History module, ensuring proper RBAC permissions are now applied to allow authorized non-admin team members to view workflow execution history.
  • Fixed an intermittent issue where workflow conditions for application installation triggers were not being consistently respected, causing incorrect workflow steps to execute.
  • Fixed an issue where automation workflows were unable to change the priority level of notifications generated by monitoring policies, ensuring workflow priority modification actions now work correctly for all notification types.

BMS Integration

  • Fixed an issue where certain organizations were returning a 403 Forbidden error during BMS asset synchronization with VSA 10, preventing successful sync of devices and ticket creation.
  • Fixed an issue where the BMS integration failed to create tickets for task failure and patch failure notifications due to organization mapping errors, ensuring all notification-triggered ticket creation now works properly.

Device Management

  • Closing the device card command line session or using Ctrl+C now properly interrupts continuous commands, resolving the issue where such commands would continue running until manually stopped on the device.
  • Fixed an issue where sorting devices by uptime on the Device Management page did not display devices in the correct order, ensuring accurate ascending and descending sorting.
  • Fixed an issue where file downloads using the Storage function did not work in Safari, ensuring users can now successfully transfer files using all supported web browsers.
  • Improved the loading speed of the Windows Update favorite icon in the device card, so it now appears immediately when accessing the device list.

Mobile App

  • Fixed an issue in the mobile application where the Windows Update Last Checked time was displayed in UTC on iOS and local time on Android, ensuring both variants of the mobile application now show this information in a consistent local time zone format.

Notifications

  • Fixed an issue where the System Back Online notification was not consistently generated for some machines after coming online, ensuring that notifications are now reliably sent whenever a device returns to online status.

Policies and Profiles

  • Fixed an issue where certain Monitoring Policy Profile configurations, such as user login/logout notifications, were not working on Debian Trixie systems, ensuring notifications now trigger as expected.

Patch Management

  • Reboot prompts in Patch Management are now correctly displayed in the local language of the Windows OS, resolving the issue where German language Windows OS machines showed prompts in English.

Remote Control

  • Fixed an issue where users could not press the Windows (Win) key on a remote Windows machine during MacOS-to-Windows remote control sessions, allowing Windows shortcuts (e.g., Win+R) to be used via the Command key on a Mac keyboard.
  • Your customized logo, company name, phone number, and email address are now displayed during Remote Control on Demand (RCoD) sessions to reflect your organization’s branding.
  • Improved the responsiveness of scrolling down with a mouse scroll wheel during remote control sessions to macOS systems, ensuring smooth and consistent scrolling in both directions.
  • Resolved an intermittent issue in Remote Control on Demand where clicking the Download File button after copying a session link resulted in a 404 error.
  • Technicians with read-only access to a device can now switch between monitor screens during remote control sessions, resolving previous limitations for multi-monitor access.
  • Fixed an issue where Windows could not be resized during remote console sessions and the mouse pointer did not change to a double arrow, ensuring window resizing now works as expected with appropriate cursor feedback.
  • Fixed an issue where private RDP connections failed with a server authentication policy does not allow connection requests using saved credentials error when certain GPO policies were active.
  • Fixed an issue where domain-joined endpoints could not be remote controlled using Native 1-Click due to a group membership enumeration error, ensuring successful connections without requiring domain administrator credentials.

Site Maps

  • Dependent applications used by the Site Maps probe, such as Visual C++ 2013, Visual C++ 2015, and Python 3, have been updated to use currently supported versions.

VSA 9 Upgrade Wizard

  • Fixed an issue where VSA 9 Agent Procedures containing special characters in prompt messages would fail to migrate to VSA 10 workflows due to JSON parsing errors.
  • Resolved an issue where Autotask device mappings were not properly syncing after migrating from VSA 9 to VSA 10, preventing ticket creation on affected devices.

Web App

  • Fixed an issue where the Device Management filters All MacOS Computers and Offline displayed blank rows in the device grid.
  • Fixed an issue where custom Mac PKG installers failed to generate, preventing deployment of self-registering Mac agents.
  • Fixed an issue where the Active Alerts dashboard did not display the complete list of WebApp notifications, ensuring all relevant notifications—including Patch Management—are now accurately counted.
  • Fixed a display issue where workflow custom field variables temporarily showed as Variable Deleted during UI loading periods, improving the user experience by displaying proper loading states instead of confusing error messages.
  • Fixed a typo in workflow tooltips that incorrectly displayed the VSA Working Directory path with an extra space, which could cause file operations to fail when copying the path directly from the UI.