Version 2023.3 September
Ivanti Neurons for Patch Management
The following enhancements have been made to Patch Management to support Mac patching:
- Deploy by severity is now available for Mac patching.
- Context Action Deployment in Endpoint Vulnerability and the Device view:
- You can now use the Deploy missing or Deploy by Patch Group actions on Macs from Endpoint Vulnerability.
- You can now deploy selected missing patches for Macs in the Patches tab of the Device Detail view.
The Ivanti Neurons Platform now centrally handles reboot requests to prevent conflicts from different Ivanti Components. For Windows post-deployment reboots, Patch Configurations include the option to turn off post-deployment reboots, always require post-deployment reboots, or require a post-deployment reboot only when required.
Further options, including the device user post-deployment reboot experience and deferment options, are now configured within a Policy Group in Agent Management. Existing reboot settings have been migrated from the assigned Patch Configuration to the Centralized Reboot settings for the policy group.
Learn more about Agent Policy - Centralized Reboot.
Ivanti Neurons Platform
Ivanti Neurons platform, installed engines may require reboots on the endpoint due to pre-requisites or updated components. If using agent policy to install multiple capabilities such as Patch Management and App Distribution (coming soon), each engine may request its own reboot.
By exposing reboot options in the Ivanti Neurons user interface, you are able to make use of platform wide reboot capabilities to suppress multiple reboots into one, and display endpoint notifications with reboot options for end users, such as the ability to cancel or defer a reboot.
In this first iteration, Patch Management’s post-deployment reboot options will use this new capability, whilst its pre-deployment options will still need to be configured in the Patch Management area of the user interface. We’re looking to address this next quarter, by adding in reboot criticality levels, which will satisfy both pre- and -post deployment reboot options centrally, all under Agent Policy.
Learn more about Reboot Requests.
Version 2023.3 July
Ivanti Neurons for Discovery
Until now, Agent Policy was incorporated as part of the Ivanti Neurons Discovery SKU. Other Neurons capabilities, such as, Patch Management, rely on Agent Policy to deploy their engines and configurations. In this release Agent Policy has become part of the Ivanti Neurons Platform SKU decoupling it from Ivanti Neurons for Discovery.
By de-coupling Agent Policy from Discovery, is more cost effective allowing customers a choice over SKUs. It also allows streamlined delivery of fixes and enhancements with less dependencies.
An additional benefit of decoupling is that Agent Policy can now be used to deploy agents to a list of endpoints imported by connectors. Previously, you could only deploy agents to devices discovered via a Discovery scan.
Changes to the UI:
- Ivanti Neurons Platform main menu > Discovery will now only display if the Discovery SKU is enabled within an organizational tenant.
- The Discovery Agent is now referenced as the Deployment Representative Agent.
Learn more about Discovery
Additional filters for Azure AD groups and tags. These filters give more control over the data to import from Azure AD. We have also updated the data we import from Azure AD to include both these arrays of data.
Learn more about Microsoft Entra ID connector
Additional filter for VM status. This filter provides the ability to only import virtual machines that match the status as defined in the filter.
Learn more about VMware vCenter connector
You can now delete the data that was imported from a given connector. The ability to wipe connector data is available as a separate action in the Connectors list, when deleting a Connector, and when deleting a Connector Server. The wipe data action will delete any data that was imported from a connector and leave all the other data that was either discovered, inventoried, or imported from another connector. If the only data for a particular record was imported from the connector, then the entire record will be deleted.
Additional filter for Scope Tag. This filter gives more control over the data to import. These filters are created and maintained in Intune and require the DeviceManagementRBAC.Read.All permission within the Azure Active Directory app.
Learn more about Microsoft Intune connector
Within Discovery Settings > Passive Discovery > new option to disable Domain Name System (DNS) reverse lookups, where DNS is unreliable causing incorrect name resolution.
Learn more about Passive Discovery.
Ivanti Neurons for Healing
New Trigger History button on the bots landing page taking you to the Trigger History page, which provides a chronological list of bots executed. The data available at the bot level trigger history now includes start/end times and duration.
Learn more about Trigger History.
New stage that integrates with Ivanti Neurons for ITSM. This stage creates or updates ITSM tickets. The Stage setting fields are dynamically fetched from the default incident form on the Neurons for ITSM server. The stage attempts to detect the user of the device and will raise them as the customer, and also attempts to auto-link the CI. If either of these fail, a Journal note is created using the Fallback email if required. Variables from earlier stages or inputs can be used. The Update ticket from stage field, both prevents duplicate tickets being created when a ticket exists that is not in a closed/resolved state, and provides the ability to use the same reference number in another instance of the stage to post updates or change status.
Learn more about the stage Create or update ITSM Ticket
Create or update an ITSM event against a CI – The event can use a combination of human created, or text from variables, and dates can be set with parameters.
Collect qualitative information from end users by rendering a text input box. For example, ask the end user to confirm symptoms, find a convenient time to troubleshoot, or, add context behind a poor survey result. Filter or use the text to pass into another stage, for example, such as create an ITSM ticket using the detail.
Learn more about MS Teams Stages.
Capture quantitative rating information from end users by using star, emoji, or radio button scales. In the future this stage will be extended to facilitate the update of the DEX score.
Learn more about MS Teams Stages.
Use tokens in filters to allow the comparison of values between different stages
To help understand the purpose and usage of a stage, click the new icon on a stage to display the Stage information panel.
Provides the ability to target the bot against a randomized pool of devices as a percentage subset of the target group. This is especially useful when you want to get proportional representation of a survey against users but without creating survey fatigue by polling all users all the time. It is also useful to support the phased rollout of a new bot to allow it to get utilized at a smaller scale first, if it carries potential risk (e.g. heavily customized with lots of code).
The Target scope field is available:
Ivanti Neurons for Patch Management
Ivanti Neurons for Patch Management is expanding to include agent-based patch management capabilities for macOS and Mac third-party patching, capabilities include:
- macOS support for Big Sur, Monterey, Ventura
- Support for current ARM technology (including M1 and M2)
- Support for Intel Mac Systems (including the T2 TPM chip)
- Ability to collect volume owner credential information with the Ivanti Neurons Agent to support macOS patching for Apple Silicon and Intel T2
A unified user interface brings together Windows and Mac patch, device risk, compliance insight, and deployment history information together in Ivanti Neurons for Patch Management. Patch Configurations have been expanded to include options for Mac patching, allowing for Mac-only patch deployments or patch deployments that can cover both Windows and Mac devices.
Mac Patch Management capabilities have been added to the existing Ivanti Neurons agent. Deploy the Ivanti Neurons Agent to Mac devices in your environment and enable Patch Management for the Policy Group configured for Macs in your environment to start triggering Mac patch scanning.
Save and make a new Patch Configuration active for the Neurons Policy Group(s) with Mac devices in your environment or add Mac deployment behavior capabilities to an existing Patch Configuration to patch Mac devices with Ivanti Neurons for Patch Management.
Learn more about Patch Management.
A new integration between Ivanti Neurons for Risk-based Vulnerability Management and Ivanti Neurons for Patch Management allows Ivanti Neurons for Risk-based Vulnerability Management users to quickly add the CVEs tied to prioritized findings to a Patch Group in Ivanti Neurons for Patch Management. This new integration enables Ivanti customers to eliminate the manual steps and time lost when Security teams manually export prioritized CVEs to a CSV file that has to be passed to the Patch Administrators for manual follow-up.
In Patch Configurations, a new toggle has been added to the top of the deployment options for the Windows and Mac tabs of deployment behavior. When the deployment toggle is on the Patch Configuration will deploy the configured patches.
Turn the deployment toggle off to prevent the deployment of patches. To create a scan-only Patch Configuration, turn the deployment toggle off in the Windows and Mac tabs so both tabs are listed as inactive.
Learn more about Creating a Custom Patch Configuration.
The following enhancements have been released for the Compliance Reporting capability in Ivanti Neurons for Patch Management:
- A read-only view can be configured in the Permissions tab of a new or existing role by enabling the Default Access permission and clearing the Create & Modify Compliance Reports option under Compliance Reporting.
- Summary details have been added to the top of the Compliance Report view.
- In the create and edit a Compliance Report user interface, a link has been added to quickly learn more about the Vulnerability Risk Rating (VRR) score.
- Expanded search capabilities for columns in the Compliance Report device detail view have been added, including Notification, KB number, Patch name, Vendor, and Type.
Learn more about Compliance Reporting.
Additional Ivanti Neurons for Patch Management enhancements released in response to user feedback:
- In the Patches tab of Device Details, the source of the patch scan data and timestamp information is displayed above the grid of patch data.
- Bulk export data from the Deployment History grid.
- Improved scroll functionality in the data grids.
- Expanded right-click actions to open selected views in a new tab to drill into the details or to open a new view without leaving your current view.
- When using the Deploy missing patches action in Endpoint Vulnerability, a new speedbump modal has been added to provide additional context for the patch deployment that will be triggered when the deployment action is taken.
- A column has been added to Endpoint Vulnerability for the Last patch install date.
- The ability to delete smart filters has been added to Endpoint Vulnerability and Deployment History.
Ivanti Neurons Patch for Intune
Administrators can now customize and manage the application installers with parameters unique to their environment. This is also a time-saving feature.
Users can now easily use the groupings/filters they have already created within the Microsoft Intune UI. This allows the use of existing Microsoft Intune filters, to narrow down devices within selected groups by including or excluding devices based on these filters.
Learn more about Group Options.
Third-party updates can now be recognized and managed within a scope setup in the customer’s Microsoft Intune environment. This enables each department to manage applications independently from each other, while still using a single Microsoft Intune environment. Each department requires a separate Neurons Patch for Intune tenant. Only one Microsoft Intune environment is necessary, and organizations can separate and isolate applications from other areas of the company that are not part of their environments.
Learn more about Connecting to Your Intune Tenant.
Select different groups for both Required and Available in the management UI, so that apps can be set as Required for some groups and just as Available in Intune for others at the same time.
Learn more about Managing Products.
Ivanti Neurons Platform
New tenants will be provided with a revamped onboarding page, in which we guide users through some of the key configuration processes. Once an agent or connector has been set up, the landing page switches automatically to a dashboard view. The dashboard is a centralized hub that provides you with a holistic overview of your IT organization's performance.
Key dashboard features:
- Bring together key metrics, performance indicators, and visualizations across devices, users and software inventory.
- Organization DEX score is available to users with Workspace entitlement.
- Drill-down from charts to list of devices and users for actionable insights.
- Configurable KPI by picking the desired KPI from pre-defined list.
Learn more about Dashboards.
We have added the ability to modify the Neurons browser timeout. Located under Authentication settings this allows the admin to modify the global inactivity timeout from the default 30 minutes to 15, 30, 60 mins, 4 or 8 hours.
Learn more about Session Timeout.
Two new app registrations to support the new integration with Ivanti Neurons for Risk-based Vulnerability Management:
- IN4RBVM Patch Group Admin: supports the creation of patch groups.
- IN4RBVM Patch Group Editor: supports the editing of existing patch groups.
Ivanti Neurons for Spend Intelligence
You can now specify whether a license has unlimited use rights, often known as a site license, which entitles all users associated with a specific site or region to use a piece of software. The License Balance calculations now take into account Unlimited Licenses.
Learn more about Comparing your liabilities and entitlements.
Launch Count and Minutes Used columns have been added to the Reclamation Opportunities page, providing a more detailed view of application usage.
Ivanti Neurons for Workspace
Optional indicators added from the Catchpoint connector to Device DEX Score calculation to provide a richer, more comprehensive measurement of digital experience. Catchpoint Application Score is incorporated into the Application Domain, whereas Catchpoint Network Score will be incorporated into Device Domain. Deep links are provided to navigate from Ivanti Neurons Platform to Catchpoint.
As part of the new landing page dashboard, we now provide you with insights into the digital experience aggregated at the company level. The new Organization DEX Score is calculated from all the People and Device DEX Scores in your tenant and ranged between 0 and 100. As such, you can drill down to the devices and users with poor digital experience, remediate, and improve your DEX Score. We provide additional insights by breaking down Organization DEX Score into Device, Service Management, Security and Application scores so you can proactively monitor key components of your IT organization that contribute to overall business success.
Learn more about DEX Scores.
Employees are a company’s greatest asset. So, in this release we are introducing Digital Experience Score for users (People) to help you measure and quantify their digital experiences. Ranged between 0 and 100, People DEX Score is calculated from the scores of the devices the users own and the incidents they submitted.
- A DEX Score column has been added.
- A DEX Score tile has been added to People Overview page where a summary of the potential issues and recommended actions can be seen.
- The Devices tile under the People Overview tab now displays the DEX Score for each device.
- A new DEX Score tab has been added to provide a per-device breakdown. In this tab you can view the DEX Score and recommendations for each of the devices the user owns. The Service Management tile in this tab provides additional insights on how the incident sentiment, number of days open, urgency and priority affect the DEX Score.
You can now create People groups. Similar to Device groups, you can create any number of public or private groups of people for quick filtering.
Learn more about Grouping People.
Analysts can now trigger a custom action to run and receive a toast notification to confirm the action has started, and the completion status. This means that the custom action (bot) dialog can be closed and the bot will continue to run in the background (which is the original behavior) but the analyst can get back to the results at any time by clicking the details link in the notification.