VSA Version 10.5 Release Notes

Key Feature Enhancements

Remote Control Profile Settings 

There are several NEW Remote Desktop settings available in the Device Configuration: Remote Desktop Profile. These settings introduce some new Remote-Control behavior and allow for more granular controls over the Remote session, and the technician and end user’s experience. 

1. Allow end users to confirm new Remote Desktop sessions and either accept or reject them (disabled by default).
2. Enable end-user notifications for starting and ending Remote Desktop sessions (enabled by default). These notifications are NEW and operate separately from the existing pop-up dialog.
3. Control the behavior of the existing Remote Desktop pop-up dialog, allowing technicians to enable or disable the entire dialog, and to optionally hide session information and the end user’s ability to disconnect the session.
4. Enable automatic desktop locking when Remote Desktop sessions end.
   NOTE: This feature is not supported when more than one Remote Desktop session is actively established with a given Agent.
   

Local IP Information for Agents 

This release introduces auditing of Local IP information for all “active” network interfaces. Supporting both IPv4 and IPv6, information is made available in the Device Card, Advanced Search, and the Top Bar Universal Search (aka Quick Search).

This data is audited as “System Fields” which means the data is updated much more frequently than standard Audit data. System Fields update much closer to real-time.

Device Card

• A new “Local IP addresses” entry has been added to the Device Card Overview section and will display the name of the network interface along with the IP address. If multiple entries are found, the entry will provide the number of additional entries.
• When hovering over the entry, a tooltip will display all interface names and their associated IP addresses.
• By clicking the entry, more details will be available for each network interface including data such as Subnet Mask, Default Gateway, DHCP Enabled (yes /no), and DNS Servers.

Advanced Search

• The new “Local IP address” field has been added as a new column in Advanced Search and functions like the Device Card with hover-over tooltip information.
  
  
  
• The field is also available for Filtering.
  

Universal Quick Search 

• IP addresses have been added to the Top Bar Quick Search as searchable criteria to make it easier to quickly find devices based on IP information when working throughout the product. 

Discover and Manage Datto Networking Devices

The Datto Networking integration with VSA 10 allows you to see and manage your endpoints and network infrastructure side by side.

When an issue that starts from the endpoint requires troubleshooting and interfacing with the network, you can seamlessly view information about the infrastructure device of interest. If you need to act, you can issue a set of quick actions directly from your VSA 10 dashboard, or, for more advanced configuration, jump straight into your Datto Network Manager dashboard for that device. 

Supported Devices:

• Access Points (also contains information about connected devices) 
• Switches (also contain information about connected devices) 
• Routers 
  • Not including DNA devices
• Managed Power 

Discover Datto Networks and retrieve detailed asset information from the Datto switches, routers, access points, and managed power devices.

To access and use the new integration:

1. Login to the VSA 10 Web App. 
2. Navigate to Integrations > Datto Networking > Portals tab.
   
   
3. Create an Active Portal.
4. Click Create Portal > Add Credentials > Click Create.
   
   
5. Switch to Networks > Choose one of your Networks.
6. Map it to the right organization
   
   
7. Navigate to Devices > You can filter devices by different parameters.
   
   Enroll Datto Networking devices to unlock management functions that can be performed directly in the VSA 10 UI to enable support technicians to resolve client networking issues faster. Enrolling a Datto Network Device will consume an Endpoint license. 
8. Hover over on device > Enroll Device > Choose Agent Group.
   
   
9. Retrieve detailed asset information: 
   
   
10. Execute commands like remotely resetting an Access point: 
    
    
11. or resetting a switch port.
    
    
12. Use contextual deep links to access the management dashboards of Datto Networks and its devices.  
    The integration enables more effective troubleshooting and reduces the number of clicks (time) and context-switching from a single panel. 
    

Advanced Reporting

Additional granularity

Granularity was added to the dataset level, allowing filtering reports by Organization, Site, Group, Device name, and other parameters.

Note: This change may require manual updating of reports previously created by users.

New dataset “Rmm - Internal IPs”

The new datset “Rmm - Internal IPs” extends the “Local IP Information for Agents” feature. It allows customers to use information like Local IP, and DNS address in Advanced Reporting.

New Report Templates

New Templates were added :

• Network Devices
• Remote control sessions
• Tabular assets List with custom fields
• Patch Policies 
• Patch Schedules

The release includes improvements in increasing data sets' performance. 

Deprecated reports 

Several templates are marked as “- deprecated” and will be removed in future releases.

Please use

• “Windows Missing Patches” instead of “Windows Pending Critical & Important Patches”.
• “Operating Systems Versions” instead of “Linux OS versions - deprecated” and “Mac OS versions - deprecated”.
• ” CPU models” instead of “Servers CPU models - deprecated”.
• “Devices with a low amount of RAM” instead of “Servers with a low amount of RAM – deprecated".

API v3 Enhancements and Additional Endpoints 

Continuing in our API expansion effort, several changes and improvements have been made for this release.

API v3 documentation is available from each instance at <YourServerURL>/API. 

NOTE: To access API v3, you must first create a Third-party token

API v3 Changes 

• Devices 
  • The previous “Systems” API endpoints and URL references have been renamed to “Devices”.
    
    
  • “Device” data now includes information about Custom Field

API v3 – NEW Endpoints 

• Devices
  • Get Device Custom Fields – this new endpoint returns Custom Field information for a given Device 
• Organizations 
  • Get All Organizations – returns a list of Organizations
  • Get a Specific Organization – returns the Organization details 
  • Get Organization Custom Fields – returns the Organization Custom Fields 
• Sites
  • Get All Sites – returns a list of Sites 
  • Get a Specific Site – returns the Site details 
  • Get Site Custom Fields – returns the Site Custom Fields 
• Groups
  • Get All Groups – returns a list of Groups 
  • Get a Specific Group – returns the Group details 
  • Get Group Custom Fields – returns the Group Custom Fields 
  • Get a Group Package – returns the Name and Download URL for the Group install package 
• Notification Webhooks - Using Notification Webhooks allows third-party to subscribe to certain Device Notifications. Notification Webhooks are directly associated with the API Token used to create them. If an API Token is revoked, any Notification Webhooks associated with it will cease to function.
  • Get All Notification Webhooks – returns a list of Notification Webhooks
  • Get a Specific Notification Webhook – returns the Notification Webhook details
  • Create a Notification Webhook – creates a Notification Webhook
  • Update a Notification Webhook – updates a Notification Webhook
  • Re-generate a Notification Webhook – re-generates a Notification Webhook secret key
  • Delete a Specific Notification Webhook – deletes a specific Notification Webhook

Mobile Application

New fields have been added to the Computer Information to indicate if a device is managed by MDM or by an Agent.

Patch Policy Dashboard Widgets 

We introduced new widgets for better patching visibility. 

Patch Status 

Patch Status widget divides devices into two categories: fully patched devices and devices with missing critical or important updates. Hidden updates are not considered. 

The Patch Policy Compliance widget assesses device patching status based on approved patches via Global and Patch Policy OS Rules. 
 
To easily view the patching schedule, the widget also displays the upcoming deployment and reboot schedules.

MSRC-based Patching Rules 

With this release, it is possible to build patching rules automation based on the Microsoft Security Classification (MSRC). It means that the Security updates category has expanded into 5 categories: 

• Security updates – Critical
• Security updates – Important 
• Security updates – Moderate
• Security updates – Low
• Security updates – Unspecified

Patching Rules Actions Rename

To make patching automation more predictable we renamed Global Rules and OS Rules actions.

• Approve and Install wasn’t changed.
• Don't install and Hide was renamed to Reject and Hide.
• Don't install was renamed to Skip and Review.

Silent Agent Deployment

With this release, the VSA agent will be silently installed during the MDM enrollment of the macOS computer. Additionally, we added an explicit command to proceed with this silent installation from the Device card. 

MDM Commands on the Device card 

With this release, we have added a dedicated section for "MDM commands" on the Device card of MDM-enrolled macOS computers. This is in addition to the agent-based commands. 

Networks 

Enhanced the Topology Map to expose additional NMAP scan data points in the device pane:

• The NIC vendor is now displayed alongside the MAC address.
• Device Type
  • Note: this is based on NMAP classification and does not automatically populate the device type in VSA, which uses different classifications.
• OS Match 
  
  

When enrolling a discovered device from the Topology Map, a warning will be displayed if the MAC address matches one or more existing enrolled devices. 

Other Enhancements

Agent Enhancements 

• The BSD Agent is now supported on 64-bit ARM architecture. 
• MacOS Agents now support automatic version updates. 
  • NOTE: Each existing macOS Agent will need to be updated to the latest version before automatic updates will work. 
• Linux, BSD, and macOS Agents are now included in search results when using the Top Bar’s Universal Search (aka Quick Search). 

Remote Control Enhancements 

• This release includes several performance improvements for Remote Desktop sessions.
  • The product will attempt to detect low bandwidth connections and automatically adjust connection parameters such as framerate, quality, wallpaper, and animations for better usability. 
  • The Remote Desktop Relay algorithm has been updated to optimize the selection of Relay Servers.  

Ransomware Detection 

• Updated Ransomware detection engine to version 1.2.1. This includes enhanced detection for new strains of ransomware, changed behaviors, and various other improvements to the speed and accuracy of detections. 

Automation

New Deviceless Context for Workflow Automation 

We are now introducing the deviceless Context for Ad-hoc and Scheduled Workflows, executing strictly from the VSA 10 server, without the need for any specific Scope, Org, or Device. This is our first step in expanding the Automation capabilities beyond just being Device-centric, targeting any external Cloud services.

The current list of supported deviceless Workflow Actions is:

• Conditions
• End Workflow
• Send Email
• API Call (new in 10.5)
• Workflow Log

Please note that only Custom Fields variables can be exposed in the above device less Actions. 

Introducing the API Call Workflow Action  

API Call executes strictly from the server and can be used in any of the Contexts, including the new device less Context above. API Calls can be used to send a custom payload to URLs, commonly called Webhook Endpoints. In this first version the authentication must be embedded as part of the URL and all the available variables can be used in the payload, making it extremely customizable to execute automation such as: 

• Azure Runbooks to pause/resume a virtual machine
• Send custom Teams or Slack messages
• Update a CMDB database with newly discovered Devices
• Alert a 3rd party Service Desk or Monitoring system with detailed trigger information

The API Call Workflow Action contains 3 fields and one toggle. 

• The web URL with embedded authentication hosting the Webhook Endpoint. Once the URL is added and the Workflow is saved the field will be masked. 
• Content type allowing to specify the payload format: 
  • Application/XML
  • Text/XML
  • Application/JSON
  • Application/X-WWW-FORM-URLENCODED
  • Text/HTML
• Payload content complete with variable support. 
• Timeout API Call after X seconds. The default value is 3 with a maximum of 10 seconds. 
  
  

Clone Workflows

You can now clone any existing Workflow, making it easy and fast to use existing Workflow as preferred templates and best practices or when you just want to make minor changes to existing ones, keep the original. 

Advanced workflow search and filtering

The ability to search and filter has been added to make it easy to navigate a growing list of Workflows. Search for name and description. Filter by Scope, Trigger type, Last executed and Last changed, among others. You can also expand the column list to make it easy to sort any list of Workflows to your specific needs.  

Windows environment variables support Workflow Actions

It’s now possible to refer to Windows environment variables in Workflow Actions where a path is required. Common variables like %windir% and %appdata% can be used in the following Workflow Actions:

• Write File
• Delete File
• Unzip File
• Get URL
• Get Device Value, Filesystem
• Get Device Value, Constant Value
• Execute Shell Command 
• Execute PowerShell Command 
  

Extended KB articles with practical examples covering Workflow features  

We regularly publish new KB articles in the VSA 10 help section covering key Workflow features complete with practical examples. Access the KB articles section “Automation - Scripts, Tasks and Workflows“ from the help icon at the top right corner. Latest additions: 

• Working Directory
• Get Device Value
• API Call

Bug Fixes & Improvements 

• Fixed an issue in Automation Workflows where Create PSA Ticket and Update PSA Ticket were not enabled for BMS / Vorex. 
• Enhanced the deployment reliability of the patch management engine. 
• Fixed an issue with the K1 integration for on-premise servers. 
• Fixes an issue where a patching report would fail in certain cases if the "Include pending OS patches" option is selected in the template. 
• Fixes an issue with the Patch Policy un-assignment for Windows Server 2016. 
• Fixed an issue where Audit Log entries were generated with <unknown> user. 
• Fixes an issue with the Bitdefender integration not showing the correct install status. 
• Fixes an issue when setting up system-level exceptions that might produce unexpected results. 
• Additional 30 minor fixes and improvements.