Ivanti Product Update, April 2022
Product updates and releases covered in this newsletter:
- Ivanti Neurons
- Unified Endpoint Management
- Extended Products Group
- User Workspace Management
Introducing Ivanti Neurons Patch for MEM
Ivanti is excited to announce the release of the all-new Ivanti Neurons Patch MEM (Microsoft Endpoint Manager). Ivanti Neurons Patch for MEM publishes pre-tested third-party application updates from Ivanti’s Neurons cloud platform directly to Microsoft Intune. This lets IT teams deploy third-party application updates alongside Microsoft updates within Intune as part of their existing application lifecycle management workflows. As a cloud-native solution, Ivanti Neurons Patch for MEM enables those organizations to migrate their patching workloads entirely to the cloud without the need for any additional infrastructure.
Ivanti Neurons Patch for MEM also provides actionable threat intelligence and patch reliability insights. The threat intelligence helps organizations prioritize remediation activities based on adversarial risk while patch reliability insights let them evaluate application updates based on their reliability in real-world environments before deploying them.
Ivanti has long offered our on-premises Ivanti Patch for MEM product and will continue to do so. Ivanti Neurons Patch for MEM was created for organizations whose goal is to manage their application lifecycle management workflows purely from the cloud and no longer want to maintain MEM / System Center Configuration Manger (SCCM) infrastructure.
Visit the Ivanti Neurons Patch for MEM product page to learn more.
Former RiskSense products rebranded and enhanced
In August 2021, Ivanti acquired RiskSense, a pioneer in risk-based vulnerability management and prioritization. As part of our 2022 Q2 product launch, the former RiskSense offerings have been rebranded as Ivanti Neurons offerings. Those offerings are now known as the following:
- Ivanti Neurons for Risk-Based Vulnerability Management (RBVM)
- Ivanti Neurons for App Security Orchestration & Correlation (ASOC)
- Ivanti Neurons for Vulnerability Knowledge Base (VULN KB)
In addition to being rebranded, each of the above offerings have also received significant enhancements. All three products now benefit from an updated Vulnerability Risk Rating (VRR) scoring model, as well as a new notification engine and deep link capability. Ivanti Neurons for RBVM and Ivanti Neurons for ASOC have also both been updated to include user widgets, which let users create fully customized dashboard widgets that meet the exact needs of different roles and teams, plus several new integrations.
Ivanti Neurons for VULN KB has been upgraded with multiple unique enhancements as well:
- CPE filtering lets users search using CPE (common platform enumeration) string formats within the product’s API.
- The API also now enables users to view the temporal aspects of the CVSS 3.x formula for any vulnerability with a CVSS 3.x score.
- Apple, Google, Qualcomm and Samsung have been added as new sources.
Head to the product pages for these offerings – linked in the bulleted list above – to start learning more about these enhancements.
New Ivanti Neurons for Patch Management features
First released in 2022 Q1, Ivanti Neurons for Patch Management is a cloud-native patch management solution that helps organizations better protect against threats, including ransomware, by arming them with actionable intelligence on active risk exposure, patch reliability, and device compliance, health and risk. Since its initial release, the product has been upgraded to let users create, edit and deploy by patch group and to deploy by vendor/product. It has also received multiple other UI and functionality enhancements.
Read the Ivanti Neurons for Patch Management product page for an introduction to this offering, then view our Evolve to a Risk‑Based Vulnerability Remediation Strategy webinar for a deeper dive.
Expanded FIDO support for Ivanti Zero Sign-On (ZSO)
Ivanti ZSO is a passwordless authentication solution. This product has recently been enhanced to support Windows Hello and Mac Touch ID for FIDO authentication. Users can now use these built-in platform authenticators to securely access cloud applications and unmanaged desktops through Ivanti ZSO.
Watch this Ivanti ZSO demo to learn more about this offering.
ISA 8000 series hardware appliance now available for order
Today we are proud to announce availability of the ISA 8000 series hardware appliance. The ISA 8000 is the newest generation of Ivanti Security Appliances for Ivanti Connect Secure and Ivanti Policy Secure deployments. The ISA 8000 boasts massive performance boosts over the PSA 7000 series, has double the RAM and features a TPM chip on-board to ensure software and operating system integrity. With redundant power supplies, hard drives and network interfaces, the ISA 8000 minimizes downtime and keeps users connected and safe.
On top of the bevy of performance and security enhancements, the rack-mounted ISA 8000 appliance is physically smaller than the previous generation with a compact 1U chassis that is less than 600mm deep and only requires 400W of power.
The ISA series appliances are designed from the ground up with analytics in mind. With enhanced telemetry and customizable syslog output, ISA series appliances can easily be added into an existing enterprise monitoring solution like Ivanti Neurons for ITSM, and an expansive API library allows power-user administrators to script and automate to their heart’s content.
Centralized management and analytics are available through Neurons for Secure Access, Ivanti’s cloud-hosted management platform for Ivanti Connect Secure deployments.
View the datasheet to learn more about Ivanti Security Appliance, and visit the FAQ post too.
Introducing the Digital Experience Score to measure the employee experience
IT organizations are increasingly tasked with delivering great digital employee experiences, which can positively impact productivity, talent acquisition and retention, security and operational agility. However, many IT organizations struggle to effectively quantify and optimize those employee experiences. How do you measure the employee experience in your organization?
We are excited to introduce the Digital Experience Score (DEX Score) within Ivanti Neurons Workspace to you in this quarter’s release. The DEX Score provides a holistic measure and contextual insights into the experience that employees get through the devices, operating systems and applications that they rely on in the Everywhere Workplace. It aggregates data from service management, device experience, security posture and application indicators to provide you with a comprehensive, holistic view of your employee’s digital experience. The new Digital Experience Score also surfaces potential issues and makes recommendations on actions that can help remediate and improve the digital experience for your employees. Check out this quick demo to see how it works. For more information on the Digital Experience Score watch the What’s New recording.
Finally, we have added new functionality to the Ivanti Neurons platform solution to further improve the employee experience, security and overall operational excellence. You can find all the new updates for Ivanti Neurons 2022.2 in the Help Documentation.
Unified Endpoint Management
What’s new with EPM 2022
With the release of Endpoint Manager 2022, Ivanti continues to innovate with new features:
- Enhanced Windows Autopilot support.
- Updated search.
- Updated APIs.
- PowerShell requirements.
- Software distribution enhancements in the Web Console 2.0.
- Quickly find a user and/or device.
- Install and uninstall software packages.
- Find and filter between different types of software packages.
- Get deployment status via task notifications.
- Improved query import capabilities in the console.
- Removed the 50-device limitation when importing.
- Improved inventory scanner for macOS.
- Reduced to one inventory scanner to reduce contention.
- Reduced scan time from 7-12 minutes to 1-2 minutes.
- Enhanced security for Remote Control.
- Eliminated HTML and legacy versions of RC.
- Latest version of RC will improve security and reduce confusion.
What’s new with Neurons for MDM R82 & R83
With the Neurons for MDM R82 and R83 release, Ivanti added several new features to improve IT productivity, security and user experience across the platform. These new features improve IT efficiency by automating and streamlining app distribution, updates and configuration process. New features also enhance device security during BYOD enrollment and provide users with a better onboarding experience. Ivanti continues to support more COSU use cases, and the 5G slicing feature is exciting news to many enterprise customers for enhanced security.
For Apple devices:
- Streamline BYOD user onboarding process and add security layers.
- Eliminate the need for credentials by scanning a QR code to register your device.
For Android devices:
- Reduce risks from missing updates on business-critical apps on COSU devices.
- Improve IT efficiency troubleshooting without user interaction via unattended remote-control sessions.
- Improve IT productivity via streamlined managed app configs.
- Enhance security on corporate devices via 5G slicing – work traffic can be routed and prioritized.
- USB charging only helps prevent potential data breaches.
For Windows devices:
- Deployment package helps customers with cloud transition and provides seamless co-management experience.
- Improve IT productivity and experience with new features supporting Autopilot.
What’s new with EPMM 11.6
With the EPMM 11.6 release, Ivanti added several new features to improve IT efficiency, user productivity and experience across the EPMM platform.
For Apple devices:
- More IT control to manage shared iPad for enhanced security and visibility.
For Android devices:
- Support lost device use case for Android via customizable LockScreen message.
- More features to support use cases to secure Android corporate-owned devices while ensuring privacy and personal data.
- Enhanced security on corporate devices via 5G slicing – work traffic can be routed and prioritized.
- Seamless cloud migration enabled for Android Enterprise (AE) Wi-Fi only devices.
For the admin experience:
- Make EPMM upgrades easier through improved upgrade check error messages and better audit logging, which enables customer self-help, reduces support calls and increases customer satisfaction.
What’s new with Secure Productivity, Secure Connectivity and Access
With the Q2 release, Ivanti added several new features to Secure Productivity Apps, Secure Connectivity and Access. These new features improve IT efficiency, security, user productivity and experience across the platform.
- Improved email security - support for Entrust derived credentials.
- Increased adoption of email security with broader S/MIME support.
- Improved productivity with non-blocking and faster file transfers.
- Sentry is no longer vulnerable to the Log4j CVE.
- OAuth with MFA provides additional security by requiring a second form of verification to access Office 365 Exchange online.
- Reduce impacts on user productivity via disaster recovery support for admin and Split Tunnel Disaster recovery for iOS.
- Help secure IoT devices via Private PKI support.
- Improved iOS shared device management by supporting multi-user session scenarios.
We are excited to announce the latest release of Ivanti Xtraction 2022.1 that comes with many new features requested by our customers including:
- Capability to execute actions on external MobileIron data.
- Continued enhancements to highlight rules.
- Ability to export editable-layout dashboards.
Please review the release notes and documentation on Ivanti Community for details about these improvements and updates.
Extended Products Group
Ivanti Workspace Control 2022.2
Ivanti Workspace Control continues to add customer-requested feature enhancements with each release and the 2022.2 release continues this trend by including the following capabilities:
- Authorized owners: Following the initial introduction of this feature in the 2022.1 release, the 2022.2 release integrates authorized owners with the existing Workspace Control security features. As a result, it is now possible for an application to start if it matches the file hash or certificate rules even though the application doesn’t match the authorized owner rules. This greatly simplifies the implementation of application security in real-world environments.
- Audit trail: To further improve the troubleshooting capabilities within Workspace Control, we’ve updated the audit trail feature with additional information to provide insights into who changed what on a configuration object. We’ve also added versioning support, making it possible to export the object as it was available before the change was applied.
- Logoff events: We’ve added logoff events to the user event log to help with troubleshooting of logoff issues.
- Export: We’ve enhanced the export capabilities so that list views in the console can now easily be exported, enabling exports to be used for documentation purposes or imported into applications like PowerBI or Splunk for reporting purposes.
- Integrations: We’ve made it easy for customers to migrate to Workspace Control from VMware DEM by providing the ability to easily transform VMware DEM INI files into Workspace Control user settings. In this release, we’ve also made the decision to remove the direct integration to Ivanti Neurons for Edge Intelligence. Organizations can continue to access Edge Intelligence via a web browser directly through Ivanti Neurons.
For more details and a full list of all of the new capabilities, check out the Release Notes. Also, check out the latest videos on the Ivanti Workspace Control showcase page along with recent blogs from a customer (Making the Everywhere Workplace a Reality) and a partner (The Power of Ivanti Cloud Dispatcher).
Ivanti Device & Application Control 2022.2
The 2022.2 release introduces the following new features:
- Manage BitLocker recovery keys: Manage, store and retrieve BitLocker recovery keys directly from the management console. This will enhance the BitLocker system drive encryption as you don't have to manage the recovery keys separately within a different interface.
- Inactive clients with individual settings assigned report: A new report displays all inactive clients that have a direct configuration assignment within the management console. This will allow you to identify clients that potentially no longer exist and still have permission/settings entries, enabling you to remove clients and/or clean up permissions/settings.
- Better visibility of FIPS mode compliance: The client status report now includes additional information of the FIPS status. This will help determine whether or not the FIPS mode has been configured correctly for each client.
- Application Control performance improvement: We increased the loading speed of the scan results within the scan explorer and .exe explorer. In addition, adding additional files to file groups within the scan explorer received a performance boost.
For more details and a full list of all of the new capabilities, check out the Release Notes. Also, check out the latest videos on the Ivanti Device & Application Control showcase where we’ve added a series of detailed videos to assist customers with macOS configuration. If you haven’t already completed the Ivanti Device & Application Control survey, go ahead and do this now. It should only take you about 10 minutes to complete and will provide you with an opportunity to influence our future roadmap.
Ivanti Identity Director 2022.2
In the 2022.1 release we added access certifications. We’ve added a number of enhancements to this functionality in the 2022.2 release:
- Add images to campaigns: You can now upload images for your access certification campaigns to improve overall usability, particularly when dealing with a large number of reviews at the same time.
- Actions moved under campaigns: All the buttons used to modify the campaign status can now be found under a dynamic section called campaigns.
- Email of campaign owners displayed in campaigns in the web portal: The email address of each campaign owner is displayed when reviewers click on the text area if the campaign.
- New reviewer type options: You can now select groups and smart rule from the reviewer type drop-down list, in addition to the existing individual reviewers option, greatly expanding the functionality of the certification campaigns.
- Operations added to the audit trail: Access certification events such as adding or editing campaigns and deleting campaign instances or definitions are now logged in the audit trail, allowing a closer scrutiny of the operations done and improving the reporting capability.
- Reconciliation: You can now select a Microsoft Active Directory connector to import information about security groups and organizational units into the management portal. This is used for entitlement reconciliation.
In addition to access certification enhancements, we’ve also added the following:
- Provide information enhancement: On the pages tab of a "provide information" workflow action, you can now enable dynamic attributes for list and checklist service attributes.
- Web portal enhancements: We’ve updated the behavior for services set as favorites such that the service is displayed in the web portal, even with the "show in my store" option disabled. In addition, in the web portal, under account, users can now manage the applications used for sign in, password reset or unlock account from the newly added security tab.
For more details and a full list of all of the new capabilities, check out the Release Notes. Also, check out the latest videos on the Ivanti Identity Director showcase page covering topics such as access certification.
Ivanti Service Desk 2022.2
The 2022.2 release introduces the following new features:
- Outbound REST web service – release 1.0: In this release, we have added the ability to create an outbound API call to a REST-based endpoint as a process action. This underpins the ability for Service Desk to integrate with Ivanti Automation as well as significantly improves the ability for Service Desk to be integrated with many other third-party tools.
- Integration with Ivanti Automation: Customers will be able to define round-trip request fulfilment between Service Desk and Ivanti Automation using pre-built Ivanti Automation tasks, which will be available through the Ivanti Marketplace.
- Chat for workspaces and web access – release 2.1: We are continuing to add functionality to the chat feature. In this release we’ve added the ability to define automated messages for chat sessions.
For more details and a full list of all of the new capabilities, check out the Release Notes.
Ivanti Desktop & Server Management 2022.1
The 2022.1 release introduces the following new features:
- Microsoft InTune connector: We have developed a connector between DSM and Microsoft InTune, which allows you to distribute the DSM agent via Microsoft InTune. The connector can be configured directly via the DSM management console.
- Allow single package installation via command line using "InstallPackage.exe": You now have the ability to start a single package installation via the command line using the file "C:\Program Filex (x86)\NetInst\InstallPackage.exe". This can be particularly useful in case you want to install only one specific package or if you want to leave a link to a software on the user's desktop, which will enable the user to install the software directly by executing this link/command.
- DSM remote control enhancements: We’ve added the ability to recover agent status after network connectivity changes (e.g. switching from Wi-Fi to wired network), which eliminates the need to restart the services manually. In addition, after modifying settings for DSM remote control within the DSM configuration (ICDB), the changes will automatically apply. There is no longer a need to restart the DSM remote control services manually.
For more details and a full list of all of the new capabilities, check out the Release Notes. Also, check out the latest videos on the Ivanti Desktop & Server Management showcase where we’ve added a series of videos. If you haven’t already completed the Ivanti Desktop & Server Management survey, go ahead and do this now. It should only take you about 10 minutes to complete and will provide you with an opportunity to influence our future roadmap.
User Workspace Management
Ivanti Application Control simplifies management of temporary application access requests for IT helpdesk staff. Users can respond directly to denial of access notifications with a request for temporary access. These requests can be routed directly to an integrated helpdesk system for immediate response, fully automated where appropriate. Previously available for integrated Ivanti Neurons for ITSM environments, Ivanti Application Control now extends this capability to integrated ServiceNow environments.
Ivanti Application Control is part of the Ivanti User Workspace Manager suite.
Modern operating systems put a drain on resources and a drag on user experience. For example, users often have poor application experiences in a multi-user environment when high loads occur during morning logons. Ivanti Performance Manager now provides dynamic and autonomous resource self-healing to mitigate resource drain and ensure consistent performance.
Ivanti Performance Manager is part of the Ivanti User Workspace Manager suite.