Subscribe

Product Updates

June 8 2026 Release Highlights

• Mobile App Hotfix CSE Mobile App v2.3.6 — Service Tunnel stability improvement:

  • Apps were at times displaying an error message about loading services or Service Tunnels after the Service Tunnel was connected, briefly interrupting internet connectivity.
  • Users running v2.3.5 should upgrade to the latest version.
  • On iOS, DNS resolution can still fail and the tunnel state can report inconsistently when switching from cellular to Wi-Fi. See our Known Issues doc for more information.
  • Download:
    • Android
    • iOS

May 26 2026 Release Highlights

Generally Available Features

• Five New Points of Presence — Now Live:

  • CSE's Secure Private Access network has expanded to:
    • Los Angeles, California
    • Council Bluffs, Iowa
    • Ashburn, Virginia
    • Montreal, Canada
    • Stockholm, Sweden
  • Users in these regions get faster application access without routing traffic across the country or overseas.
  • For customers using the SonicWall Firewall Connector, local PoP coverage makes traffic routing significantly more efficient.

• Desktop App New Windows MSI Installer:

  • The CSE Desktop App now ships as a Windows MSI installer, letting IT teams deploy at scale through Intune, SCCM, or Group Policy.
  • Zero-touch staging and built-in MDM context keep endpoints manageable from first install through every future upgrade — no manual intervention or user prompts required.
  • Note: Requires desktop app v4.3.0 or later — earlier versions remain on the EXE installer. The MSI and EXE installers are mutually exclusive, so uninstall one before deploying the other.

May 22 2026 Release Highlights

Generally Available Features

• Desktop App New Install Switch:

  • Both the Zero Touch script and MSI installers now support enabling Service Tunnel at installation.
  • Because Service Tunnel runs over port 443, deployments succeed cleanly in restricted environments such as airports, cruise ships, and ISPs or countries that block WireGuard.

• Desktop App Auto-Renewal for the Desktop App:

  • Device certificates and long-lived tokens now renew silently in the background. Users never see a re-registration prompt, and enrolled devices stay enrolled.
  • Invite code mismatches no longer prompt for re-registration at renewal, allowing admins to rotate the invite key.

Enhancements and Updates

• UI New Points of Presence (PoP) Management Banner:

  • A new banner in the Cloud Command Center points you to the PoP Management feature, where you can configure your org's Points of Presence.
  • No action is required in May, but we encourage you to take a look at which PoPs your org is currently using. Watch for a follow-up banner in June that will share the timeline for cleaning up unused PoPs in August.

Bug Fixes

• Fix Commas used in service names were generating errors in saving hosted web services.
• Fix Desktop App The CSE desktop app was failing authentication when a user took longer than 60 seconds to complete the login flow. The post-redirect response timeout has been extended to 10 minutes (up from 60 seconds); OAuth code exchange, SAML validity, and token lifetimes are unchanged.

April-2026 Release Highlights

Generally Available Features

• Edit Points of Presence (PoP):

  • Admins with orgs created before March 27th 2026 can now edit PoP locations in their org.
  • Legacy PoP assignments are maintained in old orgs (i.e., orgs created before March 27th 2026) until an admin edits their PoP locations, at which point the new maximum is 4.

• New Auto Update Toggle:

  • Admins can now enable silent auto updating of apps in their org.
  • This setting is enabled by default for new orgs and disabled for existing orgs.
  • Note: Desktop app version 4.2.0+ is required for auto update on next restart.

• New Event Hooks for Post-Connection Scripts on macOS devices:

  • Admins can now use events generated by user connection to Service Tunnel as hooks to scripts that can automate various aspects of their workflows on macOS devices, as well as Windows devices.

Early Preview Features

• New Malware Download Protection:

  • Malware Download Protection (File Analysis in the console) adds real-time file inspection for users that have an Internet Threat Protection (ITP) policy applied to their devices.
  • When enabled, downloaded files are analyzed in a sandbox powered by SonicWall Capture ATP before reaching the endpoint and automatically blocked if deemed malicious.
  • Malware Download Protection is disabled by default.

Enhancements and Updates

• New mobile app support for Active Service Tunnels:

  • Active Service Tunnels on mobile devices are now reflected in the total Active Service Tunnels count.

• New Service Tunnel Disconnect Logs:

  • CSE now generates an event for Service Tunnel disconnections, helping admins to track Service Tunnel usage.
  • Disconnect events include user-initiated disconnections and session timeouts.

• Mac Installer Package Versioning (MDM):

  • Mac installer package receipts now reflect the packaged app version.

• Persistent Service Tunnel over TCP Toggle:

  • When enabled, the Enable Service Tunnel over TCP toggle now stays on indefinitely, unless toggled off.

Bug Fixes

• Fix Access Tier was removing quotes from cookies on hosted websites.
• Fix Security policy attachment was lagging, blocking users from accessing resources via Service Tunnels.
• Fix Domain name rules were not allowing users to include dashes in internal domain names.
• Fix Service Tunnel access logs were flooded with duplicate entries.
• Fix Service Tunnel was not reconnecting after login when installed using an MDM script.

March-2026 Release Highlights

Generally Available Features

• Netagent New Points of Presence (PoP) Management:

  • Admins can now select geographic locations in which they want to provision points of presence (PoPs).
  • PoP selection is available for new orgs (created after March 27th, 2026) with SPA licensing.

• Desktop App Event Hooks for Post-Connection Scripts on Windows devices:

  • Admins can now use events generated by user connection to Service Tunnel as hooks to scripts that can automate various aspects of their workflows.
  • Event hooks are only supported on Windows devices with CSE desktop app version 4.10.0 or later.

Enhancements and Updates

• Desktop App New app-generated sessions for multi-user Service Tunnels:

  • Now, when the CSE desktop app detects a user switch, it triggers a new session.

Bug Fixes

• Fix Desktop App Service Tunnel Active Connection was reporting inconsistently.
• Fix UI Users were unable to add an email address with the apostrophe character as part of a Role.

February-2026 Release Highlights

Generally Available Features

• UI Force re-authentication support for SAML:

  • Admins can now use a toggle in the SAML IDP settings to enable force re-authentication.
  • When enabled, users must re-enter credentials (i.e., password and MFA) each time they log into the CSE app or access a federated SaaS app.
  • Hosted Websites will require authentication only once per active session.

Enhancements and Updates

• Desktop App Cloud Secure Edge support for MacOS 26.3.1:

  • The CSE App must be upgraded to v4.0.1 before upgrading to MacOS 26.3.1.

• Desktop App Cloud Secure Edge desktop app re-branding:

  • Code signing certificate is now SonicWall branded
  • App executable names, package names, service names, and directory names are now SonicWall Cloud Secure Edge branded.
  • For Zero Touch installations on desktop app v. 4.0.0 or later, admins should use this desktop app installer for mdm.

Bug Fixes

• Fix Desktop App Application Check Trust Factor not updating in real time.
• Fix Netagent A 3rd-party vulnerability scanner was producing false positives.

January-2026 Release Highlights

Early Preview Features

• Netagent New CORS toggle:

  • Admins can now enable a CORS toggle to secure authorization requests on hosted websites.

Generally Available Features

• UI New Firewalls tab:

  • Admins can now view a comprehensive list of Gen7+ firewalls inside the CSE Command Center.
  • The firewalls displayed can be used to configure the CSE Connector.

• UI Gemini Log Summarizer:

  • Admins can now view an AI summary of logs and events in the CSE Command Center.

Bug Fixes

• Fix Desktop App Auto-Update Trust Factor was failing.
• Fix Desktop App Multiple PowerShells were running indefinitely.
• Fix Desktop App After zero-touch deployments, tunnels were not auto-connecting.
• Fix Netagent Service Tunnel performance improved.
• Fix UI Entra ID Auto-Config was generating the incorrect redirect URL for orgs on net.

December-2025 Release Highlights

Generally Available Features

• UI New Internet Access Logging:

  • Admins can now view Internet Access Logs, which detail users' access activity, including blocked access attempts and the reason for the block.
  • Internet Access Log entries include a downloadable CSV file that admins can use for compliance and incident response.

• ITP New AI & ML Category in Internet Threat Protection Policies:

  • Admins can now block internet content categorized as Artificial Intelligence (AI) and Machine Learning (ML) (i.e., AI & ML) in Internet Threat Protection policies.

• UI New Proof of Value Reporting:

  • SIA and SPA orgs now display high-level reports to provide a visual overview of protected devices, licensed users, web activity (threat/compliance/allowed), and device Trust Level in an org.

Enhancements and Updates

• UI New maximum for Admin token session (i.e., every 12 hours).

Bug Fixes

• Fix Connector LDAP configuration was disappearing when the Connector was disconnected.
• Fix Netagent Duplicate entries within the service_tunnel_accesseslog.

November-2025 Release Highlights

Generally Available Features

• UI New Entra ID API Auto-Configuration:

  • Admins can now set up API auto-configuration with Entra ID, instead of manually configuring Entra ID as an IdP in Cloud Secure Edge.

• Desktop App New ARM Architecture support on CSE desktop app:

  • Desktop app now supports ARM architecture on macOS and Windows devices.

Enhancements and Updates

• UI Improved the UI experience for device root certificate and reporting token expiry.

• ITP Explicit URL Blocking is now available.

Bug Fixes

• Fix UI User report in admin console was only displaying registered users.
• Fix Desktop App Service Tunnel was failing to connect over TCP.
• Fix Desktop App Firewall Trust Factor erroneously reporting a Low Trust Level.
• Fix Desktop App Mandarin characters were displayed in the app after upgrading to v3.26.0.
• Fix Desktop App Service Tunnel exclude public domains function was not working on Windows devices.
• Fix Mobile App Android Auto was not working when users were connected to CSE.

September-2025 Release Highlights

Generally Available Features

• Netagent New HTTP-2 Transport Toggle:

  • Admins can now enable HTTP-2 Transport so that users connecting to resources can do so via the HTTP-2 protocol.
  • HTTP-2 allows for multiplexing, efficient throughput, and simultaneous connections to a backend service from a single browser.
  • Admins must enable this setting, since it is not enabled by default.

Enhancements and Updates

• Connector Windows C++ Redistributable is now packaged with the Windows Connector installer.

Bug Fixes

• Fix API SCIM was returning invalid responses in 3rd-party IDPs.
• Fix Netagent Hosted website sub-URL redirect was not working.
• Fix Netagent Global Edge Access Tiers were being terminated, which impacted access to internal services via the Service Tunnel.
• Fix Desktop App Shared access on ethernet adaptors was not starting automatically.

August-2025 Release Highlights

Generally Available Features

• Connector New Active Directory Support using LDAP:

  • Admins can now set up Active Directory authentication in CSE.

July-2025 Release Highlights

Generally Available Features

• UI New Onboarding Guided Setup:

  • A new guided setup is available in the Command Center for admins who want to set up remote access (i.e., a Service Tunnel) in their org.
  • The guided flow is available to users in Global Edge orgs with Secure Private Access (SPA) licenses.
  • Only available for MySonicWall provisioned orgs.

Enhancements and Updates

• Netagent Service Tunnel over TCP (on port 443) is now available for Global Edge orgs.
• ITP Improved ITP robustness including enhanced backoff logic for stale connections, enhanced retry for new connections, and better captive portal detection and handling for users on restricted networks.
• ITP Private domains can now be added as domain exceptions in Internet Threat Protection (ITP) policies.

Bug Fixes

• Fix Netagent Chunk encoding was not handled properly.
• Fix Netagent Multiple users receiving low Trust Levels due to caching issues.
• Fix Desktop App CSE app couldn’t identify devices via Serial Number.
• Fix Desktop App Symlinks for login were returning device trust verification errors on select versions of Windows devices.
• Fix Connector Resource IP was not translating correctly on Windows Connector when there were more than 50 IPs.
• Fix Desktop App Select Trust Factors were failing on app first startup until refreshed.

June-2025 Release Highlights

Generally Available Features

• ITP New Geo-Blocking Toggle:

  • Admins can now block access to IP ranges associated with specific countries.
  • This feature is available for customers with an SIA Advanced license.

Enhancements and Updates

• Netagent Registered domains can now route to multiple points of presence (PoP) on the Global Edge Network, improving network performance and reliability.

• Netagent Trustscoring has been hardened so that device Trust Levels cannot be altered, improving device security.

• Connector New Windows Connector support for public IPs; until certified with Microsoft, there is a limit of 49 public IPs.

Bug Fixes

• Fix UI User roles were not updating after changes were made.
• Fix Admins were unable to delete end users from Command Center in certain cases.
• Fix Services without a policy were accessible.

May-2025 Release Highlights

Early Preview Features

• New Risk-based URL Filtering:

  • Admins can now enable risk-based URL filtering to inspect and determine threats associated with host URLs; if threats are detected, end user access will be blocked.
  • Admins can configure URL filtering within Internet Threat Protection (ITP) settings in CSE.
  • This preview feature is available for customers with an SIA Advanced license.

Enhancements and Updates

• New Service Tunnel logging of connections and disconnections to Service Tunnels; These logging messages can be found under the Access event type.

• Use Geolocation is now enabled by default in Advanced Settings, for more convenient use of the Geolocation Trust Factor.

• Service Tunnel Connect on Login is now enabled by default.

• Real-time Trust Factor assessments have been enhanced and now include local checks on the CSE app every minute as well as cloud syncing of any changes within this interval.

Bug Fixes

• Fix Service Tunnel was delaying disconnecting and connecting due to excessive DNS cache entries.
• Fix Advanced Settings were resetting to default when modifying configurations.
• Fix Events page in the Command Center was not loading.
• Fix Trust Profile changes were not appearing in system logs.
• Fix Events were not generated when user Trust Level was Low.

April-2025 Release Highlights

Generally Available Features

• New Zero Touch Deployment tab for ITP:

  • Admins can now enable role-based Zero-Touch deployments for Chromebooks using Internet Threat Protection (ITP), providing more granular control over different business units.

Enhancements and Updates

• New Enable Auto Login:

  • A new toggle on the CSE app allows admins to set the app to automatically re-authenticate user sessions on app start up.
  • This toggle is not enabled by default; it must be enabled by the admin in order to work.
  • Available on macOS and Windows devices.

Bug Fixes

• Fix After users re-authenticate in the CSE app, infra services were occasionally binding to random ports even when the specified listening port was available.

• Hotfix With ITP enabled, Service Tunnel was delaying connecting and disconnecting to configured domains.

March-2025 Release Highlights

Generally Available Features

• Extended Network Access for Connectors:

  • Admins can now configure Connectors so that they route to public IP addresses.
  • The new Public IPs & Increased Connector Limit toggle is available on latest versions of Linux Connectors and Virtual Appliance Connectors.

• New Lookup Domain Policy Verdict:

  • The Lookup Domain functionality now displays the Content Category, the Threat Classification, and the Policy Verdict associated with the searched domain. The Policy Verdict indicates whether the searched domain is blocked or allowed in the Internet Threat Protection (ITP) policy.

• Enable Service Tunnel over TCP:

  • This new desktop app toggle can be applied by end users temporarily on a restrictive public network that blocks regularly used ports and protocols (e.g., UDP is blocked).
  • This toggle currently only applies to users in a Private Edge org.

• Enable Continuous Ping:

  • End users that are experiencing issues with Service Tunnel going down and not restarting in a timely manner can now toggle on Enable Continuous Ping in CSE app settings.
  • This new toggle keeps sessions alive and prevents the connection from dropping, in odd scenarios when the network connection keeps failing.

Enhancements and Updates

• Block Domains <30 Days Old:

  • Internet Threat Protection (ITP) now automatically blocks domains created less than 30 days ago, protecting users from emerging threats.

Bug Fixes

• Fix Zero-touch script link was broken.

• Fix Users with non-admin privileges were unable to clear the Windows defender notifications after Intune pushes.

February-2025 Release Highlights

Generally Available Features

• New Zero Touch Deployment Tab for ITP on Managed Chromebooks:

  • Admins can configure zero touch deployment for Internet Threat Protection on managed Chromebooks.

• Improved RDP file download option:

  • End users can now trigger the download of an RDP file, removing the need to interact with the RDP pop-up download prompt.

Bug Fixes

Fix Admin service was not starting after device reboot.

Fix Bug messages were sent when end users were upgrading app versions.

Fix After device restart, end users were receiving a notification requesting admin password entry.

January-2025 Release Highlights

Generally Available Features

• Enhanced Internet Threat Protection Policies:

  • New Automatically blocked threat types, including Bots/Cryptomining, Malware/Ransomware, Phishing, Spam/Ad Fraud /Spyware, and more.
  • Support for managed Chromebooks.

Bug Fixes

Fix Entra ID first-time setup now pre-selects the Metadata URL option, instead of admins having to manually select this option.

November-2024 Release Highlights

Generally Available Features

• Enhanced IDP Device Registration:

  • New Metadata URL automatic configuration option for Device Registration in Entra ID
  • CSE IDP Device Registration config is automatically deleted when admins switch to a new IDP

Enhancements

• Connector and Access Tier Download links for all install methods updated to “Latest” endpoints in the Cloud Secure Edge Command Center.

• Terraform enhancements: Access policy configuration enhancements, bug fixes, new resource descriptions via API, and new registered domains functionality.

Bug Fixes

• Fix End users running desktop app versions 3.21+ were unable to log in while connected to the Oracle VPN.

October-2024 Release Highlights

Generally Available Features

• New Open Virtual Appliance Install available for the Connector:

  • Admins can now install the CSE Connector on a virtual image using one of various VMware deployment tools (e.g., ESXi, VSphere, VMware Fusion).

• Support for macOS Sequoia:

  • Desktop app registration now automatically installs certificates on devices using macOS Sequoia.

Enhancements

• Upgraded Docker and Ubuntu packages to reduce known vulnerabilities during Access Tier installation.

• Read Only admins can now view System Logs (with sensitive information redacted).

Bug Fixes

• Fix IDP configurations for user authentication were not functioning for admins that were previously using the CSE IDP for device registration.

• Fix Admins were unable to add or edit the Registry Check trust factor.

• Fix Tunnel access policies were not editable when CIDR entries were empty.

• Fix MASQUERADE rule was only being used for the default user interface.

• Fix In Access Tier versions greater than 2.4.2, using a hosted website with two services using the same frontend domain but different dns_names caused the browser name resolution to fail.

September-2024 Release Highlights

Generally Available Features

• Simplified Entra ID config for end user authentication:

  • Admins can now use the metadata URL to automatically configure Entra ID (using SAML) as an IDP for end users.
  • The metadata URL updates daily, so any changes made in CSE are transferred to the IDP.
  • Admins can now upload the certificate if manually configuring Entra ID using SAML.

• New Filter for Unauthorized Access Attempts via Service Tunnels:

  • Admins can now view end users’ unauthorized access attempts via a Tunnel Policy.
  • Admins can also filter access attempts by Service Tunnel.

Enhancements

• User Attributes are now Collected by CSE Services:

  • Used for infrastructure services and hosted websites; admins can create one service and use the user attribute as a variable to set up user-specific host domains.

Bug Fixes

Fix Remove API key after Access Tier install package.

Fix New hosted web services erroring out due to certificate issues.

August-2024 Release Highlights

Generally Available Features

• New Cloud Secure Edge License Management:

  • Admins can now grant and revoke user licenses as part of the new Cloud Secure Edge licensing model, which includes SIA (Secure Internet Access) and SPA (Secure Private Access licensing.

• Support for a Windows-based Connector:

  • The Cloud Secure Edge now supports Windows-based Connectors, installable via the Windows executable.
  • Supported on Windows version 2022.

• Enhanced Connector Install and Details page:

  • Simplified UI flow for Connector install via all methods.

• Enhanced Service Tunnel Policy:

  • Service Tunnel policies have been adapted to reflect a firewall style in the UI, to promote ease of use.

Enhancements

• ReadOnly admins can now view everything with sensitive details redacted.

Bug Fixes

Fix Connector status reporting was showing the incorrect status colour.

Fix Custom remediation messaging was not being shown in Linux.

Fix Read only admins were unable to view Access Tier details.

Fix Identity Providers were prompting authentication twice in certain scenarios.

Hotfix Internet connectivity issues encountered when devices were waking from sleep.

July-2024 Release Highlights

Generally Available Features

• New Cloud Secure Edge Licensing:

  • Secure Private Access licenses are now available for customers seeking a VPNaaS or a ZTNA platform.
  • Secure Internet Access licenses are now available for customers seeking compliance or security focused web filtering.

• Name Resolution Policy Table (NRPT) Setting for Windows devices:

  • Name Resolution Policy Table (NRPT) rules tell end users’ (Windows) devices where to send traffic.
  • We recommend that admins enable this setting when the Cisco Umbrella Roaming Client is installed on end users’ devices.

Bug Fixes

Fix Serial number casing changed, which made the app unable to recognize registered devices.

Fix The app was facing technical issues calculating Trust Level directly after a device awakened from sleep.

June-2024 Release Highlights

Generally Available Features

• Event Geolocation Setting:

  • Event Geolocation is now an org-level setting available for admins to configure in the Command Center.
  • This setting allows admins to collect end users’ geolocation data for Event logs, if necessary for their company’s privacy standards or security practices.

• New Geolocation Trust Factor:

  • The Device Geolocation Trust Factor assesses whether devices are in admin-blocked countries.
  • Admins can use this Trust Factor if your org has specific legal, compliance, or expected use requirements that mandate user access be blocked in specific countries.

May-2024 Release Highlights

Generally Available Features

• Define File Properties for RDP Services:

  • Admins can now define additional aspects of RDP service usage by adding file properties to the service configuration.

• Trusted Network Detection:

  • Admins can configure Trusted Networks for end users in their org.
  • A Trusted Network can be configured to automatically disconnect end users from Service Tunnels when Trusted Networks are available.

Enhancements & Updates

• Enhanced Event Chart UI for Troubleshooting:

  • Collapsible UI to enhance visibility for troubleshooting purposes.

• Hotfix Search Domains: Domain names and FQDNs are now case insensitive.

Bug Fixes

Fix Service Tunnels with certain configurations were not appearing in the Service Tunnels list.

April-2024 Release Highlights

Generally Available Features

• Hotfix Search Domains:

  • Admins can now configure search domains so that end users can use a short-hand search (i.e., a hostname) to navigate to an FQDN, enabling easier use of file sharing.
  • Admins can set search domains in order of priority; users are navigated to top priority search domains first. (Last updated April 18th, 2024)

• New Service Tunnel UI:

  • Service Tunnel features a new long-form configuration.
  • Global and Private Edge routing is now configurable via one Service Tunnel.

• Connect on Login:

  • End users can auto-connect to admin-configured Service Tunnels upon app login.
  • Admins can prevent users in their org from changing the auto-connected Service Tunnel.

• System for Cross-Domain Identity Management (SCIM):

  • SCIM can tell the Command Center which users exist at any given time, keeping the list of created and deleted users up-to-date.

Early Preview Features

• Connector Open Virtual Appliance (OVA) Install:

  • An OVA file is available within a Linux-based operating system, with the Connector pre-installed.
  • Admins can run the Connector for their end users via a simple configuration.

• Geolocation Visibility Events:

  • End user location logs are now available in Events log.
  • Access Event Logs can contain geolocation data including city, country, latitude, and longitude.
  • This event is enabled via an API; Work with CSE to enable it.

Enhancements & Updates

• Global Edge Troubleshooting:

  • When a device is connected to a Service Tunnel, the Device Details page (in the Command Center) will indicate which point of presence (POP) the device is connected to (under the Device Information tab).

Bug Fixes

Hotfix Admins were unable to create a Service Tunnel for public traffic only without selecting a Connector. (Last updated April 19th, 2024)

March-2024 Release Highlights

Early Preview Features

• Internet Access Enable URL Filtering:

  • Admins can now inspect host URLs within domains that are not considered a threat.
  • Admins can configure URL filtering within ITP settings using a PAC file that contains URL inspection rules.

• Event Charting:

  • Admins can now view trends related to user access and service usage within CSE.
  • Event charting provides a visualization of events within the Command Center.

Enhancements & Updates

• Internet Access Active Roles in Internet Threat Protection (ITP) Policies:

  • Roles used in ITP policies now show as Active.

• Terraform Exemptions:

  • Terraform now supports exemptions within service configurations.

Bug Fixes

• Fix Private domain names were not working as expected in L4 policies in Global Edge deployments.

February-2024 Release Highlights

Early Preview Features

• Internet Access Create a Custom Public App:

  • Admins can now define public apps that CSE has not already pre-populated in the App Discovery list in the Command Center.
  • This new feature allows admins to easily surface, secure, and monitor apps that are critical to their business.

• Support for Oracle Linux in the OS Version Trust Factor:

  • CSE now supports Oracle Linux 8 and 9 as values in the OS Version Trust Factor.

Enhancements & Updates

• Simplified Silent Cert Authentication:

  • Silent cert authentication now works directly through the API in orgs that have the silent cert auth flow configured; Admins no longer need to maintain the mdm-config file in order for this flow to work.

Bug Fixes

• Fix Authentication issues for devices with ITP enabled in orgs that use JAMF mdm (macOS devices only).

January-2024 Release Highlights

Generally Available Features

• New Cloud Command Center User Interface (UI) Re-design:

  • CSE’s Command Center UI has been re-designed for improved usability.
  • New navigation categories include Private Access, Internet Access, and Trust.

• New Enable Private Resource Discovery:

  • Admins can enable private resource discovery in the Advanced Settings of their Access Tier configuration.
  • Once enabled, private resources will be displayed in the Discovery section of the Command Center.

• New Encrypting DNS via DoT:

  • With CSE app versions 3.14+, devices’ DNS requests are resolved over TLS by default; these requests are encrypted.

• New Auto re-enablement of ITP:

  • Now, when an end user disables ITP enforcement from the desktop app, ITP is automatically re-enabled after 1 hour.

Early Preview Features

• New Silent Cert Authentication for User Sessions:

  • Admins can now configure silent certificate user authentication for Mac and Linux devices.
  • With this configuration, users will no longer need to manually accept a certificate prompt each time they authenticate.
  • This configuration works for any IDP that supports OIDC or SAML.

Enhancements & Updates

• Improved Netagent performance by lowering overall CPU usage.

Bug Fixes

• Fix CSE app was still using previously configured (outdated) remediation links.

• Fix Zero touch install script (deployed through Kandji) was failing to execute and timing out.

• Fix App login sessions were not refreshing when users selected the Re-Login button.

• Fix AI-assisted admin search was indefinitely loading.

Release Notes From Previous Years

Release Notes Archive - 2023

Release Notes Archive - 2022

Release Notes Archive - 2021

Release Notes Archive - 2020

Release Notes Archive - 2019

December-2023 Release Highlights

Early Preview Features

• New Managed Service Provider (MSP) console:

  • New console for MSP admins to manage their customer orgs as well as admins to their customer orgs.

Enhancements & Updates

• New Kubernetes config file now updates by default:

  • By default, CSE’s desktop app updates (instead of regenerates) the kube config file when end users connect to a Kubernetes service, retaining previous configuration used by kubectl.

Bug Fixes

• Fix Connection test was failing for hosted web services with capitalized Access Tier names.

• Fix Okta group name was preventing services from publishing to end users.

November-2023 Release Highlights

Generally Available Features

• New App-based routing for Service Tunnel:

  • Admins can now configure specific apps to tunnel through or block from their Service Tunnels.

Early Preview Features

• New Security Actions for Public Apps:

  • Discovered public apps now offer guidance on Security Actions admins can take; Security Actions are specific to the app.
  • Security Actions include guidance on configuring ITP policies, DLP policies, CSE IDP federation, and routing via Service Tunnel.

• New AI-Assisted Admin Search:

  • Admins can now use CSE’s AI-assisted admin search in the Command Center to perform quick searches related to the CSE product.
  • This feature leverages a large-language model (LLM) trained to CSE’s documentation and website.

Enhancements & Updates

• New Let's Encrypt Wildcard Support:

  • Admins can now protect multiple hosted websites with a single wildcard Let’s Encrypt certificate, procured and managed by CSE.

• New Terraform Import Tool:

  • A command-line utility that allows admins to import existing resources from the CSE API and generate Terraform configuration files for managing those resources.
  • This tool simplifies the process of managing CSE resources through Terraform, making it easier for admins to automate infrastructure setup.

Bug Fixes

• Fix (Discover Public Resources) Accessing the same FQDN resource using a second Service Tunnel was not updating the tunnel information on the list page or in the "Last Reported" status.

• Fix The admin-server did not have access to the http proxy on the user context for the desktop app. The app now supports HTTP proxy setting consistently across app components (including the admin server).

• Fix dns-names was failing to update when the user changed the URL or cloned a service; now, if dns-names matches the spec, it will update accordingly.

October-2023 Release Highlights

Generally Available Features

• Private Resource discovery:

  • Admins can now view a comprehensive list of private resources (including domain name, IP address, and port) accessed via Service Tunnel by users in their orgs.

• Zero Touch install for Chrome Browser Extension:

  • CSE now supports zero touch installation for the new Chrome Browser extension.

Enhancements & Updates

• Refreshed TrustScoring on reawakening devices:

  • Trust Levels are now refreshed when devices reawaken from sleep.
  • Trust factors are sent as soon as the device reawakens.

September-2023 Release Highlights

Early Preview Features

• Chrome Version Trust Factor (for CSE Chrome Extension):

  • CSE’s Chrome Version Trust Factor is designed to help admins keep their end users’ devices on the latest Chrome browser versions, to reduce security risk and protect resources.
  • This Trust Factor assesses whether the device's Chrome version is equal to the admin-configured version.

Enhancements & Updates

• Trust Scoring and Internet Threat Protection (ITP) without the desktop app running:

  • CSE’s Trust Scoring and ITP policies now work without requiring end users to run their desktop apps.

• Authorized Connection events were removed from hosted web services in Netagent.

• Support for non-standard websockets (like socket.io), enabled through a new API option:

  • Set enable_websocket_duplex to true via Access Tier's local config API call (PUT).

Bug Fixes

• [Resolved] End users were receiving a 'Could not fetch devices' error when switching networks on the desktop app.
• [Resolved] Access Tiers were collecting stale certificates from outdated services.
• [Resolved] Admins were unable to view or access select policies.
• [Resolved] Command Center does not show API key (mdm_config) after using patch API (/v2/orgs/{id}/mdm_config) to update fields.

August-2023 Release Highlights

Generally Available Features

• Netagent Health Check:

  • New health check endpoint that provides a real time indicator for the status for the Netagent and preliminary stats that can be used to evaluate performance.

Enhancements & Updates

• Session Expiration Timer

  • Renew your session early to avoid losing work due to expiration.

• Added Trust Factor information in Log Events

  • View passed and failed trust factors in each Trust scoring log event

July-2023 Release Highlights

Generally Available Features

• Service Tunnel Active Connections:

  • Admins can view how many users are actively connected to a given Service Tunnel via the Command Center. Device details, including OS, Trust Level, associated Trust Profiles, and Last Login, are easily viewable.

• Internet Threat Protection - Exclude Users:

  • Admins can now exclude users from all ITP policies by applying specific roles to the default Excluded Devices policy.

Early Preview Features

• Clientless Chrome Browser Extension:

  • The CSE Chrome Extension is a lightweight browser extension that offers users access to internal websites and provides Device Trust Verification (DTV).

Bug Fixes

• [Resolved] Enabling ITP was misrouting DNS in Ubuntu.
• [Resolved] Error when attempting to pull user details in the Command Center.
• [Resolved] The WireGuard config file was rendered unreadable due to a recurring error.

June-2023 Releases

2023-06-14 Release Highlights

Generally Available Features

• New Trust Factor: Enhanced OS Version

  • OS Versions can now be configured by the “Last x version(s)”. This frees admins from having to update the Trust Factor configuration with every new OS version release. Previously, admins had to configure and continually update specific OS version numbers.

• New Trust Factor: CrowdStrike Registered With

  • The Registered With factor validates that the device at hand is registered with the CrowdStrike environment. Registered With is derived from a CrowdStrike API endpoint.

• Branding Customization

  • Admins can now use customized branding for any CSE browser error and success pages with their organization’s own logo and brand colors.

Enhancements and Updates

• Event Log Viewer for Service Tunnel Activity:

  • Admins can now find Service Tunnel activity under the Service filter in the Event Log Viewer in the Command Center.

• Lookup Domain:

  • Admins can use the Lookup Domain to view which Content Category or Threat Category a given domain falls under.

• Service Tunnel Access Logs - blocked access attempts:

  • Admins can view blocked Service Tunnel access attempts (traffic rejected by CSE L4 Policies). These can be viewed on the Access Tier.

• DNS filter in Captive Portal environments:

  • The CSE client will use the host DNS server for any DNS requests until captive portal authentication is complete and internet access is available.
  • The CSE client will periodically probe for well-known URLs to detect internet access. On detecting reachability to those URLs, it will start forwarding DNS requests to the DNS filter server for DNS filtering.

Bug Fixes

• [Resolved] Edit Access Tier parameters was removing Service Tunnel logging parameter (i.e., EnableServiceTunnelLog).

May-2023 Releases

2023-05-25 Release Highlights

Generally Available Features

• Mobile Tunnel:

  • CSE’s mobile app now allows end users to connect to Service Tunnels in addition to hosted websites.

• Enhanced Roles UI:

  • Simplified UI flow for creating a Role in the CSE Cloud Command Center.
  • Roles can be configured based on Users, Devices, or Service Accounts.
  • Roles now support adding serial numbers.

Enhancements and Updates

• Internet Threat Protection – Policy Sync Status:

  • CSE’s sync status indicates whether the ITP policies page in the Command Center is up-to-date or syncing is in progress.
  • If a sync is in progress, then an ETA will also be available, so that admins can expect when ITP policy updates will be reflected in the console.

Bug Fixes

• [Resolved] Launching the desktop app (from the Windows start menu) when the app was already running was causing the tunnel to disconnect.

April-2023 Releases

2023-04-12 Release Highlights

Generally Available Features

• Self-Service Hosted Websites:

  • Simplified UI flow for registering a hosted website in CSE.
  • Domains can be registered directly within the hosted web service registration flow.

• Service Tunnel - Exclude CIDRs:

  • Admins can now configure the exclusion of CIDRs during Service Tunnel registration.

Enhancements and Updates

• StatsD support for monitoring Service Tunnels:

  • Admins can now monitor the number of active clients, Tx rate, and Rx rate per Service Tunnel.

Bug Fixes

• [Resolved] CSE app has migrated commands to PowerShell; the app no longer uses wmic commands.
• [Resolved] "User not found" error when adding a new local user in the console.

March-2023 Releases

2023-03-08 Release Highlights

Generally Available Features

• Domain-Based Tunnel Policies:

  • Admins can now use Service Tunnel policies to define which fully-qualified domain names (FQDN) users can access.
  • This offers an alternative to defining access by IPs or CIDR ranges, which dynamically change.

• New Registry Key Check Trust Factor:

  • Admins can use this new Trust Factor to establish a list of keys with corresponding values required on devices in their organization.
  • This Trust Factor supports Windows devices only.

• Admin-Enabled Autorun:

  • Admins can now enable Autorun in Service Tunnel and infrastructure service specifications during service registration in the Cloud Command Center.
  • If enabled, end users no longer need to manually enable Autorun from their desktop app.

Early Preview Features

• Internet Threat Protection (DNS Filtering) Policies:

  • Admins can now create Internet Threat Protection (ITP) Policies.
  • These policies are designed to protect devices from accessing domains outside of acceptable use policies.

Enhancements and Updates

• Time-Based One Time Passcode for Local Admins:

  • A new Time-based One Time Passcode (TOTP) setting has been added to Admin Sign-on Settings (i.e., Enable TOTP). Please contact CSE to enable this feature.
  • If enabled, all local admins that log into the Cloud Command Center will be required to set up and validate with TOTP.

February-2023 Releases

2023-02-08 Release Highlights

Generally Available Features

• New Get Started guide in CSE’s Command Center:

  • CSE’s Command Center now offers a Get Started section, which contains guides related to onboarding and helps admins discover and enable new CSE functionalities in their orgs.

• Self-Service Connector Installation flow:

  • CSE is introducing a new guided Connector installation flow in the Command Center.
  • Connector installation can now be completed almost entirely through the Command Center UI, similar to our simplified Access Tier installation.

Enhancements and Updates

• Service Tunnel Access Logs:

  • CSE can now collect all traffic events from end users through Service Tunnels, providing comprehensive logging.

January-2023 Releases

2023-01-11 Release Highlights

Generally Available Features

• New Trust Factor – Property List Check:

  • Property List Check evaluates whether property list (plist) files’ keys match their defined values (on macOS devices).

Enhancements and Updates

• Refreshed Devices Page:

  • Updated UI and enhanced performance.

• Terraform Provider v1.1:

  • Now supports importing existing CSE services, roles, and policies.

Bug Fixes

• [Resolved] Private domains (ipv6) were not resolving over Service Tunnel.

December-2022 Releases

2022-12-21 Release Highlights

Enhancements and Updates

• Support for ChromeOS on mobile app:

  • CSE now supports ChromeOS on v2.1.3 of the Android mobile app.

• In v3.6.1 of CSE’s desktop app, the WireGuard Service only listens on Port 53 (default port) when Service Tunnel for public domains is enabled.

Bug Fixes

• [Resolved] Trust Level was not being calculated when devices were first registering to the CSE app.

• [Resolved] The Let’s Encrypt certificate chain for hosted websites did not include an intermediate certificate.

• [Resolved] iPadOS and Ubuntu were not adhering to the OS Version Trust Factor.

2022-12-14 Release Highlights

Generally Available Features

• Service Tunnel for Public Domains:

  • Service Tunnels can route public traffic through Access Tiers deployed in orgs.
  • Routing public traffic through Service Tunnels also provides continuous authorization for SaaS services throughout the duration of users’ sessions, taking security beyond a one-time login authorization and authentication step.

• Remote Diagnostics:

  • Admins can now run diagnostics on registered devices from CSE’s Cloud Command Center (instead of requesting logs from end users).
  • Admins can download the logs from the Command Center to troubleshoot devices.

• New Trust Factor - CSE App Version:

  • CSE App Version allows admins to validate whether devices are running a minimum version of the CSE app.

• New Trust Factor - File Check:

  • File Check allows admins to verify that a specific file is present on the device.

New Early Preview Features

• Service Tunnel Discovery:

  • Service Tunnels can now provide an inventory of accessed resources based on DNS/IP and port.
  • These records show which users have accessed which resources, providing admins with deeper insight into user access activity.

Enhancements and Updates

• Internationalization of CSE Trust Factors:

  • CSE’s desktop app is now fully supported on international devices

• Terraform Provider v1.0.0:

  • Now supports deployment of Service Tunnels (in addition to Services, Roles, and Policies)

• Removed Support URL from Remediation tab:

  • To simplify remediation configurations CSE has removed the support URL and now allows admins to add URLs directly to the remediation text

• Support for ARM architecture in Connector install

November-2022 Releases

2022-11-09 Release Highlights

Generally Available Features

• Trust Profiles:

  • CSE is introducing Trust Profiles, which apply admin-defined Trust Factors to a specific subset of devices in an org.
  • Trust Factors can be applied to specific groups of devices (based on device serial number, OS, device ownership type, and user group), offering admins granular control over devices’ security posture.

• Access Tier Version 2 - Simplified Installation and Management:

  • CSE is introducing a new guided Access Tier installation flow in the Cloud Command Center.
  • Most of the installation process can now be completed directly through the Command Center’s UI.

• Custom Help Messaging for End Users:

  • Admins can now create custom support messaging for end users from the Command Center, helping guide end users through authentication and authorization errors.

Enhancements and Updates

• Enhanced WireGuard performance (bandwidth and speed) for Windows devices.

• The desktop app registration process is now language-agnostic (we now support registration for non-English devices).

Bug Fixes

• The Firewall Trust Factor now supports group policy firewall settings for Windows devices on the desktop app.

October-2022 Releases

2022-10-13 Release Highlights

There are upcoming Trust Scoring changes in our October 2022 release. CSE will provide more details related to the migration as we get closer to the date.

Generally Available Features

• Granular Trust Scoring:

  • Instead of a numerical Trust Score (out of 100), devices will now receive a Trust Level (e.g., Always Deny, Low, Medium, or High) as a result of the Trust Scoring calculation.
  • Admins will be able to designate the specific Effect that a Trust Factor has on a device’s Trust Level, providing admins fine-grained control over devices' security posture.
  • In the Command Center, the Device Scoring page has been renamed to Trust Factors.

• The Trust Level Expiration setting has been relocated to the Trust Score Settings page.

• App Support:

  • In the Command Center, a new section called App Support allows admins to enter custom help messaging and support links for end users, so that end users can self-remediate technical issues.
  • This custom help messaging appears when end users click the new Help button on the desktop app.
  • If no custom message is set, the Help button sends end users to Health Check.

September-2022 Releases

2022-09-14 Release Highlights

New Early Preview Features

• Trust Integration with SentinelOne:

  • Two new trust factors from SentinelOne (i.e., Registered With and Not Active Threat) are now available within device scoring.
  • For more information on the SentinelOne integration, see documentation.

Generally Available Features

• Desktop app v3.3.0:

  • Service Tunnel Quick Connect: The CSE desktop app icon (in the menu bar or system tray) now features a drop-down menu that allows users to:
    • Log in or out of the desktop app,
    • Jump to settings,
    • Quick connect to (or disconnect from) Service Tunnel, or
    • Quit the CSE app.

  • App log files send to CSE Support: If end users encounter issues, they can directly send logs to CSE support via a new button in the desktop app, called Send Log Files to CSE Support, to expedite the troubleshooting process.

• App Session Expiry Icon: The CSE app icon (in the menu bar or system tray) now signals when a user's 24 hour session has expired.
  • On macOS: Indicated by an ‘!’ on the CSE app icon
    
  • On Windows and Ubuntu: Indicated by a red-coloured CSE app icon

August-2022 Releases

2022-08-25 Release Highlights

Enhancements and Updates

• Performance and stability improvements

July-2022 Releases

2022-07-28 Release Highlights

Generally Available Features

• Trust Integration with CrowdStrike:

  • Zero Trust Assessment Score (ZTA Score) from CrowdStrike is now available within Device Scoring.

Enhancements and Updates

• Service Tunnel enhancements:

  • Desktop app users will now see an error if validation fails while attempting to connect.

  • the Run Diagnostic Tool now collects logs related to Service Tunnel.

• The Support link has been removed from the desktop app.

Bug fixes

• [Resolved] Auto-Update TrustScore factor was showing as disabled when JAMF config profile was used.

• [Resolved] Device registration was failing for Mac users if the device hostname was missing.

• [Resolved] Netagent logs were not being collected through Netagent Support Bundle

• [Resolved] Websocket connections were not being closed in certain conditions.

2022-07-21 Release Highlights

Enhancements and Updates

• Performance and stability improvements

2022-07-14 Release Highlights

Enhancements and Updates

• Use multiple Access Tier instances with the same hostname:

  • Multiple Netagent instances with the same hostname are now able to run at the same time.

2022-07-07 Release Highlights

Enhancements and Updates

• Access Activity tab for Service Tunnel:

  • The Access Activity tab indicates which authorized users and devices recently accessed the Service Tunnel.

Bug Fixes

• [Resolved] CSE’s Private DNS resolution was case-sensitive; DNS resolution is no longer case-sensitive.

• [Resolved] Enhanced DNS routing was not resolving correctly for Windows.

June-2022 Releases

2022-06-30 Release Highlights

Generally Available Features

• Desktop app v3.1.0:

  • Enhanced support for Zero Touch Installation with v3.1.0.
  • Known Issue: For Passwordless Authentication, CSE is unable to silently swap the certificate with no UPN information specified to a certificate with the user’s UPN, derived from the first authentication flow when accessing a service. This will be resolved in an upcoming release of the CSE app.

Enhancements and Updates

• In Infrastructure service specifications, Backend Allowed Hostnames (under Client specifies using HTTP Connect mode) now allows users to enter regular expressions as Hostnames (example below).

Bug Fixes

• [Resolved] Updating the Access Tier tunnel configuration in CSE’s Cloud Command Center was causing Netagent to bring down the WireGuard (wg) interface.

• [Resolved] In some scenarios, enhanced DNS routing was not resolving correctly.

2022-06-23 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

Bug Fixes

• [Resolved] Device Trust Verification issues. A new version of the Desktop App (v.3.0.2) will be available for Linux only.

2022-06-16 Release Highlights

Early Preview Features

• CrowdStrike Integration:

  • CrowdStrike is an Endpoint Detection and Response (EDR) platform that collects device telemetry data to determine whether a device is in a state of compromised security. CSE has integrated with CrowdStrike to obtain additional device trust information. Related documentation is forthcoming.

Bug Fixes

• [Resolved] Service Tunnel issues on Windows devices. A new version of the Desktop App (v.3.0.1) will be available for Windows only.

2022-06-09 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

2022-06-02 Release Highlights

Generally Available Features

• Desktop App v3.0.0:

  • Admin Service: The desktop app now has an administrative component, for any actions within the app that require admin privileges.
  • Enhanced logging, with admin logs.
  • Home tab: A single location for accessing Service Tunnels, Recently Accessed Services, and Active Connections.
  • Enhanced Search: End users can easily search their services catalog without having to re-open the desktop app.
  • New Service Tunnel interface with an Autorun option, so that Service Tunnel connects when an end user logs into the desktop app.

May-2022 Releases

2022-05-26 Release Highlights

Enhancements and Updates

• Added 'user creation' logs in the System Log when Team Edition admins create new users:

  • Previously, when a Team Edition admin created new users, no record of the user creation was listed in the System Log. Now, when an admin creates a new user or admin, it’s added to the System Log. These logs show who created the user, the role(s) of the new user, and the timestamp.

2022-05-19 Release Highlights

Enhancements and Updates

• Enhanced DNS Routing:

  • CSE DNS routing no longer requires admins to make changes to public DNS records when migrating from service access via Service Tunnel to individual published services (i.e., hosted web services or infrastructure services). After migrating a resource, admins can simply leave Service Tunnel enabled.

2022-05-12 Release Highlights

Enhancements and Updates

• Refresh token support for SAML-based admins:

  • The CSE Command Center now supports SAML-based Admin accounts in obtaining personal refresh tokens. The process is identical to obtaining refresh tokens from non-SAML admin accounts found here.

• Option to disable Strict-Transport-Security HTTP Response Header within Netagent configuration:

  • Admins have a new configuration option to disable Strict-Transport-Security HTTP within the Netagent config.yaml file. The configuration option is ‘disable_hsts’ with the default value of “False”. This option is only available in netagent releases v1.44 and up.

2022-05-05 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

April-2022 Releases

2022-04-28 Release Highlights

New Features

• Streamlined OneLogin passwordless setup:

  • We’ve simplified passwordless authentication setup for OneLogin by providing a new method that uses a toggle.

Bug Fixes

• [Resolved] The ‘Download Devices’ button was not working in the CSE Cloud Command Center.

2022-04-21 Release Highlights

Enhancements and Updates

• The Events API now supports time-based querying, including start time (start_time) and end time (end_time).

Bug Fixes

• [Resolved] Now, admins can view users in CSE’s Cloud Command Center without users having to first register their devices.

2022-04-14 Release Highlights

Enhancements and Updates

• Performance and stability improvements.

Bug Fixes

• [Resolved] Setting the “Only include devices that have the CSE app deployed by MDM” role to “False” through the API (i.e., mdm_present: False) was returning a value of "True" in the UI.

2022-04-07 Release Highlights

New Features

• Device trust for Azure AD federated apps:

  • Admins can now use federation capabilities in Azure AD to enforce CSE policies and enable passwordless authentication for their SaaS applications.

Enhancements and Updates

• Admins can now sort Devices by 'App Version' in the CSE Cloud Command Center.

• Character limits were extended for preferred apps process names, enhancing regex pattern matching.

March-2022 Releases

2022-03-31 Release Highlights

New Early Preview Features

• Terraform Provider:

  • In addition to deployment of Access Tiers through Terraform, admins can now create (and manage) Roles, Policies, and Services via the Terraform Provider.

Enhancements and Updates

• Streamlined passwordless set-up for Okta:

  • We’ve simplified setting up passwordless for Okta by providing a new method that uses a toggle. We’re planning on deprecating the old method (which leverages Okta routing rules).

2022-03-24 Release Highlights

New Features

• Service Accounts:

  • Admins can now create Service Accounts for programmatic access to hosted websites, authenticating third-party apps to CSE-protected services via an API key or JWT token.

• Access Groups for Infrastructure Policies:

  • Admins can now add Access Groups to Infrastructure Policies in CSE’s Cloud Command Center.

Enhancements and Updates

• The search filter for Devices now allows admins to filter by app version. This is part of an overall enhancement of filtering capabilities across the CSE Cloud Command Center.

• The Activity Dashboard in the Cloud Command Center now allows admins to use a specific date range picker. This replaces the previous dropdown menu of predetermined time ranges.

2022-03-17 Release Highlights

Enhancements and Updates

• Service Tunnel support for Amazon Linux:
  • We have released an updated version of our Cloud Formation template to support Service Tunnel on Amazon Linux.

New Features

• New Support for HTTP/3 for the Cloud Command Center:

  • Next week, we will be offering support for HTTP/3 to serve our Cloud Command Center. This adheres to Google Cloud Platform’s recommended configurations. Upon enablement, browsers that support HTTP/3 will automatically negotiate an upgraded connection. Browsers that do not support HTTP/3 will continue communications on HTTP/2 protocol.

Bug Fixes

• [Resolved] Session tokens in CSE’s Cloud Command Center web application were not expiring after users were logging out.

2022-03-10 Release Highlights

Bug Fixes

• API keys with a “Read Only” scope were receiving unauthorized access messages. This has been fixed.

2022-03-03 Release Highlights

Enhancements & Updates

• New TrustScore Statuses for Devices:

  • Admins can now view TrustScore statuses (Expired, Reporting, Overridden, and Pending) for devices in their org. These statuses provide insight into the state or security posture of each device.

February-2022 Releases

2022-02-24 Release Highlights

Enhancements & Updates

• Fedora Support:
  • We now have full support for Fedora (34 and later) in the newest version of the CSE Desktop App.

2022-02-17 Release Highlights

Enhancements & Updates

• Admins can now click through chart segments on the All Devices and All Access Tiers pie graphs in the reporting dashboard of CSE’s Cloud Command Center. This way, admins have a detailed view of devices.

• We introduced a toggle (in all policy types) that allows admins to hide the service from the service catalog. Previously, hiding a service in the service catalog of the CSE App was only possible through the API or a custom policy.

• We have improved our logging capabilities by adding sign-in events for local admins.

Bug Fixes

• Users had issues validating the Common Name (CN) in the CSE Certificate due to irregular length serial numbers. We now support devices with irregular length serial numbers.

2022-02-10 Release Highlights

Enhancements & Updates

• Delete unregistered devices:

  • Admins can now delete unregistered devices from the CSE Cloud Command Center.

January-2022 Releases

2022-01-27 Release Highlights

Generally Available Features

• New Service Tunnel (L4) Policies:

  • Admins can now create network-level (L4) Service Tunnel policies. Access groups can be defined by role, trust level, protocol, CIDR range, and port, and admins can configure exceptions to the defined rules.

• New Web (L7) Policies:

  • Admins can now define L7 rules within web policies using a simple policy definition form in Banyan’s Cloud Command Center instead of having to manually configure a custom policy.

Enhancements & Updates

• Expiration Notification:

  • CSE’s Desktop App now provides an expiration notification when a user’s login token is 2 hours away from expiring. The expiration notification time is configurable.

• CSEproxy now auto-detects and uses the system proxy for outgoing connections.

Bug Fixes

• Previously, default permissions in Netagent log files were allowing everyone ‘read access’. Now, permissions limit read access to the file's owner and users in the file's group.

2022-01-13 Release Highlights

Enhancements & Updates

• Added timestamp sorting to Admin System Log
• Performance and stability improvements

2022-01-06 Release Highlights

Enhancements & Updates

• Enhanced Zero Touch Installation scripts:

  • We simplified installation, adding (i) steps to upgrade the app via Zero Touch and (ii) steps to start the app after Zero Touch deployment.

  • We added a configuration option to hide the HTTP backend connection log (used for troubleshooting purposes) from view.

Bug Fixes

• Netagent was stripping out invalid HTTP cookies. Now, it forwards invalid cookies.

• macOS users now receive the correct IP address when they use Service Tunnel.

• If admins added an IP exemption within a policy and then removed the Access Tier attached to this same service, IP addresses were being retained (when they should have been removed).

December-2021 Releases

4.33 (2021.12.23) Release Highlights

Enhancements and Updates

• Admin SAML login changes:

  • Admins can now edit the ‘SP issuer URL’ field.

4.32 (2021.12.15) Release Highlights

Enhancements and Updates

• New Admin System Log:

  • The Admin System Log provides a time-stamped log of administrators' actions in the CSE Console, so that their previous actions can be reviewed and understood for auditing purposes. Admins can now filter searches for logs by action type or by time. Admins can also click into individual logs for a more detailed view of actions taken.

• Added Devices to Auto-Deletion Setting:

  • In the CSE Console, admins can use the auto-delete setting to automatically delete users after a specified period of user inactivity. Now, admins can also use the auto-delete setting to automatically delete devices after a specified period of inactivity.

• Automatic Device Certificate Renewal:

  • Device certificates last for 1 year after registration. Now, 30 days before certificate expiration, certs are automatically renewed in the next user log-in. This feature requires CSE Desktop App 2.5.

Bug Fixes

• Admins couldn’t disable the ‘Service Tunnel for End Users’ setting after creating a Service Tunnel. This issue has been fixed.

4.31 Release Highlights

Generally Available Features

• Run Diagnostic Tool:

  • If end users are having trouble (e.g., with registering a device, accessing a service, or their Trust Scoring is mis-reporting) and want to investigate whether there are issues with the CSE Desktop App, they can use our new Run Diagnostics Tool to help diagnose their issue.

  • End users can also use the diagnostics tool to package logs to send to their administrator.

• Support for Specifying Users in Zero Touch Registration:

  • Using ZeroTouch, admins can now specify the named user on the device the app will be registered to, improving visibility into device ownership during roll-out.

Enhancements and Updates

• Keychain Explainer Prompt:

  • With CSE Desktop App 2.5, macOS users now receive an explainer prompt, notifying them that CSE needs keychain access in order to grant access and encouraging them to select “Always Allow”.

• Enhanced App Logging:

  • We added additional logging for API calls and HTTP requests made by the Desktop App.

4.30 Release Highlights

Generally Available Features

• Service Tunnel

  Service Tunnel is a modern WireGuard VPN service that provides encrypted network connectivity to various network segments. It supports Banyan device trust and continuous evaluation.

• Discover and Publish for AWS

  CSE automatically discovers AWS resources that need to be accessed by your end users. You can then publish these discovered resources as Banyan services from the Command Center.

Early Preview Features

• Discover and Publish for Azure, Google Cloud, and Oracle Cloud

  Extends CSE’s cloud resource discovery solution to additional Infrastructure as a Service (IaaS) providers.

Component Versions

Client Components	Server Components	Management Components
Desktop App v4.3.0 (Changelog)	Netagent v2.10.7 (Changelog)	Shield v1.57.0 (Changelog)
Mobile App v2.3.6 (Changelog)	Connector v2.0.11 (Changelog)

* Updated in the latest release

November-2021 Releases

4.22 Release Highlights

Enhancements and Updates

• To improve users’ experience of the application, we've:

(1) Differentiated the Device Trust Verification and Passwordless steps in the process flow; (2) Added auto-continue (replacing manual continuation) after verification has been completed.

• A new version of the iOS app (v2.0.1) is now available. In this version, we’ve re-introduced the shield icon in Device Trust Verification, providing challenge code functionality.

Bug Fixes

• Trust Scoring was changing expired trust scores from “0” to non-zero numbers in select scenarios. This issue has been resolved.

4.21 Release Highlights

Enhancements and Updates

• We now support an access tier scope for API key use so that admins don’t have to use a Refresh Token while installing the Access Tier.

• CSE’s Refresh Token API endpoint now accepts API keys as a form of authentication (in addition to Refresh Tokens). Now, when the Refresh Token endpoint receives an API key, it will return the API key (instead of an Access Token).

• To improve user experience of the application, the Device Trust Verification and Passwordless steps have been differentiated in the process flow.

4.20 Release Highlights

Enhancements and Updates

• Admins can now delete issued Let’s Encrypt certificates from the CSE console
• Performance and stability improvements

4.13 Release Highlights

Generally Available Features

API keys for service accounts:

• Admins can create and manage API keys for programmatic access to the CSE Command Center REST APIs (as an alternative to using a personal refresh token). An API key can be issued with Admin privilege levels - Admin, ServiceAuthor, PolicyAuthor, etc - or at more specific scopes - satellite, access_tier, etc.

Enhancements and Updates

Clone services:

• Admins now have the ability to clone services. Cloned services retain all of the same properties except for the service name and service domain name.

Support for unregistered devices on mobile:

• CSE mobile app users going through the Device Trust Verification flow can now select “Don’t have the CSE App”, which takes them through the unregistered device flow if enabled for their organization.

October-2021 Releases

4.12 Release Highlights

Enhancements and Updates

• Device Trust Verification can now be turned on or off for a whole organization or for individual hosted websites and SaaS applications from the console.

Bug Fixes

• Services that weren’t supposed to be user-facing were appearing in the CSE App.

4.11 Release Highlights

Enhancements and Updates

• The Org Name was added to the toolbar of the CSE console so that customers with multiple instances of CSE can now clearly identify which Org they’re presently logged into.

• The device verification page was updated (the challenge code was removed) to reflect mobile devices’ use of certificates in app keychains.

• Error page designs were updated for consistency.

Bug Fixes

• Service test connection fails when service uses http_connect mode

• Incorrect error message when a device is not MDM-compliant

4.10 Release Highlights

Early Preview Features

Service Tunnel

• Service Tunnel is a modern WireGuard VPN that provides encrypted network connectivity to various network segments, including VPCs, VLANs, and subnets. Service Tunnel supports device trust and continuous evaluation.
• Contact support@sonicwall.com or your Customer Success Engineer to enable this feature in your org.

Enhancements and Updates

• Support for Zero Touch Installation on macOS Big Sur: macOS Big Sur prevents administrators from silently installing CSE certificates through a device manager. CSE now stages the device certificates on the end user’s device, and installation completes when the user launches the app and enters their admin credentials.

• Connector v1.3.0 supports installations via Docker on macOS.

• Users can now convert an existing service to Custom JSON for advanced configurations.

4.0 Release Highlights

Enhancements and Updates

• Added CSE App Version as a column in Devices list view so that administrators can see the version of the CSE app that’s installed on each user’s device.

Component Versions

Client Components	Server Components	Management Components
Desktop App* v4.3.0 (Changelog)	Netagent* v2.10.7 (Changelog)	Shield* v1.57.0 (Changelog)
Mobile App* v2.3.6 (Changelog)	Connector* v2.0.11 (Changelog)

* Not updated since last major release

September-2021 Releases

3.94 Release Highlights

Enhancements and Updates

• Added a confirmation message to setting the threshold for stale Trust Scores.
• Performance and stability improvements.

3.93 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.92 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• Service Test Connection fails for all Access Tiers if one Access Tier fails.

3.91 Release Highlights

Generally Available Features

• User-defined Service Bundles

  • With CSE Desktop App v2.3, end users can now create their own service bundles within the app. The bundles will persist across all of the user’s registered devices.

• Service Test Connection (Requires Netagent v1.37.0+)

  • Ensure connectivity for your published CSE services via a simple test connection. The test validates the Service Domain Name routes to a CSE Access Tier and confirms the backend domain or IP is reachable from the Access Tier.

  Note: Currently, service test connection does not support services that use HTTP Connect.

Enhancements & Updates

• Added filters for service types within the Service Catalog

3.90 Release Highlights

Enhancements & Updates

• Restored “Netagent Details” for hosted websites and infrastructure
• Removed enforcement of “Site Domain Names” configuration parameter

Component Versions

Client Components	Server Components	Management Components
Desktop App* v4.3.0 (Changelog)	Netagent v2.10.7 (Changelog)	Shield v1.57.0 (Changelog)
Mobile App* v2.3.6 (Changelog)	Connector* v2.0.11 (Changelog)

* Not updated since last major release

August-2021 Releases

3.83 Release Highlights

Generally Available Features

• Simplified Mobile App Registration
  • With the CSE Mobile App v2.0, end user-initiated registration is now 50% faster, eliminating multiple login and certificate install steps. The streamlined onboarding flow will include four steps within the app before having access to all Hosted Web and SaaS applications.
• Docker container for CSE Access Tier installation
• Device Trust Verification
  • Required to validate device trust for Sandboxed apps and the new CSE Mobile App v2.0.

Enhancements & Updates

• International availability of the CSE Mobile App in the following countries: UK, Ireland, Canada, Germany, Spain, India, Brazil, UAE, Oman, Bahrain, and Finland.

Bug Fixes

• API should not allow deleting roles and registered services that are in enabled state
  • Customers using the API to delete roles or delete services will need to ensure they call the disable role or disable service API first before deletion.

3.82 Release Highlights

Enhancements & Updates

• Ability to automatically remove inactive users
  • Admins can set a threshold (in days) for when an inactive user is removed from the CSE Command Center. The device(s) associated to the user will also be removed.
• Performance and stability improvements

3.81 Release Highlights

Enhancements & Updates

• Devices CSV export includes information about the latest TrustScore factors
• Ability to delete multiple users at once

3.80 Release Highlights

Generally Available Features

• Access Tier monitoring and metrics collection using statsd to send metrics to Datadog via Dogstatsd
• Use Let's Encrypt certificates for hosted websites
  • Organizations can now use CSE to issue Let’s Encrypt certificates for their hosted websites. CSE will manage issuance, renewal, and revocation of the Let’s Encrypt certificates.

Enhancements & Updates

• Ability to delete users from the CSE Command Center

Early Preview

• CSE Mobile App v2.0.0
  • The updated mobile app supports streamlined registration and access flows. See important notices for more details on requirements and impact.
• CSE Connector v1.2.0
  • Initial release of the CSE Connector which creates a secure tunnel to the CSE Global Edge Network. Supports management from UI and CIDR-less configurations.
• Docker container for CSE Access Tier installation

July-2021 Releases

3.74 Release Highlights

Enhancements & Updates

• Updated CORS Exemption fields in standard website service spec to allow specifying target
• Performance and stability improvements

3.73 Release Highlights

Enhancements & Updates

• IDP routed is now listed as a subtype within SaaS applications in the Command Center. When adding a SaaS application, admins will have the choice of CSE Federated or IDP routed.

Bug Fixes

• “Database” services do not show up in services filter

3.72 Release Highlights

Enhancements & Updates

• Added Exemptions and Advanced Settings sections to Standard Website services
  • Organizations can now configure OIDC Exemptions and CORS Exemptions from the Standard Website service spec.
• Performance and stability improvements

3.71 Release Highlights

New Early Preview Features

• Access Tier metrics collection using statsd to send metrics to Datadog via Dogstatsd
• Use Let's Encrypt certificates for hosted websites
  • Organizations can now use CSE to issue Let’s Encrypt certificates for their hosted websites. CSE will manage issuance, renewal, and revocation of the Let’s Encrypt certificates

Enhancements & Updates

• Ability to forward the bnn_trust JWT token as a Custom HTTP header for hosted websites
• New Infrastructure Service subtype of “Database”
  • Previously databases were created as Generic TCP services. Going forward, databases will be carved out into their own infrastructure services subtype allowing for enhanced admin visibility and end user access flows

3.70 Release Highlights

Enhancements & Updates

• CSE Desktop App support for additional keyboard shortcuts
• Simplified Desktop App Registration - End user-initiated registration is now 50% faster, eliminating multiple login and keychain access prompts. The streamlined onboarding flow will include five steps before having access to all Infrastructure, Hosted Web, and SaaS applications.

• Hidden Services Until Login - All CSE services within the app will require an identity provider login before they are visible. Previously, Hosted Web services were always visible and required an identity provider login after launching a service. This experience will be standard across manually registered devices as well as devices registered via Zero Touch mode.

Bug Fixes

• Unable to send Access Tier logs from console

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.2.1(Changelog)	Netagent v1.37.0 (Changelog)	Shield v1.35.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.66.0

* Not updated since last major release

June-2021 Releases

3.64 Release Highlights

Bug Fixes

• When configuring a custom JSON service, the Link (shown to end users) field did not save.

Upcoming Enhancements to CSE Desktop App Registration and Access Flows

As part of the upcoming CSE Desktop App 2.2 release (expected to release June 30th), we are introducing enhancements to streamline the Desktop App registration and access flows.

• Simplified Registration - End user-initiated registration is now 50% faster, eliminating multiple login and keychain access prompts. The streamlined onboarding flow will include five steps before having access to all Infrastructure, Hosted Web, and SaaS applications.

• Hidden Services Until Login - All CSE services within the app will require an identity provider login before they are visible. Previously, Hosted Web services were always visible and required an identity provider login after launching a service. This experience will be standard across manually registered devices as well as devices registered via Zero Touch mode.

Support Contact Information For questions or concerns, please reach out to your Customer Success Engineer or support@sonicwall.com.

3.63 Release Highlights

Enhancements & Updates

• Improved organization of services in the Command Center for greater visibility and streamlined service creation. Now, services are organized according types and subtypes:
  • Hosted Services
    • Standard Websites
    • Custom Service (JSON)
  • Infrastructure
    • SSH
    • RDP
    • Kubernetes
    • Other TCP
    • Custom Service (JSON)
  • SaaS Applications
  • IDP Routed
• The following features have been promoted from early preview and are now generally available for all tenants:
  • Devices enrolled via Zero Touch installation support CSE’s Passwordless authentication.
  • Identity Federation in OneLogin for Device Policies on SaaS Apps.

Bug Fixes

• On the Users page in the Command Center, sorting users by Last Login date was inconsistent.

3.62 Release Highlights

Enhancements & Updates

• Improved backend domain validation when registering a service. Valid field values are IP address, FQDN, or template syntax.
• Command Center version is now indicated in the UI (top-right question mark icon) instead of the UI version.

3.61 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.60 Release Highlights

Enhancements & Updates

• Integrated CSE CLI to run in-terminal commands to connect to CSE services without interacting with the CSE Desktop App.
• Devices enrolled via Zero Touch installation support CSE's Passwordless authentication. (This feature is in early preview and must be explicitly enabled for your organization)
• Added the ability to exclude the Preferred Apps TrustScore Factor based on device ownership type.
• Added guardrails to prevent attaching a TCP policy to a Hosted Website, or attaching a Web policy to a TCP service.

Bug Fixes

• Devices enrolled via Zero Touch installation were unable to favorite services or set services to autorun in the CSE Desktop App.

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.1.0(Changelog)	Netagent v1.36.1 (Changelog)	Shield v1.34.1 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.66.0

* Not updated since last major release

May-2021 Releases

3.52 Release Highlights

Enhancements & Updates

• Added validation for Frontend/TLS SNI when creating a service to prevent creation of duplicate services with the same SNI or Frontend domain (and port).

Bug Fixes

• Autorun and “Start All Services” button did not respect the configured port and instead chose a random port.
• Certificate selection pop-up was not suppressed on Windows.

3.51 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.50 Release Highlights

Enhancements & Updates

• Added service bundles which allow admins to group any CSE services that are needed for a specific team or project and surface them as a bundle within the CSE Desktop App.
• Revamped the desktop version of the CSE App with expanded viewport, services catalog, service bundles, favorites, and more. For more information on the new app, check out our blog post and refer to What’s New in Desktop App 2.0? to help your end users transition to the new Banyan app.

Component Versions

Client Components	Server Components	Management Components
Desktop App v2.0.1(Changelog)	Netagent v1.36.1 (Changelog)	Shield v1.34.1 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.61.1

* Not updated since last major release

April-2021 Releases

3.43 Release Highlights

Enhancements & Updates

• Download .csv of Users list under Directory & Infrastructure in the Command Center.

3.42 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.41 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.40 Release Highlights

Enhancements & Updates

• When configuring SAML SSO CSE Administrators, the existing IDP Issuer URL field has been renamed to IDP Issuer and now supports URLs and entity IDs.
• Miscellaneous Access event improvements.
• Published troubleshooting guide to help end users work around common errors and issues they may face when using Banyan.

Bug Fixes

• After adding a new local Admin in the Command Center, the New Admin form fields did not clear and reset to empty.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.14.1 (Changelog)	Netagent v1.35.0 (Changelog)	Shield v1.33.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.58.0

* Not updated since last major release

March-2021 Releases

3.33 Release Highlights

New Features

• New CSE Reporting page to provide high-level visualizations of data related to your organization, including:
  • Access activity - Total counts and breakdowns of your devices, users, services, policies, roles, and Access Tiers.
  • Access patterns - Most popular services by user, most active users by service, and more.
  • TrustScore intelligence - Path of Zero Trust access from device (operating system) through Trust Level to services.

• Added audit logging for Kubernetes API events.

Enhancements & Updates

• Streamlined setup of Kubernetes OIDC Authentication feature.
  • Customers no longer need to update the certificate in the CSE Service spec after every upgrade of the Helm chart.
  • Reduced number of parameters manually entered in the Helm chart’s values.yaml file.
• Increased size limitations of the service.json to support larger service request bodies.
• Removed GPG Password from Cluster details page.

Bug Fixes

• For organizations that do not allow unregistered devices, the Passwordless fallback flow was not working properly for registered devices where the UPN was not present because it was installed via Zero Touch Desktop App installation and device registration.

3.32 Release Highlights

Enhancements & Updates

• Added a Link (shown to end users) field when configuring a hosted website or infrastructure service. (Only supported on Desktop App v1.13.1+)

Bug Fixes

• The Events Log Viewer did not display user and device details for Access events.

3.31 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• End users received an authorization error when attempting to access services via the CSE App if their organization configured the Device Cert Only authentication feature.

3.30 Release Highlights

Enhancements & Updates

• Wildcard Web Service definitions (such as *.example.com) now support the root domain (example.com).

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.13.1 (Changelog)	Netagent v1.34.1 (Changelog)	Shield v1.32.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.54.0

* Not updated since last major release

February-2021 Releases

3.24 Release Highlights

Enhancements & Updates

• Added ability to configure a 302 redirect HTTP response for Unregistered Devices.

3.23 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.22 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

3.21 Release Highlights

Bug Fixes

• Removed Backend DNS Override for Service Domain Name (optional) from the Custom Service JSON page in Command Center.
• On Windows Devices running banyanproxy in RDP Gateway mode, the CSE Desktop App sent an incompatible connection header.

3.20 Release Highlights

New Features

• Various CSE Desktop App enhancements and updates, such as:
  • Fixes for macOS Big Sur M1 on ARM64 and X64 devices.
  • Session expiration awareness.
    • End users will see an indicator of when their login certificate for banyanproxy is close to expiration or expired.
  • New utility functions for command line when distributing the CSE Desktop App using a device manager.

Enhancements & Updates

• Enhanced Access Activity views for Services, Devices, and Users in the Command Center.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.12.2 (Changelog)	Netagent v1.33.0 (Changelog)	Shield v1.31.0 (Changelog)
Mobile App* v1.10.0 (Changelog)		Command Center v1.50.0

* Not updated since last major release

January-2021 Releases

3.12 Release Highlights

Enhancements & Updates

• Download .csv of Devices and Unregistered Devices lists under Directory & Infrastructure in the Command Center.
• Support to enable/disable email OTP for mobile device registration.

Bug Fixes

• If an end user registered a device with CSE but did not access any services, the user name did not populate in the Devices lists under Directory & Infrastructure in the Command Center.

3.11 Release Highlights

New Features

• Zero Touch installation and registration of the Desktop App via Device Managers (such as Intune).
  • Introduces the capability to silently install and register the CSE Desktop App for macOS and Windows with zero end-user interaction. Zero Touch mode is particularly useful when the end-user does not have administrative privileges on their device.

Enhancements & Updates

• Reorganized the App Deployment settings page in Command Center to make OTP-based email verification an org-level setting. (Please note: The Mobile App registration will fail for end users who are provided OTP-based email verification due to a temporary Known Issue.)
• Extend validity of Reporting Token to one year, to match the Device Certificate lifetime.
• Improved filtering on the Events Log Viewer.
• Updated the https://getbanyan.app page, so end-users can easily download the latest version of the CSE App.

3.10 Release Highlights

Welcome to our first release of 2021! This release is a small maintenance release, but next week we will roll out a new Desktop App that includes zero touch installation capabilities, along with other enhancements and improvements.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.11.1 (Changelog	Netagent v1.32.0 (Changelog)	Shield v1.30.0 (Changelog)
Mobile App v1.10.0 (Changelog)		Command Center v1.45.0

* Not updated since last major release

December-2020 Releases

2.63 Release Highlights

Enhancements & Updates

• Filters in the Events Log Viewer support multiple values; for example, you can now search for events corresponding to User-A OR User-B OR User-C.
• Improved Access Tier documentation, with dedicated sections on deployment models and troubleshooting.

Bug Fixes

• Access Tier Site Domain Names were sometimes not reflecting correctly in CSE Command Center.

2.62 Release Highlights

Enhancements & Updates

• Performance and stability improvements.

Bug Fixes

• Added backend validation to disallow invalid characters (such as a slash (/)) in service names.

2.61 Release Highlights

Enhancements & Updates

• Additional filters (Event Severity, Event ID, and External ID) in the Events Log Viewer.
• Command Center Dashboard displays a dedicated tile for Unregistered Devices. (This tile only appears if your organization has Unregistered Devices allowed at the Organization level.)

Bug Fixes

• If an IDP sends a large number (>100) of groups to CSE in the SAML/OIDC assertion, users may see failures when logging in via CSE Desktop App.

2.60 Release Highlights

New Features

• Support for OneLogin as an IDP Routed Service. (This feature is in early preview and will be enhanced with future releases.)
  • Allows OneLogin customers to enable device trust for SaaS applications.

Enhancements & Updates

• Various enhancements for CSE Apps (Desktop App v.1.10.0 and Mobile App v.1.9.0).
• Updated TCP Service templates (SSH, RDP, Kubernetes, and Generic TCP) to allow Hostnames and CIDR ranges.
• Select multiple Access Tiers for a single service.
• Filter Devices by TrustScore in Command Center.

Bug Fixes

• Attempting to view or edit existing services in the Command Center only loaded a blank page.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.10.1 (macOS, Windows, Linux-Ubuntu, Linux-RPM)	Netagent v1.31.0 (Changelog)	Shield v1.29.0 (Changelog)
Mobile App v1.9.0 (iOS, Android)		Command Center v1.41.0

* Not updated since last major release

November-2020 Releases

2.54 Release Highlights

• Improved tracking and management of Unregistered Devices in the Command Center.

2.53 Release Highlights

• Initial release of CSE’s Just-In-Time SSH User (JITSU) provisioning and auditing script to streamline Advanced SSH capabilities.
• Performance and stability improvements.

2.52 Release Highlights

• Unknown Devices are now referred to as Unregistered Devices throughout CSE. Devices in CSE are classified as:
  • Managed – Device is administered by a Device Manager (such as VMware Workspace ONE UEM, Jamf Pro, Microsoft Intune, etc.)
  • Registered – Device has a Trusted Device Certificate in its keychain/certificate manager; the Device Certificate can be placed in the keychain/certificate manager either by the Device Manager or by the CSE App.
  • Unregistered – Device does not have a Trusted Device Certificate in its keychain/certificate manager
• Performance and stability improvements.

2.51 Release Highlights

• Updated TrustScore logic so that the range for High Trust Level changed from 81-99 to 81-100 and AlwaysAllow changed from 100 to 101.
• Added ability to configure SAML attribute mapping and ability to persist Name ID for SAML SaaS applications.
• Improved Dashboard data quality.
• Deprecated the Legacy Events page in the Command Center along with Legacy Events API, which has been replaced by the new Events API.

2.50 Release Highlights

• One-click access for Kubernetes Services.
  • Introduced a new TCP Service Type of “Kubernetes” for secure access to Kubernetes API via kubectl. Includes support for just-in-time user provisioning and integration with native K8S RBAC. No updates to kubectl client or Kubernetes API required.
• Enhanced support RDP Servers.
  • Leverage RDP clients' RD Gateway support to provide access to a collection of RDP Servers.
• Added ability to exempt specific Source IPs from Policies for OIDC Web Services

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.9.0 (macOS, Windows, Linux)	Netagent* v1.30.0 (Changelog)	Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)		Command Center v1.38.0

* Not updated since last release

October-2020 Releases

2.43 Release Highlights

• List all Users and Devices by Role in the Command Center.
• Performance and stability improvements.

2.42 Release Highlights

• Updated Users and Devices list views to support pagination.
• Minor Desktop App release for bug fixes and stability.

2.40 Release Highlights

• Administrators can customize TrustScore remediation instructions and links displayed to end users in the Desktop App. These instructions can be customized for each TrustScore factor and are specific to the device's operating system.
• Improvements to SSH service connectivity, including the ability to access collections of SSH servers by IP address via HTTP_CONNECT mode in Netagent. (This feature requires Desktop App v1.8.0+).
• Initial release of Device Trust Verification capability to support native "sandboxed" apps. "Sandboxed" apps are iOS/Android/MacOS/Windows apps that use WebViews for authentication that are unable to access the CSE Device Cert placed in the device cert store or keychain. Also introduced a Device Trust Verification tab in the CSE Desktop and Mobile Apps to enter the device Trust Code to verify the device. (This feature is in early preview and must be explicitly enabled for your organization.)
• Updated Role details and Policy details pages.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.8.2 (macOS, Windows, Linux)	Netagent* v1.29.1 (Changelog)	Shield* v1.28.0 (Changelog)
Mobile App* v1.8.0 (iOS, Android)		Command Center v1.33.0

* Not updated since last release

September-2020 Releases

2.34 Release Highlights

• Content and stability enhancements to the new Events API.

2.33 Release Highlights

• Automatically remove terminated agents from Command Center views after 48 hours of inactivity.

2.32 Release Highlights

• Updated Command Center landing page
• Initial release of new Events API and UI. The current Events API will be deprecated later this year.

2.31 Release Highlights

• Added ability to remove terminated agents from the Command Center

2.30 Release Highlights

• Preferred Apps for Device Trust Scoring now supports regex pattern matching for apps having process names that are variable or change regularly.
• Enriched information collected about a Netagent when generating a one-click support bundle.
• Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.
• (Bugfix) Previously, when configuring CORS, the target parameter only supported a wildcard (*). Now, the target parameter supports actual domains.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.7.1 (macOS, Windows, Linux)	Netagent v1.28.0 (Changelog)	Shield v1.27.0 (Changelog)
Mobile App* v1.6.0 (iOS, Android)		Command Center v1.29.0

* Not updated since last release

August-2020 Releases

2.23 Release Highlights

• (Bugfix) Certain end user facing "reporting" APIs were incorrectly applying Policy calculations.

2.22 Release Highlights

• Revamped CSE Mobile Apps (iOS and Android) for performance and stability improvements.

2.20 Release Highlights

• Simplified configurations for TCP Services - admins can preconfigure all end user parameters and optionally allow end users to override those.
• Added HTTP_CONNECT mode to Netagent and a corresponding HTTP_CONNECT_DAISY_CHAIN mode in the Desktop App banyanproxy. When enabled, the banyanproxy forwards the client's HTTP CONNECT request to Netagent, and Netagent forwards the request to the configured destination.
• Issue short-lived SSH certificates for certificated-based authentication and authorization to SSH servers. (This feature is in early preview and must be explicitly enabled for your organization).
• Initial release of Application Catalog, which features guides to configure access to common enterprise applications for Zero Trust security using CSE.
• Added ability to delete Device Registration in the Command Center.
• Added ability to manage cryptographic tokens and certificates, such as your organization's Root CA, in the Command Center.
• Pagination for User and Device APIs.
• When configuring SaaS Applications, you can specify nameid format for SAML applications.
• (Bugfix) Email address response to SAML providers was formatted as a transient nameid.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App* v1.6.0 (macOS, Windows, Linux)	Netagent* v1.27.1 (Changelog)	Shield* v1.26.1 (Changelog)
Mobile App v1.6.0 (iOS, Android)		Command Center v1.23.1

* Not updated since last release

July-2020 Releases

2.16 Release Highlights

• Added configuration options for deploying Desktop App via Device Managers.
• For devices managed by Workspace ONE UEM, device TrustScore calculation accounts for Workspace ONE UEM factors.
• Command Center displays the CSE App version installed on a device in the Device Details view.
• (Bugfix) Admins could create a single role or policy multiple times with different letter casings.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.2 (macOS, Windows, Linux)	Netagent v1.25.1* (Changelog)	Shield v1.23.1* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.18.0

* Not updated since last release

June-2020 Releases

2.15 Release Highlights

• Extended service spec to handle Cross-Origin Resource Sharing (CORS) traffic to CSE-protected web services.
• Updated Identity Provider configuration fields to consistently use new OIDC V2 endpoints. (If you have previously configured Passwordless Authentication with Okta, please review the steps to migrate from OICD V1 endpoints to OIDC V2 endpoints here.)
• Added new Roles to apply policies based on the device’s operating system and whether it is managed by a device manager.
• Added capability for an Admin to de-register and delete a Device from the Command Center.
• Updated Settings > TrustProvider Settings > Device Manager page for added granularity when updating Workspace ONE UEM API configuration and device certificates.
• (Bugfix) Admins could create a single service multiple times with different letter casings.

2.14 Release Highlights

• Added configuration options for deploying Desktop App via Device Managers. Admins can customize specific CSE Desktop App functionality such as device registration, startup behavior, visible views, and more.
• Added Settings > Desktop & Mobile > App Deployment page, which includes download links for the latest CSE Desktop and Mobile Apps, the Organization Invite Code, and Device Manager Deployment Settings.
• Performance and stability improvements.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.1 (macOS, Windows, Linux)	Netagent v1.23.0* (Changelog)	Shield v1.21.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.16.0

* Not updated since last release

May-2020 Releases

2.13 Release Highlights

• Initial release of CSE Zero Trust security policies for SaaS Applications.
• Added capability to send a "Support Bundle" of Netagent logs to the CSE customer success team via a button click in the Command Center, streamlining support and troubleshooting processes.
• Passwordless Authentication no longer always blocks unregistered devices. Now, if an organization configured for Passwordless permits access from unregistered devices, a user on an Unregistered Devices will skip the Passwordless flow and instead receive a prompt to enter IdP credentials.
• Published Users & Devices APIs.
• Shield logs are now displayed in the CSE Command Center.

2.12 Release Highlights

• Added capabilities to enable large-scale fleet deployments using Device Managers.
• Desktop App - Added features to improve the authentication experience and to support developer workflows.
• Updated Access Tier CloudFormation deployment template to support traffic redirection from Port 80 (HTTP) to Port 443 (HTTPS).
• (Bugfix) Inconsistent Device TrustScore enforcement in certain situations.
• (Bugfix) Users on Unregistered Devices were not being tracked correctly in the Command Center.
• (Bugfix) Netagent - Cookie logic fix for WebSockets and Multi-domain Services.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.5.0 (macOS, Windows, Linux)	Netagent v1.22.0 (Changelog)	Shield v1.19.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.14.0

* Not updated since last release

Apr-2020 Releases

2.11 Release Highlights

• Host Agents and Access Tiers display their current status in the list and overview pages. The status for an Access Tier is the "best" (Reporting, Inactive, or Terminated) status of any of its aggregated Netagents.
• Added IDP Routed tab to the Manage Services page to distinguish SaaS Applications secured via Identity Federation.
• Netagent - Added a configuration option to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS).
• Changed Transactional Email provider from GoogleCloud to SendGrid. (Please check your spam filters in case CSE system emails are automatically filtering as spam)
• (Bugfix) Aggregation of User/Device/Role was being done inconsistently.

2.10 Release Highlights

• CSE App - Desktop App can be installed on devices running the Ubuntu Linux operating system.
• Service configuration details are now reported from Netagent and displayed in the CSE Command Center.
• Wildcard service definitions (*.example.com) have been extended to cover WEB services (wildcards previously only worked for TCP services).
• Netagent - When OpenID Connect is enabled for a Service, you can now exempt specific paths from the OIDC Authentication requirement.

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.4.1 (macOS, Windows, Linux)	Netagent v1.20.0 (Changelog)	Shield v1.16.0* (Changelog)
Mobile App* (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.12.0

* Not updated since last release

Mar-2020 Releases

2.9 Release Highlights

• Desktop App - Enhanced user experience, with specific focus on Developer workflows.
• Command Center - Added OpenID Connect Discovery endpoint to Settings > OIDC Settings.
• Published new enhanced V2 OpenID Connect (OIDC) endpoints, used in federated authentication flows. (Existing V1 endpoints used for Passwordless Authentication have been deprecated and will be removed in a future release.)
• (Bugfix) Netagent - A race condition at the token validation stage was causing sporadic hangings of connections to applications.
• (Bugfix) User Roles based on Device Claims were not computing correctly.

2.8 Release Highlights

• More consistent real-time policy enforcement via Trust Scoring.
• Command Center - Organizations enabled with Single Sign-On can conveniently view types of Admins via the Manage Admins page.
• Command Center - Added Hosts list and overview (Directory & Infrastructure > Hosts) to display and easily manage all hosts across clusters.
• (Bugfix) Command Center - When creating services, removed the IDP-First option if an organization's Identity Provider was not Okta. (CSE currently only supports Okta for Identity Federation for Device Policies on SaaS Apps.)

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.3.0 (macOS, Windows)	Netagent v1.18.0 (Changelog)	Shield v1.16.0 (Changelog)
Mobile App (iOS v.1.4.0, Android v.1.3.1)		Command Center v1.10.0

Feb-2020 Releases

2.7 Release Highlights

• Added OCSP capability for device certificate revocation and the ability to ban and unban devices
• Events API surfaces new Identity event types (OCSP, MDM, IDP) during authentication flow
• Organizations can now have multiple Owners
• New restrictions on SAML-Only administrators
• Command Center - Streamline Infrastructure (Cluster, Access Tier, Host Agent) views
• Desktop App - Added auto-update capability so end users are automatically notified of new versions and can update with a button click
• (Bugfix) Desktop App - Fixed ‘Delete Device Registration’ error, banyanproxy now placed in PATH consistently
• (Bugfix) Mobile App - Fixed “Invalid Token” error - notifications to inactive Mobile App is now sent based on the TrustScore TTL instead of every 24 hours

Component Versions

Client Components	Enforcement Components	Management Components
Desktop App v1.3 (macOS), Windows	Netagent v1.17.0 (changelog)	Shield v1.15.0 (changelog)
Mobile App v1.3 (iOS, Android)		Command Center v1.9

Jan-2020 Releases

2.6 Release Highlights

• Added support for OpenID Connect (OIDC) Discovery endpoint
• Desktop App displays list of available Services and supports multi-org registration
• Improved Services templates in Console UI
• Added Role attribute “Device Registration” to configure roles for Known and Unregistered Devices
• Disabled token generation and password-setting for SSO Admin accounts that use SAML

Component Versions

Client Components	Enforcement Components
Desktop App v1.2.1	Netagent v1.15.1

Release Notes From Previous Years

Release Notes Archive - 2019

Dec-2019 Releases

2.3 Release Highlights

• Initial release of Mobile App for Android
• Enhance OIDC capabilities used by Policies for SaaS Apps

Component Versions

Client Components	Enforcement Components
Desktop App v1.0.11	Netagent v1.13.0
Mobile App (Android) v1.2

Nov-2019 Releases

2.1 Release Highlights

• Policy enforcement for SaaS Applications
• Desktop App redesigned, leveraging the browser for authentication flows
• Initial release of Mobile App for iOS

Component Versions

Client Components	Enforcement Components
Desktop App v1.0.6	Netagent v1.11.0
Mobile App (iOS) v1.2

Oct-2019 Releases

1.9 Release Highlights

• Passwordless authentication using device certs (read our blog post for details)
• Netagent "BadActor" module for DoS prevention

Component Versions

Client Components	Enforcement Components
Desktop App v0.3.7	Netagent v1.9.0

Sep-2019 Release

1.7 Release Highlights

• Trust Scoring capabilities enhanced to cover LatestOS and OrgPreferredApps
• Netagents proxies WebSocket connections
• Initial release of Desktop App

Component Versions:

Client Components	Enforcement Components
Desktop App v0.3.5	Netagent v1.7.0

Aug-2019 Release

1.5 Release Highlights

• GA versions of all components!

Component Versions

Client Components	Enforcement Components
	Netagent v1.5.0