Endpoint Privilege Management SaaS 24.5 release notes
August 13, 2024
This release notes document covers the following:
Requirements
- Microsoft .NET Framework 4.6.2 (required to use EPM Windows adapter)
Note
For more information about Windows or macOS requirements, see the Privilege Management Release Notes.
Console
New features and enhancements
JIT application access
To smooth rollout and decrease your time to value with EPM, we've brought the popular exception management capability Just-in-time (JIT) application access into EPM SaaS workflow.
Specify in policy application groups you would like your end users to request the ability to run or elevate by specifying the Request action in message.
Your end users can view requests and their status using a new endpoint application installed with EPM, accessed via the System Tray or Menu bar.
Your EPM SaaS administrators (or those with the specific role of Request Approver) action the requests within the EPM SaaS Console, choosing whether to deny or allow the application and for how long that application can be used.
All requests and decisions made are audited.
Incorporate the applications most requested and approved into your policy via a new analytics dashboard tile.
Role based permissions
EPM's implementation of role based access has been updated to provide a way to define permissions and broadly assign those permissions to users. Roles have been added as a way to assign permissions to users. A role is a group of permissions, and can be:
- Builtin: Predefined roles included with EPM.
- Custom: Create a role that permits access based on your user's responsibilities and required access.
Assign roles to more than one user at a time to save time when setting up EPM.
Granular filtering on application rules
Add account filters at an application rule level, either Application Rule or On-Demand Application Rule. Use this filtering to add certain users and groups to a specific rule. This granular filtering ensures that applications will only be accessed by those employees that require it. Search and add users and groups to the application account filters via Entra ID or Local AD for Windows. Supported on clients:
- EPM-W from 23.5
- EPM-M from 23.7
Policy Editor
- A proxy configuration setting is available when adding an Identity Provider in Policy Editor messages. The Windows endpoint client can use the proxy when triggering MFA messages ensuring that HTTPS calls for authentication are routed correctly according to the customer's network configuration and security policies.
- Moved Password Safe Integration Settings to Utilities to improve its findability and overall user experience.
Issues resolved
Policy Editor
- Resolved an issue with adding valid SID values. SIDs up to 256 characters long can now be entered when adding account filters to Windows Workstyles, Custom Tokens, Messages > Designated Users and Application Rules.
- Resolved an issue with adding more than one email address in the Mail to field in Windows Block and Request message types. The Mail to field can now accommodate more than one email address.
- Fixed issue so on edit of a macOS application rule Reporting Events now has disabled styling when Auditing is set to OFF.
Privilege Management Reporting
We are pleased to announce that Privilege Management Reporting has now been succeeded by Analytics V2. As of July 1, 2024, we will begin removing access to legacy reporting.
- Resolved an issue with the expand (+) elements in Discovery reports. Now, clicking + to expand more information displays correctly in the Discovery > All report.
- Resolved an issue with the timezone in an exported CSV file. The timezone displayed in the CSV will now match the system and PMR timezone.
Components:
- PM Reporting Database: 23.9.13
- Policy Editor: 24.5.349
- PM Reporting UI: 24.5.79
- Event Collector: 24.5.1
- EPM SaaS: 24.5.1037
- PM Capture Config Mac OS: 24.5.0.1
Compatibility
Important
Do not install a new adapter version before you are running a version of Endpoint Privilege Management SaaS that supports it. Installing an unsupported adapter can result in endpoints that no longer connect. You will be notified before your instance of Endpoint Privilege Management SaaS is upgraded.
Supported Versions
- PM Windows Adapter: Recommended: 24.5.1037 | 24.4.361 | 24.3.766 | 24.2.499 | 24.1.581 | 23.9.578 | 23.8.515 | 23.7.356 | 23.6.562 | 23.5.516| 23.4.424 | 23.3.256 | 23.2.506 |23.1.942.0 | 22.9.393.0 | 22.8.396 | 22.7.271 | 22.6.273 | 22.5.144
- PM for Windows: Recommended: 24.5.351 | 24.3.294.0 | 24.1.108.0 | 23.9.225.0 | 23.7.150.0 | 23.6.76.0 | 23.5.212 | 23.3.130.0 | 23.1.259.0 | 22.9.268 | 22.9.243 | 22.7.205.0 | 22.5.184.0 | 22.5.179.0
- PM for macOS: Recommended: 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 23.3.1.1 | 23.3.0.1 | 23.1.0.1 | 22.9.0.22 | 22.7.0.83
- PM macOS Adapter: Recommended: 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 22.5.1.1 | 23.3.0.1 |23.1.0.1 | 22.9.0.22 | 22.7.0.83 | 22.5.0.1
- PM Rapid Deployment Tool for macOS: Recommended: 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.1.0.1 | 23.9.0.1 | 23.7.0.1 | 23.5.0.1 | 23.3.0.1 | 23.1.0.1 | 22.7.0.9 | 22.5.1.1 | 22.5.0.1
- PM Response Generator for Windows: Recommended: 24.5.351.0 | 24.3.294.0 | 24.1.108.0 | 23.9.225.0 | 23.7.150.0 | 23.5.212 | 23.3.130.0 | 23.1.259.0 | 22.9.268.0 | 22.9.243.0 | 22.7.205.0 | 22.5.184.0 | 22.5.179.0
- PM Response Generator for macOS: Recommended: 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 23.3.0.1 | 23.1.0.1 | 22.7.0.83 | 22.5.1.1 | 22.5.0.1
- PM MMC snap-in: 23.9.225.0 | 23.7.150.0 | 23.5.212.0 | 23.3.130.0 | 23.1.264.0 | 22.9.268.0 | 22.9.243 | 22.7.205.0 | 22.5.184.0 | 22.5.179.0