Thanks to your feedback in the User Voice portal, and our roadmap for the future of Ivanti Device and Application Control as discussed in the webinar earlier this year, we are pleased to announce the latest 5.2 release of Ivanti Device and Application Control. Hopefully by now you realize Ivanti is serious about making significant updates to the dedicated set of Ivanti products that form the Independent Business Unit.

This content rich update is available for download now! Here’s an overview of the most important updates.

Unlock Tool for macOS  

Ivanti Device and Application Control now offers a macOS utility tool that enables users to read/write content from removable devices that were encrypted on Windows endpoints. After the user attaches the device to a macOS endpoint and provides the necessary password, they can easilty access the data. This provides transparent access through Finder when the device is attached.  

Manage Assets Using Active Directory  

With the 5.2 release we have improved our integration with Active Directory (AD) so you can enforce policies on AD Organizational Units and enjoy effortless asset management. After enabling this option, if an integration exists, the organizational units (OUs) from Active Director will be visible under Machine-specific settings. Now, you can assign permissions as you would do on any group.  

Standalone Endpoint Management  

This 5.2 update brings additional tools for managing endpoints that are not connecting to the central server. The client has the option to export details related to (1) Attached devices and (2) Local users and endpoint informationThis data can be imported into the management console and based on that, the administrator can tailor policies that can be exported and imported in the isolated endpoint.  

Stronger Encryption  

A big step in improving the product security was made by changing the encryption algorithms for:  

  • Password derivation – from SHA-256 to Argon-2id and PBKDF2  
  • Disk encryption – from AES-256-CBC to AES-128-XTS  
  • The administrator decides what happens with devices that were encrypted with older algorithms. Three options are available: 
  • Allow the use of this devices 
  • Upgrade the encryption then the device can be used 
  • Deny the use of the device 

Improved SIEM Integration  

To be able to support more SIEM (Security Information and Event Management) applications with update 5.2, we are providing two new implementations: one brings the option to feed data directly into Windows Event Viewer, the second brings data in JSON format. The majority of SIEM applications will be able to consume the logs in this way.  

Device Control Server-Side Software Development Kit

Ivanti Device and Application Control 5.2 provides new automation possibilities and better integration with third party applications by exposing the SDK (Software Development Kit) methods for the server application. You can enforce permissions on groups of endpoints and override the settings, that you would usually do from the management console.  

Better Detection for Hard Disk Drives  

Fine-tune the Hard disk drive detection (HDD) by choosing how this kind of device should be identified. Based on the lack of removable capabilities, reported by the operating system, or by also taking into consideration the buses. The option can be enabled/disabled from the default settings. 

See the detailed list of updates and fixes in the release notes and find out if your suggestion made it into this round of updates.