Kaseya Spring Release: VSA

This page details each VSA 10 and VSA 9 release launched during the Kaseya Spring release.

VSA 10

Key feature enhancements

Patch Management

  • The Patch Status page has been enhanced to show the progress of deployment for each patch, based on its relevant devices. There are four patch statuses, which are also now available to filter by:
    • Deployed: The patch has been successfully deployed.
    • Reboot Pending: The patch has been deployed but requires a reboot to complete the installation.
    • Failed: The patch has failed to deploy.
    • Deployment Pending: The patch is available but has not yet been deployed.

  • The Patch Management > Patch Status page has been enhanced to show detailed information for each patch in a slide-out Patch Card. The detail presented is an aggregate of useful data, including information about the patch and its deployment progress.
  • Improvements have been made to patch management to ensure compatibility with Windows Server 2025.

Background file transfer

Technicians can now transfer files and folders to and from Windows, macOS and Linux devices directly from the device card storage browser, without requiring a remote desktop session or interrupting the end user. They can also delete files from the remote device.

  • New actions added for bulk operations:
    • Upload Files: Select multiple files or a single folder on the technician’s local machine for upload to the currently selected folder on the remote device.
    • Download Files: Enables selection of one or more files and/or folders from the currently selected folder on the remote device. Click the Download button in the top panel of the device card to initiate the action. If multiple files or a single folder is selected, the content will be downloaded as a ZIP file.
    • Delete Files: Enables selection of one or more files and/or folders from the currently selected folder on the remote device. Click the Delete button in the top panel of the device card to initiate the action.
  • When clicking directly on an individual file from the content area without using bulk actions, a prompt will be displayed with options to download or delete the file.
  • Upload and download functions are enabled for all devices with Storage enabled in a System Details device configuration profile. The delete function also requires a File Browser device configuration profile with the Enable File Delete option enabled.
  • File operations are recorded in the Audit Log with the File Transfer category.

For more information, refer to Background File Transfer.

Webroot Integration

We're pleased to announce a new Webroot integration in VSA 10 via the Technology Alliance Partner (TAP) Program. This release delivers seamless OAuth-based connectivity between VSA 10 and Webroot, enabling automation content, enhanced visibility, and real-time notifications from Webroot endpoints, all directly within your VSA environment. For more information, refer to Enable the Webroot integration.

API v3 enhancements

VSA 10 now offers a new REST API endpoint that allows customers to retrieve a complete list of audit log records from their tenant, securely and programmatically.

Device Management

  • Device filtering has been updated to include Windows Server 2025 where applicable.
  • Device filtering has been updated to include macOS 15 where applicable.

Workflows

  • A workflow trigger for the Monitored Service is missing event has been added that triggers when a service that is being monitored does not exist on the target device.
  • Added support for the following workflow actions on macOS and Linux devices:
    • Write File
    • Get Device Value
      • Get CPU Architecture
      • Is OS 64-Bit
      • Working Directory
      • File Content
      • File Size
      • File Contains
      • File Last Modified.

Integrations

Apple MDM

  • Apple MDM connectors are now grouped by organization in Integrations > Connectors.
  • This update introduces support for Apps and Books profiles on iOS and iPadOS devices in the Apple MDM Applications profile. This enables the silent installation of applications without needing an Apple ID on the device. Additionally, it can be utilized to install applications on devices that have a Managed Apple ID.
  • With this release, when an MDM enrolled device is deleted in UI, the system automatically unenrolls it from MDM and erases all managed data associated with that device (managed applications and profiles).
  • The Privacy Preferences Policy Control configuration builder in the Apple MDM Security profile has been fixed, and unnecessary fields for services have been hidden. This resolved an issue where the policy was not able to be applied to devices and gave the key 'Authorization and Allowed' is not allowed as an error.

NOTE  To update existing Apple MDM Security profiles with Privacy Preferences Policy Control configurations, open the profiles and save them.

Fixes

Apple MDM

  • Resolved an issue that caused an infinite loop when applying a configuration profile after a tenant ran out of available mobile licenses.

Automation

  • Resolved an issue where admin users were unable to delete files from the Managed Files section regardless of ownership, now allowing deletion while displaying the appropriate message if the file is in use by one or more workflows.

Device Management

  • Resolved an issue where selected devices were not being retained if selecting devices from multiple pages in the same view.
  • Resolved an issue where macOS 15 devices were not able to accept commands initiated by users on the device details pane.
  • Resolved an issue where the Wake Up command was not working on devices configured for Wake-on-LAN.

Integrations

  • Resolved an issue where customers with a large number of agents encountered a Something went wrong error when attempting to map VSA 10 organizations to existing Autotask companies. The lookup and loading process has been optimized to prevent browser timeouts and ensure the mapping UI loads reliably.

  • Resolved an issue where hardware assets in PSA (BMS/Vorex) remained active even after the corresponding devices were deleted from RMM. Device deletions in RMM now properly update the asset status to inactive during both manual and nightly syncs.

Mobile Application

  • Resolved an issue where the iOS link on the Onboarding > Downloads page was not loading.

Patch Management

  • Resolved an issue where Patch Management policies were not properly applying to 32-bit Windows devices.
  • Resolved an issue in Patch Management > Patch Status where applying a CVSS score filter to the list of devices would result in an error if there were existing CVSS score values applied to any device.
  • Resolved an issue where the Patch Management policy Notifications section would not show a start date when editing the notification schedule.
  • Resolved an issue where patch policy notifications were still being sent even if notifications were disabled from the Sites & Agent Groups Notifications page in Account > Notifications.
  • Resolved an issue where non-administrator users were not receiving patch notifications from patch policies assigned to their team.
  • Resolved an issue where patches that required a reboot to apply were being incorrectly marked as Failed in patch history after the patch policy ran.
  • Resolved an issue where if a patch is approved for installation fails to install during policy run, if the patch is no longer available at the time of installation (if the patch was installed by another process, is no longer available, or there is a newer version of the patch available) then the patch policy will attempt to install the incorrect patch a second time.
  • Resolved an issue where patches that finished with the Reboot Pending status were incorrectly marked as Deployed.

Remote Control

  • Resolved an issue where the Allow/Deny popup was not triggering on the destination machine when attempting a connecting using the Share the Console Session option.
  • Resolved an issue where the VSA 10 agent freezes when disconnecting from a remote control session with a Windows device when connecting from a macOS device.
  • Resolved an issue where a non-informative error would show when a user denied a remote control session from a macOS device.
  • Resolved an issue where a remotely connected user's scroll wheel on their mouse would not work on the remotely connected machine unless their cursor was on their main monitor.

Web application

  • Resolved an issue where users were receiving an HTTP 500 error on the Devices > Groups page when the page refreshed after selecting a group.

Key feature enhancements

Remote Control

  • A direct peer-to-peer (P2P) connection will now be established during remote desktop sessions between Windows machines where network conditions allow it, to reduce latency and improve responsiveness:
    • After initial relay connectivity is established, P2P connectivity will be attempted automatically using industry standard protocols. If successful, the session will automatically switch from relay to P2P connection mode. Network requirements:
      • On-prem customers should enable UDP port 443 inbound connectivity to the VSA server.
      • Endpoints and technician machines require outbound connectivity to the VSA server (on-prem) or Kaseya's cloud infrastructure (cloud customers) on UDP port 443.
      • Neither endpoint or technician machine should be behind a firewall with application layer rules blocking P2P traffic.
      • Neither endpoint or technician machine should be behind a network device with "symmetric NAT" or "double NAT" configurations.
    • Technicians can view the P2P connection state and performance metrics by enabling Session Health in the Settings menu of the Remote Desktop client, or manually disable P2P connectivity.
    • This technology will be extended to macOS in a future release.
  • When a remote control connection is interrupted, the Reconnecting message will now only be displayed if the connection is not reestablished within 5 seconds.

Automation Control Management

We are pleased to announce with this release a new hierarchical folder structure for Automation Scripts and Tasks, facilitating better management of content.

Summary of changes:

  • Implementation of a new hierarchical folder structure for Scripts and Tasks, based on 3 top level default folders:
    • Built-in: contains default content that is provided with the product (read-only).
    • Content Packages: contains Kaseya created content delivered from packages or templates (read-only).
    • User Defined: contains custom content created by product users.
    • Two levels of sub-folders can be created within the default User Defined folder.
    • The Built-in and Content Packages folders are read-only, but content can be copied to the User Defined folder if it requires customization.
    • Existing user defined script folders will be migrated as sub-folders into to the new User Defined top level folder.
    • Existing user defined tasks will be migrated directly into the new User Defined top level folder.
  • The new folder structure can be managed from both the Scripts and Tasks management pages. Changes made from the Scripts page will be reflected in Tasks, and vice versa.
  • Folder management controls:
    • Create folder / sub-folder
    • Edit folder name
    • Delete folder
    • Copy or Move to another parent folder
  • Enhanced content grid with additional data columns and filters.
  • Scripts can now be copied to another folder.
  • In future releases, the folder structure will be extended to Workflows and Managed Files, and Role-Based Access Controls (RBAC) will be introduced to manage team/user access to content at folder level.

Multiple team membership

  • Users can now be members of multiple teams, and switch context between teams while working in a co-managed environment.
  • Added new Teams tab to user properties, where an administrator can select:
    • Default Team: the context with which the user will be authenticated when they log in.
    • Other Teams: one or more additional teams can be added, which the user can switch their context to during a login session.
  • If a user belongs to multiple teams, they may switch context at any time during a login session to the web application using the top-right user menu:
    • Switching team will initiate a browser session refresh, after which they will be subject to Access, Permissions and Navigation controls assigned to the newly selected team.
    • Users can only work in the context of one team at a time.
    • If the newly selected team does not have access to the page they are on at the time of selection, they will be re-directed to the Device Management page.
    • The ability to switch teams will be added to the VSA mobile application in a future release.

NOTE  This release does not support multiple team membership when KaseyaOne access group mappings are used for assigning team membership. The KaseyaOne integration will be enhanced to support multiple team membership in a future release.

Patch Management

Updated patch management options for Windows devices

VSA 10 Patch Management policies now support management of updates for other Microsoft products.

NOTE  On some Windows editions, depending on the configuration of local Windows settings, the Receive updates for other Microsoft products local Windows setting may not appear correctly in the UI. However, this does not affect functionality - updates for Microsoft products will still be received as expected.

Audit Log

  • This release improves audit logging of the following activities:
    • Organization – Created / Deleted / Updated by API
    • Site – Created / Deleted
    • Group – Created / Deleted
    • Content Tags - Deleted / Created / Updated
    • User-defined Team - Created / Deleted / Updated
    • MDM Device - Moved
    • A Settings updated event is now logged for updates to all sections inside Administration > Configuration > Settings

3rd-Party Patching: March updates

New titles

  • .NET Desktop Runtime 9.0 (32-bit)
  • .NET Desktop Runtime 9.0 (64-bit)
  • ASP.NET Core Runtime 9.0
  • Microsoft .NET SDK 9.0 (32-bit)
  • Microsoft .NET SDK 9.0 (64-bit)

Refer to VSA 10 software application catalog.

Fixes

Advanced Reporting

  • Fixed an issue where members of user-defined teams are unable to run the Executive report against some organizations even though they have proper access.

Automation

  • Fixed an issue where custom field values for Linux devices were not being updated via automation tasks.
  • Fixed an issue where custom field values for macOS devices were not able to be used in automation tasks.
  • Fixed an issue where an automation workflow isn’t triggered via the notification trigger type Low HDD Space for a macOS Agent.

API Documentation

  • Fixed a formatting issue that caused inaccurate display of the API documentation.

Configuration

  • Fixed an issue where when scrolling through the organization list within the Access tab, the page would occasionally become unresponsive.

Device Management

  • Increased the delay of the informational tooltip on the Devices > Device Management page from 0.15 seconds to 0.3 seconds when hovering over the device name.
  • Fixed an issue where if a device does not have a serial number, it would display the value as Not Specified instead of a dash (-).
  • Fixed an issue where the amount of storage used on Linux drives was displayed incorrectly.

Linux Agent

  • Fixed an issue where detection of missing services was using excessive CPU resources on Linux agents.

Notifications

  • Fixed an issue with storage monitoring for macOS agents that caused a duplicate storage notification to be received after the device restarted.
  • Fixed an issue that caused further inconsistent behavior with storage notifications for macOS agents.
  • Fixed an issue with Storage profiles monitoring macOS Agents that prevented notifications for some of the conditions.
  • Fixed an issue where notifications for stopped services were not being triggered consistently for Linux agents.

Organizations

  • Fixed an issue that prevented the organization list to render properly when using the Move Out action for a device within the Organizations > Group > Systems tab.
  • Fixed an issue preventing the organization tree from displaying the organization names and responding inconsistently after scrolling for a long time.

Patch Management

  • Extended patch management error-handling to detect more granular Windows Update error codes.
  • Removed the trailing decimal for patch CVSS scores of 10.

Policies and Profiles

  • Fixed an issue preventing informational text from being displayed within a Remote Desktop Device Configuration profile.

Remote Control

  • Fixed an issue preventing the proper end reason from being logged for screen recordings.
  • Fixed an issue that suppressed the 2FA prompt when starting Remote Control sessions directly from within the Remote Control client application.
  • Fixed an issue where CPU was spiking to 100% during some Remote Control sessions, sometimes resulting in sessions disconnecting.

Scalability

  • Fixed an issue where the browser tab crashed on the Configuration > Organizations page when the organizational structure exceeded 12,000 nodes.

Site Maps

  • Fixed an issue with the enumeration of eligible probes within Site Maps, which prevented the selection of a probe.

Web application

  • Fixed an issue that caused internal server errors when accessing Reporting > Report Templates.

Key feature enhancements

Apple MDM

Apps and Books

We’re pleased to announce the integration of Apple Apps and Books (formerly known as the Apple Volume Purchase Program, or VPP) for streamlined App Store app management on macOS devices. This update introduces a new MDM connector, Apps and Books, allowing IT administrators to seamlessly link their environment to a content token from Apple Business Manager or Apple School Manager. As part of this enhancement, a dedicated Apps and Books section has been added to the Apple MDM Applications profile type interface, offering a centralized hub for managing and distributing purchased app licenses efficiently.

Apple Apps configurations

VSA 10 introduces Apple Apps configurations, enabling IT administrators to configure App Store apps using the MDM. App configurations are specified in plist format within the Apple MDM Applications profile, allowing precise control over app settings.

Erase device command

Admins can now issue an erase device command for unsupervised devices using the MDM protocol. The command is available in the MDM Commands section of the device details pane. When initiated, a confirmation modal prompts users to type ERASE to complete the action, ensuring secure and deliberate execution for both supervised and unsupervised devices.

Device Management

This release introduces custom fields as available data columns to display on the Device Management page and enhances filtering to support up to 10 custom fields using AND/OR logic.



Several enhancements have been made to the Device Management page and custom fields, including the following:

  • Maximum length of custom field values increased to 2,048 characters in the UI and API.
  • Filters and Filter Options renamed to Views and View Options, respectively.
  • Enhanced user experience related to adding, changing, and removing columns from a table view (filter options).
  • Device Management filter now includes site and group selections for organizations.

Patch Management

This release introduces new functionality for controlling the Windows Update service outside of VSA 10. The update is designed to empower technicians with enhanced control and flexibility over Windows Update service management, addressing both current needs and future patching scenarios.

Benefits

  • Expanded Patch Management options: Enable scenarios that go beyond VSA 10's capabilities.
  • Improved Policy Control: Dynamic behavior based on agent and server versions, offering seamless integration with existing Patch Management policies.

Scalability

Performance improvements have been implemented across various product pages, most notably the Device Management page.

3rd-Party Patching: December and January updates

Requesting catalog updates

If you have any suggestions for additions to the 3rd-Party Patching application catalog, check out the Kaseya Software Catalog page. You can submit a new suggestion or give support to suggestions others have posted.

Discontinued titles

December 9

  • Octopus CLI

January 21

  • Adobe Flash Player AX
  • Adobe Flash Player NPAPI
  • Adobe Flash Player PPAPI

Refer to VSA 10 software application catalog.

Integrations

New Bitdefender Integration: Disabling legacy integration

We introduced a new Bitdefender Integration last year, developed and managed by the Bitdefender team. This new integration operates outside of VSA 10, providing improved management and functionality. As part of this update, the legacy Bitdefender Integration will be disabled automatically when the new integration is enabled.

Updates

  • Automatic removal of legacy Bitdefender policies: When you enable the new integration, existing Bitdefender policies configured through VSA 10 will be removed.

    IMPORTANT  The Bitdefender agent will not be uninstalled from endpoints. Only policy references will be removed.

The following items related to the legacy integration will be hidden from the user interface:

  • Bitdefender filters
  • Bitdefender license details
  • Bitdefender agent installation options
  • Antivirus policy configurations for organization, scope, or group

NOTE  Some updates may appear only after logging out and back in.

Audit logs

  • An audit log entry will be created when the legacy integration is disabled due to enabling the new integration.

Migration of tenants with both integrations enabled

  • Tenants with both the legacy and new integrations enabled will automatically have the legacy integration disabled. This ensures consistency and avoids technical conflicts.

Cooper Insights update

  • Antivirus-related insights will now account for the new Bitdefender Integration. When the new integration is enabled, no alerts will be generated, as the tenant will be considered to have an active antivirus solution.

Fixes

Audit Log

  • Audit logs now show site map creation and deletion events as expected.

Automation

  • The Create Workflow page now displays the title Workflow instead of [object Object].

Devices

  • An issue that caused some devices to display Data not available when selected on the Device Management page has been fixed.
  • An issue where charts for performance counters were not generating when historical data was enabled for the Monitoring profile has been fixed.

Notifications

  • An issue where the Restart Required filter on the Server Admin > Notifications page showed no results but showed results for that status when unfiltered has been fixed.
  • Notifications that trigger workflows are no longer missing references to the triggered workflow and the Go to Workflow Execution option.
  • An issue where the new device registered notification was unable to be disabled unless all notifications were disabled has been fixed.
  • CPU usage notifications in German are now correctly formatted.

Patch Management

  • An issue where searching was not working for Patch Management columns has been fixed.

Policies and Profiles

  • The interface for the Event Log type of Monitoring profile has been improved to provide better visibility of already imported event logs.

Scalability

  • Fixed an issue related to Workflows resulting in sporadic inaccessibility of VSA 10.

VSA 10 Agent

  • VSA 10 addressed an issue impacting agent package downloads following the 10.14 update. This fix ensures seamless downloads for users attempting to install agents.

Web application

  • An issue that caused the browser tab to crash on the Configuration > Teams and Users > Access page when the organizational structure exceeded 12,000 nodes has been fixed.

10.15.1 Hotfix

Devices

  • Fixed an issue where if a Device Management page custom view included an organization that was later deleted, the page would refuse to load and throw an error.

VSA 9

Product lifecycle updates

Update to Agent Minimum Requirements

Windows Server 2025 has been added to the list of supported operating systems for agent deployment.

Update to VSA server installation pre-requisites

Java is no longer required on the VSA server. The installer system checks have been updated to display a warning if its already installed. It should be uninstalled using Windows Control Panel if not required by another application.

Removal of deprecated Antivirus (KAV) and Anti-Malware (KAM) modules

KAV and KAM modules have been end-of-life since 2022 but some management capability was retained to facilitate migration of endpoints to alternative endpoint security solutions. All remaining functionality has now been removed from the product, including Info Center data sets and machine view filters.

vPro

Support for the vPro module will end on May 31st, 2025.

Live Connect

Support for the 32-bit Windows version of the Live Connect technician application will end on May 31st, 2025.

REST API

The following v1.0 endpoints will be fully or partially removed from the next VSA release. Customers and 3rd-party integrators should migrate to the equivalent v2.0 endpoints as soon as possible to ensure compatibility with v9.5.23 and later VSA releases.

v1.0 Endpoint (deprecated) v2.0 Endpoint Notes
POST api/v1.0/authsso POST api/v2.0/auth/authsso The v1.0 endpoint will be removed in v9.5.23.
GET api/v1.0/auth (with 2FA passcode) POST api/v2.0/auth/auth-2fa GET api/v1.0/auth should still be used when authenticating with a personal access token (PAT).

3rd-Party Software 2.0: March updates

New titles

  • .NET Desktop Runtime 9.0 (32-bit)
  • .NET Desktop Runtime 9.0 (64-bit)
  • ASP.NET Core Runtime 9.0
  • Microsoft .NET SDK 9.0 (32-bit)
  • Microsoft .NET SDK 9.0 (64-bit)

Refer to VSA 9 Software Management application catalog.

Release features

Unified Endpoint Security with Datto EDR and VSA 9

We are pleased to announce some new features and improvements to the Datto EDR integration:

  • Policy-based EDR client deployment
    • Added an Endpoint Protection policy object with option to Install EDR Agent:
    • Pre-requisites: EDR integration must be enabled in Endpoint Protection module and Ransomware Detection should not be installed on target machines.
    • If pre-requisites are met, EDR Client will be installed (if not already installed) when applying the policy to machines.
    • Policy will be out of compliance if pre-requisites are not met, or EDR Agent is uninstalled.
  • Enhanced agent service status
    • Data column enhancements on Endpoint Protection > Operations > Machines page:
      • Datto Antivirus (AV) and Rollback (RB) service status is now displayed.
        • Note: Alert Configuration in VSA applies only to the Datto EDR service, not AV or Rollback.

      • License status is now shown for Datto EDR, AV and RB services, represented in the same data column as Agent Service Status:

        • Icons represent Agent Service Status.
        • Text shading represents licensed state (grayed out when license is not active).
        • Hover over the service name to view details in a tooltip.

      • The data source for the EDR Agent Status column has been updated to better align with the status reported in the Datto EDR management platform.

    • An EDR tile has been added to Live View with EDR installation status, licenses, and other relevant data.
  • Inventory Sync
    • If a VSA agent with EDR is moved to another organization or group, it's organization and site assignment in EDR will update within 24 hours.
      • Note: this is a one-way sync, changes made in the Datto EDR management platform are not automatically applied in VSA.
  • Reporting and dashboards
    • New Info Center data sets added for EDR. Ransomware Detection folder renamed to Endpoint Protection to reflect the unified module name.
    • Enhanced dashboard showing aggregated data on agent protection status, EDR alert counts and alert history.
  • A Remove Connection button has been added to the EDR Integration page, allowing easy removal of the Datto EDR integration. On removal, the following changes will be applied:
    • Installed EDR agents will remain active on endpoints, but VSA will no longer report their status or generate alerts.
    • No new EDR agents will be deployed by Policy Management. Any policy with Install EDR Agent selected will be reported out of compliance.
    • EDR functionality in Endpoint Protection module will be deactivated.
    • Info Center data sets will no longer return any data.

Bug fixes and other improvements

Agent Procedures

  • Fixed an issue where, if multiple agent procedures with the same name existed in different folders, it was not possible to select the correct one when defining an executeProcedure() step from another procedure.

Authentication

  • Account modified email notifications triggered when users reset their password through the Forgot Password link will now include details on the username and the action taken.

Bitdefender Integration

  • Fixed an issue where user role access rights to the Bitdefender integration were reset during module redeployment or update.

Monitoring

  • Fixed an issue with Event Log alerts where the re-arm period defined for an Event Set was incorrectly applied to all events with a matching Log Type.

Patch Management

  • Aligned scheduling logic for monthly scheduling of Patch Scans and Automatic Updates, to ensure they would start in the same month when applied by policy.

Policy Management

  • Fixed an issue where Remote Control policy could not be reapplied to machines after a manual override.

Reporting

  • Fixed an issue where the total count of devices was not including Windows 11 and Windows Server 2022 devices.

Software Management

Fixed an issue where next scan date would not be reported correctly under certain conditions.

  • Fixed an issue where an error would sometimes be displayed when running an ad-hoc Scan on a large selection of machines.

User Interface

  • Fixed an issue where a message stating "Error getting online admins" would intermittently be displayed in the top right notification area.