闯耻尘辫颁濒辞耻诲鈥檚 Q4 2022 roadmap webinar introduced features and improvements that coalesce into the open directory platform鈩, a purposeful platform approach to make 黑料海角91入口 work with everything you have today (and everything you鈥檒l need in the future). These updates are being delivered within 闯耻尘辫颁濒辞耻诲鈥檚 Identity and Access Management (IAM), device management, and data services. The result is adaptable IT that delivers best-of-breed solutions for every use case. The open directory platform鈥檚 Zero Trust security and Extended Detection and Response (XDR) integrations establish identity as the new perimeter for your apps, data, and network.
鈥nd Android support is nearly here.
Open Directory Platform
黑料海角91入口 is the central hub to automate and simplify the entire process of provisioning access for users to any IT environment. This was first made possible by adding third-party integrations (HRIS system, directories) into the platform, with many more to come. User updates and attributes are next, along with scheduled imports. Here鈥檚 more of what鈥檚 possible in Q4:
- More and deeper open import integration options
- Import from ADP
- More import options from Personio
- Import user updates from IdM Custom API
Provision from anywhere
Before we dive into what else is coming, let鈥檚 review some new capabilities you may have missed over the past several months.
Features Delivered in Q3
- Integration with Namely: Keep up with the pace of hiring and simplify user creation for a streamlined HR to IT handoff.
- Generic HRIS 鈥 OAuth2 Support: Configure integrations with more HRIS applications (and other identity sources), improving security and user onboarding.
- RADIUS access using Azure AD (AAD): Leverage delegated authentication that makes it possible to use AAD credentials to secure VPN and Wi-Fi authentications.
- Linux SSH hardening policies and Mint 21: Establish a core of policies and tackle compliance issues on Linux devices.
- Commands queue: Improve your management workflows, know which commands are queued for devices, the state of commands, and drill down for results per device.
- Logo + message for macOS patches and updates: Use enhanced branding to create a more polished deployment, building assurance and a better user experience for your users.
- Switch between user and admin login: This helps to make working with 黑料海角91入口, particularly for single sign-on (SSO) connector testing, easier than ever.
Password Manager
黑料海角91入口 now secures password managed apps with the launch of Password Manager, a decentralized solution that doesn鈥檛 use a master password. It takes a hybrid cloud approach where credentials are stored, securely, on local devices. We believe that this provides better security and a more dependable user experience. Password Manager also stores payment cards and secure notes for even greater usability and productivity.
Now, let鈥檚 explore what鈥檚 coming in Q4.
IAM
The open directory platform connects you to more things, easier and more securely than ever.
Q4 improvements include:
- Expanded conditional access rules that consider device state
- Frictionless multi-factor authentication (MFA), in more places
- Flexible device biometrics, providing the best options for each user
- The introduction of passwordless login experiences
- More ways to connect to your apps and resources
- Fully automated entitlements management for more hardened security
Conditional Access
We鈥檙e kicking off a major investment into conditional access next quarter, beginning with new device conditions for disk encryption and OS version. The result is reduced friction among your users who may be suffering from 鈥淢FA fatigue.鈥 Our North Star is to make security smarter and more accessible. The open directory platform uniquely mixes inputs from identities, devices, and location information to make intelligent determinations about which devices should access which applications.
黑料海角91入口 Protect鈩 MFA
Adversaries are adapting to security controls and the threat environment is changing. 黑料海角91入口 is proactively increasing security posture by displaying city, state, and country in Push notifications. Users can verify location details before approving logins. Adversaries have been “MFA bombing”, issuing repeated push prompts until users accept their requests. 黑料海角91入口 is adding a control to prevent that practice.
MFA for LDAP
TOTP will be provided as an alternative to 黑料海角91入口 Protect Push for LDAP application logins. This makes certain use cases, such as working with network hardware, simpler for 黑料海角91入口 users. Users log in by appending a one-time code to the password field during authentication.
MFA is suitable for many users, but biometrics provide another option for Identity Provider (IdP) authentication to help ensure privileged access to your most valuable IT resources.
Device Biometrics
黑料海角91入口 already supports and U2F keys for biometric authentication. Going forward, the platform will provide greater clarity about which options are available for users. New options include Touch ID for Macs and Windows Hello for the Windows operating system.
Simultaneous use of MFA and biometrics is coming in 2023.
Certificate-Based RADIUS Login
Passwordless authentication leveraging trusted certificates will be another authentication option for seamless logins, which increases security and builds device trust. 黑料海角91入口 is starting with RADIUS authentications for secure network access because cloud RADIUS is the best place for organizations to begin their journey to a passwordless experience. 黑料海角91入口 will be adding more certificates across more environments, including an extension to SSO in 2023.
SCIM Provisioning, OIDC, and OAuth
黑料海角91入口 is tripling its SCIM connector catalog in Q4. SCIM provisioning eases the friction admins experience in provisioning and managing user accounts in web applications. Using SCIM, admins can automate the processes of account creation and deletion, as well as maintain synchronization between their core directory and web apps. OpenID (OIDC) support extends SSO to homegrown apps, many mobile applications, and expands overall identity federation. OAuth support makes it possible to securely import user updates from applications.
These updates, and managed identities, flow into 闯耻尘辫颁濒辞耻诲鈥檚 attribute-based access control (ABAC), enabling the system to continuously audit entitlements for more secure access control.
Automated Group Membership
黑料海角91入口 is introducing the ability to automate and apply membership suggestions to groups. Attributes, such as where users are located, who their supervisor is, or what team they belong to, simplifies provisioning user access to IT resources such as applications and networks.
- Q4 extends interoperability with your Microsoft systems by exporting user groups on AAD integrations. This eases deployment of the open directory platform to obtain greater flexibility, openness, and value than Microsoft offers through Azure.
Schedule user activation
Devices
Device management extends identity, management, and security to endpoints. Q4 will introduce significant new features for small and medium-sized enterprises (SMEs) to have a holistic solution to manage every device endpoint, regardless of the OS. Those features include:
- Remote Assist: A free-of-charge tool to support your users when they require help.
- Android support: Extending 闯耻尘辫颁濒辞耻诲鈥檚 mobile device management (MDM) to Android for compliance and application distribution.
- Self-service Windows deployments: To streamline user onboarding in support of remote work and time-savings.
- macOS and Linux improvements: More policies, day 0 readiness for macOS Ventura, and support for additional Linux distributions, in response to community feedback.
- Windows BitLocker: Major new investments into BitLocker deployments, with more to come.
- Integrations with leading XDR solutions from CrowdStrike and Sentinel One: Making identity central to IT security in response to new methods of attack on cloud services.
Remote Assist
Users ask for help; with Remote Assist you can now provide a session key that makes it possible to log in and fix their issues directly. 闯耻尘辫颁濒辞耻诲鈥檚 Remote Assist is available at no additional charge and provides an opt-in workflow that operates through the 黑料海角91入口 agent but works independently from it as a web app, simply:
- Copy and paste between devices
- Work in multi-monitor systems
- Turn on audit logging
A silent mode option is coming in 2023 for unattended access over the command line. We鈥檙e seeking feedback about which capabilities matter most to SMEs. Please contact your account manager to share your ideas for our user-driven product roadmap.
Android
黑料海角91入口 will soon offer Android MDM that will include all required core security commands and policies to drive compliance and deploy apps to your devices. Capabilities include:
- Enforce device and work profile security
- Lock, wipe, and reset devices
- Drive device compliance
- Search, organize, and distribute apps
Windows Self-Service Onboarding Cases
黑料海角91入口 is working to provide a Windows Out of Box Experience (OOBE) as another option to stage devices and onboard users. This simplifies how Windows machines are deployed with 黑料海角91入口 using technologies that Microsoft prescribes for MDM-like management of Windows. Traditional onboarding through the 黑料海角91入口 agent will still be possible.
| Onboarding Case | Authentication | Device Enrollment | Post Enrollment |
| Intune with 黑料海角91入口 Authentication (OOBE) | User signs in with 黑料海角91入口 credentials during AAD Join | User sees Intune enrollment screens | JC Agent can be pushed for telemetry by Intune Most policies by Intune |
| 黑料海角91入口 MDM and Authentication (OOBE) | User signs in with 黑料海角91入口 credentials during AAD Join | User sees 黑料海角91入口 enrollment screens | 黑料海角91入口 MDM manages all device configurations |
| Onboarding Case | Authentication | Device Enrollment | Post Enrollment |
| Intune with 黑料海角91入口 Authentication (OOBE) | User signs in with 黑料海角91入口 credentials during AAD Join | User sees Intune enrollment screens | JC Agent can be pushed for telemetry by Intune Most policies by Intune |
| 黑料海角91入口 MDM and Authentication (OOBE) | User signs in with 黑料海角91入口 credentials during AAD Join | User sees 黑料海角91入口 enrollment screens | 黑料海角91入口 MDM manages all device configurations |
Patching
The initial release of 闯耻尘辫颁濒辞耻诲鈥檚 Patch Management focused on macOS, Linux, and Windows policies. Q4 expands the vision of 鈥渟et up once, works everywhere鈥 patch policies to browsers. IT teams benefit from automation and one-click payoffs to manage browser versions across every operating system, and prompt users to update. Chrome will be supported first, followed by Edge, and Firefox browsers. User feedback will determine whether more browsers are added.
Please note that Safari is updated at the OS level by Apple.
macOS 13 Day 0 Support
Mac admins will be able to delay or block system updates to macOS Ventura. IT admins should take special consideration with this release, because unpatched Monterey systems will inadvertently update to Ventura. Apple is working on a fix to address this issue. 黑料海角91入口 works to ensure that you鈥檙e not affected by upgrades when you鈥檙e not ready.
Expanded Policies and OS Support
黑料海角91入口 is deepening what鈥檚 readily possible with Mac and Linux device management. No complex templates needed: just best-of-breed policies that are ready to use, right out of the box. This has been an ongoing effort to provide compliance settings that are easy to configure and deploy.
Even More Linux Distros
黑料海角91入口 is welcoming Fedora 37, Pop!_OS, and Arch Linux to the open directory platform. Please visit our knowledge base for the . 闯耻尘辫颁濒辞耻诲鈥檚 Linux MDM doesn鈥檛 mandate a specific vendor鈥檚 software, such as the Edge browser to operate, and users experience the full benefits of the open directory platform, including IAM.
Windows BitLocker Policy Roadmap
Improved status reporting was introduced last quarter. The capacity to encrypt all local non-removable drives is next, extending encryption beyond the system drive. The result is higher security and increased compliance for devices that have multiple drives.
This diagram illustrates our overall BitLocker roadmap
XDR Ecosystem
XDR confronts the gap between identity and security as attackers have evolved their tactics to the cloud. User credentials are being hijacked in malware-less attacks that aren鈥檛 detected by traditional Endpoint Detection and Response (EDR). That has led to data exfiltration and the loss of IT assurance when criminal syndicates have infiltrated systems, deeply and discretely.
黑料海角91入口 and XDR solutions are better together. Expect more integrations with CrowdStrike, which awarded 黑料海角91入口 its Ecosystem Emerging Partner of the Year award. 黑料海角91入口 is available for easy deployment through the to manage your devices.
Some future integrations are:
- Zero Trust feature integration with CrowdStrike, including shared signals from events
- Falcon Spotlight integration with 黑料海角91入口 patch management for information about CVEs for vulnerability management and potential mitigations
黑料海角91入口 is also working with Sentinel One to integrate with its Singularity XDR system.
Data Services
Device management and IAM doesn鈥檛 provide visibility into the context of what users are doing once they鈥檙e authenticated into systems. That鈥檚 why 黑料海角91入口 already offers , , and pertinent reports such as Users to SSO logins for your applications. Q4 extends that focus to events that matter within your cloud infrastructure itself, starting with AWS.
Users to SSO report
Cloud Insights
Cloud Insights, a tool for observability and monitoring cloud infrastructures, is presently in beta. This makes compliance and data forensics easier for SMEs and helps to enforce least privilege. Support for Google Cloud (GCP) will be introduced next for a multi-cloud strategy.
Its capabilities include:
- Support for multiple AWS accounts to monitor activity across larger organizations
- Easy-to-consume management event feeds with details on user actions
- Events filtering by identity, time, event type, and other attributes
- Classify user access as 黑料海角91入口 managed (via SSO/IAM connector) and unmanaged
- Focus on events that matter; ability to filter person and non-person entity (鈥淣PE鈥) activity with a simple toggle button
- Pay $3/user/month only for cloud users
Helpful New Reports
Two new reports are being introduced in Q4:
- OS patch management status
- Browser patch management status
A total of will be available by year鈥檚 end to collect essential data about your organization’s users for better compliance, control, management, and planning.
Directory Insights Upgrades
Directory Insights has been improved with better event descriptions (no need to look at JSON for basic information) and a search bar for quick access to events. Together, these simplify your responses to audit requests for a specific device or users.
Try 黑料海角91入口
Existing users may contact their account manager for early access to new features. 黑料海角91入口 is always available for up to 10 users or devices with full functionality. We provide complimentary 10-day chat support to help you get the most out of your deployment.
In the meantime, if you need to get going fast and be sure everything is set up correctly the first time, our Professional Services team is available to help.
