DocumentationAPI ReferenceRelease Notes
Log In
Release Notes
Back to All

Endpoint Privilege Management SaaS 24.7 release notes

3 months ago

November 12, 2024

Requirements

  • Microsoft .NET Framework 4.6.2 (required to use EPM Windows adapter)

ℹ️

Note

For more information about Windows or macOS requirements, see the Privilege Management Release Notes.

New features

To boost productivity, streamline deployment processes, and speed up the value realization journey with EPM, we are introducing Just-in-Time (JIT) Admin Access. This innovative feature provides temporary local admin permissions to your standard user base, offering a quick solution for situations not yet addressed by your existing policies.

To enable this feature, go to EPM SaaS and in your policy which workstyles are authorized to request admin privileges. Users belonging to these workstyles can kick off an admin session through their EPM endpoint app, conveniently accessible from the System Tray or Menu bar. The EPM endpoint app offers a detailed overview of past requests.

Your EPM SaaS administrators (or individuals assigned the specific role ofAdminAccessRequestApprover) oversee these requests in the JIT Access Management > Admin section of EPM SaaS. They have the authority to approve or decline requests and set the duration of the admin session.

Available in Windows and macOS.

We now run on ARM64!

Endpoint Privilege Management for Windows and it's associated endpoint components now run on ARM64 so that you can continue to protect your whole estate, whether you're managing, Intel, AMD, or ARM64 hardware.

Limited to estates managed via Endpoint Privilege Management SaaS.

ARM64 support limitations:

  • PowerRules
  • PowerRules will not work, and will not run the script, falling back to the default action for that rule

Audit script

Audit scripts using PowerShell will not run at all. VB and JS audit scripts should still work.

COM class

COM elevation-type rules will fail to elevate if UAC is disabled and the action is performed by an administrator account. If the user is not an administrator, or if UAC is enabled, then the rule will function as expected

Enhancements

  • Added severity levels to sort and prioritize the issues to resolve.
  • Added additional checks on application definitions and unused audit scripts
  • When you select Save & Unlock after changing a policy, the Policy Assistant runs checks to detect any policy configuration issues.
    • If no issues are detected, a confirmation displays in the Save & Unlock panel.
    • If issues are detected, the number of conflicts and a link to view more detail displays on the Save & Unlock panel.

Available in Windows and macOS.

Removed the Days Last Connected condition as a requirement from Archive management rules so computers don't have to be disconnected for a day before they can be archived.

Updated Application Type values for Event Details in Analytics v2 to display the full unabbreviated application type.

Updated the Computer Policy Summary pie chart on the EPM Home page to show 3 categories, making it more efficient and user-friendly. Summary now displays: On Assigned Policy, Awaiting Policy Update, and No Policy.

Updated Management API to reflect the new structure of the roles by showing the permissions granted and the users that are assigned to them. All the changes performed on the APIs must guarantee backwards compatibility.

MethodRouteFunctionalityWha'ts new in V3
GET/management-api/v3/usersList EPM Users
  • The roles property now contains the new roles introduced by new RBAC.
  • New property permissions contains the customized permissions assigned to a user (old roles)
  • The roleName property was renamed to userTypeAdded filters to get users by roleId or permissionId
POST/management-api/v3/usersCreate EPM UsersAdded property globalRolesIds in request body to assign new roles to the new user.
GET/management-api/v3/users/{userId}Get Details of a EPM UserThe roles property now shows the new roles introduced by new RBAC. New property permissions contains the customized permissions assigned to a user (old roles)
POST/management-api/v3/users/{userId}/Assign roles or customized permissions to an existing userAdded property globalRolesIds in request body to assign new roles to the existing user.

Issues resolved

Product AreaDescriptionResolution
Policy EditorWhen uploading an audit script, content is overlapping so its not possible to select an item from the menu.Removed the content overlay. Can now select menu items.
Policy EditorNot able to upload files with uppercase characters. File names included .ps1 or .json.Rule script names are no longer case sensitive.
Package ManagerPackage Manager for macOS was failing to validate DYLIB files due to application entitlements.Only DYLIB files signed by BeyondTrust can be validated.
Package ManagerPackage Manager timeout when installing the client and adapter.Package Manager successfully installs client and adapter software.
Activity AuditingPage results slow to load when using filtering on the Activity Auditing page.Improved load times on the Activity Auditing page.
JIT App accessProcessing times for saving JIT Application Access requests could take time.Enhanced the processing time for JIT Application Access requests.

Components:

  • PM Reporting Database: 23.9.13
  • Web Policy Editor: 24.7.266
  • PMR UI: 24.7.67
  • Event Collector: 24.7.20
  • PM Cloud: 24.7.831

Compatibility

⚠️

Important

Do not install a new adapter version before you are running a version of Endpoint Privilege Management SaaS that supports it. Installing an unsupported adapter can result in endpoints that no longer connect. You will be notified before your instance of Endpoint Privilege Management SaaS is upgraded.

Supported Versions

  • PM Windows adapter: Recommended: 24.7.831 | 24.6.697 | 24.5.1037 | 24.4.361 | 24.3.766 | 24.2.499 | 24.1.581 | 23.9.578 | 23.8.515 | 23.7.356 | 23.6.562 | 23.5.516| 23.4.424 | 23.3.256 | 23.2.506 |23.1.942.0 | 22.9.393.0 | 22.8.396 | 22.7.271
  • PM for Windows: Recommended: 24.7.425.0 | 24.5.361.0 | 24.5.351 | 24.3.294.0 | 24.1.108.0 | 23.9.225.0 | 23.7.150.0 | 23.6.76.0 | 23.5.212 | 23.3.130.0 | 23.1.259.0 | 22.9.268 | 22.9.243 | 22.7.205.0
  • PM for macOS: Recommended: 24.5.2.3 | 24.5.1.1 | 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 23.3.1.1 | 23.3.0.1 | 23.1.0.1 | 22.9.0.22
  • PM macOS adapter: Recommended: 24.5.2.3 | 24.5.1.1 | 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 22.5.1.1 | 23.3.0.1 |23.1.0.1 | 22.9.0.22
  • PM Rapid Deployment Tool for Mac OS: Recommended: 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.1.0.1 | 23.9.0.1 | 23.7.0.1 | 23.5.0.1 | 23.3.0.1 | 23.1.0.1 | 22.7.0.9
  • PM Response Generator for Windows: Recommended: 24.7.425.0 | 24.5.361.0 | 24.5.351.0 | 24.3.294.0 | 24.1.108.0 | 23.9.225.0 | 23.7.150.0 | 23.5.212 | 23.3.130.0 | 23.1.259.0 | 22.9.268.0 | 22.9.243.0 | 22.7.205.0 | 22.5.184.0
  • PM Response Generator for MacOS: Recommended: 24.5.2.3 | 24.5.1.1 | 24.5.0.1 | 24.3.0.1 | 24.1.0.1 | 23.1.0.1 | 23.9.0.1 | 23.7.0.3 | 23.5.0.3 | 23.3.0.1 | 23.1.0.1 | 22.7.0.83 | 22.5.1.1
  • PM MMC snap-in: 23.9.225.0 | 23.7.150.0 | 23.5.212.0 | 23.3.130.0 | 23.1.264.0 | 22.9.268.0 | 22.9.243 | 22.7.205.0 | 22.5.184.0 | 22.5.179.0

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.