The VSA 10.3 release offers many new innovations and integrations to better support your IT operations. This release includes major enhancements in Remote Control, Managed Files, and several other improvements.
- EAP- Friday, June 16, 2023
General Availability - Thursday, June 29, 2023
This release contains a few known issues related to the Remote Control 1-Click functionality – the team is actively working to resolve each issue as soon as possible:
- 1-Click and IT Glue integration – existing feature prior to 10.3
- IT Glue “Related Passwords” are missing from the 1-Click drop-down selector. Only IT Glue “Embedded Passwords” are currently available for use.
- Native 1-Click - a new feature introduced in 10.3
- The 1-Click option and the "Native 1-Click" selection item are only showing in the Remote Control section under certain conditions.
We are working to resolve these issues and will update this message as we have more information.
Key Feature Enhancements
This release includes two New features to improve the Remote Control experience :
- Native” 1-Click Access -
Native 1-Click is a NEW option to our existing 1-Click capabilities. The feature allows a technician to establish a Private Remote Desktop Session with a target Windows Agent while the Windows log-in process is simultaneously and automatically performed in the background using a preconfigured local administrative user account, all with a single click.
One of the key benefits of this feature is to enable a technician to establish a remote administrative session without the requirement to first create a user account on the target device and without the requirement of knowing the credentials of an existing local user account.
The use of this feature can be restricted with a Teams Permission setting.
Note: "Allow 1-Click Access" is enabled by default for all User-defined Teams but can be explicitly disabled for each Team.
To further understand this feature, the following outlines the steps that occur when using Native 1-Click:
- A local administrative user account with a randomized password is automatically created on the target Windows Agent.
If the user already exists, from a previous 1-Click session, for example, the account will be enabled, and a random password will be applied.
The name of the local account can be customized in Configuration / Settings / Remote Control Settings.
- A Private Remote Desktop Session is launched and the credentials from the previous step are used to automatically log in.
- Upon termination of the session, the local user account is disabled.
- The use of 1-Click is logged and can be tracked in Server Admin / Audit Log.
- A local administrative user account with a randomized password is automatically created on the target Windows Agent.
- Blackout End User's Screen - This new capability is useful for working with sensitive information and devices during Remote Control sessions. It allows the technicians to optionally block a local user (aka end-user) from viewing the technician's screen activity while the Remote Control session is active.
When active, the technician's remote activities will not be visible on the monitor or display of the local device. Instead, a banner will be displayed on the local monitor to inform a user that a remote administrator is working on the device - this banner is meant to prevent the end user from powering off their device.
In addition to blocking the local display, the local inputs (ie. Keyboard and mouse) will be disabled to prevent a local user from inadvertently interfering with the technician’s remote activity.
Managed Storage Support (Managed Files)
VSA 10 now includes the ability to centrally and securely store and distribute files to devices. Upload files to VSA 10 from the UI and use the “Write File” Workflow Action for common automation tasks such as custom applications installers, font configuration files distribution, and printer drivers. Files are encrypted at rest and in transit, decrypted by the device.
Upload and store files on VSA 10:
Use Workflow Action “Write File” to download files to devices:
With this release, it is now possible to configure Patch Policy automation rules using vulnerability codes (CVEs) or vulnerability severity scores (CVSS). This simplifies the risk-based patching configuration.
Prioritization of Software Catalog Updates based on Severity
VSA uses a tiered approach to prioritize the testing of software updates and adding them to the catalog.
With this release, we improved this process by prioritizing updates according to the severity of resolved vulnerabilities. This ensures that the most critical updates are addressed first.
The updated schema of the processing of software new versions is displayed below:
|Tier 1||Tier 2||Tier 3|
|1 business day||5 business days||10 business days|
|Critical Patch Severity
(CVSS v3.0 9.0-10.0)
any update on the following Software:
High Patch Severity
|All other updates|
Windows Update Configuration
To help you stay compliant with Patch Policy, VSA now offers the ability to fine-tune the Windows Update service. With this feature, you can prevent end users from making modifications to patching configuration and also have control over automatic updates. You can also defer quality or feature updates, and configure active working hours.
Additionally, Patch Policy now supports driver updates, although please note that this option is turned off by default.
macOS Updates Configuration
With this release, you can now configure updates for macOS computers. It is possible to control automatic updates of the operating system, internal software, and AppStore applications. Additionally, you can specify a deferred period for major and minor operating system updates.
These settings are supported only for computers enrolled through MDM.
Mobile Application - Launch Ad-hoc Workflows
This release includes a feature to run ad-hoc Workflows from the Mobile Application for active Workflows that contain Ad-hoc or Scheduled Triggers.
The key benefit of this feature is it allows a technician to quickly execute ad-hoc Workflows directly from their Mobile device without having to access the Web Application.
- To access the new feature, tap Workflows on a System :
- Tap an active workflow from the list. (a green dot indicates that a workforce is active)
- Tap the Start action to continue.
- Tap the Start Action to continue
- A toast message is displayed that indicates that the start workflow command was sent:
- The Workflow Executions list is displayed once the workflow is completed:
New BSD Agent
This release includes a NEW Agent, which supports installation on BSD platforms such as pfSense, FreeBSD, and OpenBSD.
The BSD Agent is based on the VSA 10 Linux Agent and will support the same functionality. It will also be included in search and other query results when using pre-defined “Linux” filters.
KaseyaOne “K1” SSO v2
VSA 10 has been updated with a new version of Kaseya One Sign-on.
Learn more about KaseyaOne by clicking this link.
The new version includes several important updates:
- Introduction of a new SSO flow based on the OIDC standard – This change greatly simplifies the configuration and account mapping process by reducing the previous four-step configuration and mapping process from version 1, into one step in version 2. Refer to the new configuration steps below.
- Introduction of a new requirement for mapping VSA 10 and K1 user accounts – Version 2 now requires a VSA 10 user account email address to match a corresponding K1 user account email address.
The mapping, or association, of the VSA 10 user accounts with the K1 user accounts will occur automatically using the email address.
- Migration of existing VSA 10 and K1 account mappings from v1 to v2 – For each VSA 10 user account that was previously mapped to a K1 account, it will either be migrated to v2 automatically, or the mapping will be removed.
An existing mapping will be removed if the email address of the VSA 10 user account does not match the email address of the K1 user account it was associated with. To re-establish a mapping, update the email address of the VSA 10 account and the K1 account to match.
- General usability improvements –Once KaseyaOne Log In has been enabled for a VSA 10 instance, all VSA 10 users with a corresponding KaseyaOne account will be able to Log In with their KaseyaOne account from the VSA 10 Login screen and from the VSA 10 K1 App Launcher icon on the right side of the Top Bar
To configure and Use KaseyaOne SSO
- Log In with KaseyaOne must be enabled for the VSA 10 instance. This step can only be performed by a VSA 10 Built-in Administrator and can only be enabled once for the entire VSA 10 instance.
- Once enabled, each user will have the ability to Log In with KaseyaOne from the K1 icon in the VSA 10 Top Bar, or from the VSA 10 log in page.
- After a VSA 10 user has performed a successful login with KaseyaOne, the K1 icon in the VSA 10 Top Bar will be automatically replaced with the K1 App Launcher (the waffle icon).
Additional SNMP Templates
6 new report SNMP templates are available in Advanced reporting:
- Antivirus Protection Summary
- Antivirus Protection
- TOP problem devices
- Unsupported Windows OS versions
- Hardware compliance
- Device Performance
Additional filters were added to templates – Agent Group and Device Name.
Integrated Customer Billing for Autotask & BMS
This release includes the capability for BMS and Autotask to update contracts with each customer’s usage of VSA 10 products. Intuitively map consumption data from VSA 10 to BMS and Autotask services.
Integrated Customer Billing is a new feature introduced as part of billing automation. Eliminate hours of manual reconciliation and optimize your revenue.
- In BMS Integrated Customer Billing is now available under Finance > Contracts > Recurring Services. The Integrated Customer Billing tab shows under Automated Billing options. Find the detailed guide here.
- In Autotask Integrated Customer Billing is now available under > Admin > Extensions & Integrations > Kaseya Integrations > Integrated Customer Billing. Find the detailed guide here.
This release includes several UI and UX improvements to the Header.
These improvements bring consistency to the Header utilities in terms of behavior and styles, provide a new Help utility for accessing all VSA 10 Help content and include improvements to the What’s New feature.
- The Header height has been reduced to maximize space on the page:
- The styles of the Search field and menu have been updated:
- The Button styles in the Header have been updated :
- The Icons for the Header utilities have been updated:
- A new Hover state has been added to the Header utilities:
- A new Active state has been added to the Header utilities:
- New Tooltips have been added to the Header utilities:
- A new Dropdown has been added to the Notifications utility in the Header for quick access:
- A new Help utility has been added to the Header with links to VSA 10 Help content:
- The What’s New feature has moved from the Header to the bottom of the Help menu and now includes Version and Date information:
- Fixed an issue where a line break was showing in the subject line of workflow notification emails.
- Fixed an issue with Send Message action where messages with > 1000 characters were not displayed properly on the endpoint.
- Fixed an issue where workflow with ad hoc or scheduled triggers did not execute Patch Policy actions.
- Fixed an issue where the workflow condition on the scope failed on all machines.
- Fixed an issue where the access token failed to get created without errors.
- Fixed an issue where the dispatcher was called although the token was missing on the Apple MDM tab.
- Fixed an issue in the Bitdefender integration where incorrect descriptions were displayed on confirmation dialogues when running virus updates or scans.
- Fixed an issue in the Connectwise integration where a non-admin user with full PSA team permissions was unexpectedly logged out when trying to create a ticket.
- Fixed an issue in the Connectwise integration where organization mapping could not be deleted.
- Fixed an issue where Connectwise companies were sorted by the date created instead of alphabetically.
- Improved device discovery when scanning across subnets.
- Fixed an issue in SNMP profiles where fake OID was displayed as correct if it had a specific value.
- Fixed an issue where the status for discovered Hyper-V device was reported as “Unknown” instead of “Saved”.
- Fixed an issue where new Systems erroneously displayed "No License Available”.
- Fixed an issue where OS patching errors do not appear in the Patch History.
- Fixed an issue where patch policies could not be deleted.
Policies and Profiles
- Fixed an issue where an exported Device Configuration Profile exposed sensitive information for Autotask and Zendesk Profiles.
- Fixed an issue where running process from a Linux agent could not be added to a Monitoring: Processes Profile.
- Fixed an issue where error detail was not logged or displayed when native RDP web socket failed.
- Fixed an issue with mouse control during a multi-monitor remote control session.
- Fixed an issue where Executive Summary and Local Disks Usage reports were failing to render.
- Fixed an issue where a user without appropriate team permissions was able to add a new system and download an agent.
VSA 9 Upgrade
- Fixed an issue where VSA 10 agents were not deployed during the upgrade from VSA 9. x.