The Microsoft Entra ID connector now includes filters for overall device and user objects, as well as additional filters for Entra ID groups. These filters give you more control over the data you want to import from Entra ID. We have also updated the data we import from Entra ID to include both these arrays of data.

The CrowdStrike connector now imports software data if you have the CrowdStrike Falcon Discover product.

Additional fields have been added to the SCCM connector.

The Microsoft Defender for Endpoint connector is designed to import devices, vulnerabilities, and security information from Microsoft Defender for Endpoint.

Learn more about Microsoft Defender for Endpoint connector.

It is now possible to execute queries only on devices that are (dynamically) defined in a target. To use this feature, you will first need to create targets via the Edge Intelligence Configuration section. After creating targets, you can select them using the drop-down menu included in the "type your question"-search that is used for executing queries.

Configured column filters are now persistent when saving a query as a favorite. To do so you can add any query of interest as a favorite after applying column filters. The configured column filters are automatically applied when executing that favorite.

The logon Session Details query now reports on an additional category Group policies, along with the duration.

Several queries have been enhanced to include a From and To date time parameter in the Set parameters and targeting configuration dialog. Queries that used to have a Number of days parameter now include a From and To date time parameter.

Introducing a new feature that is dedicated to deploying and running applications and scripts. Key features include:

• Create application packages that can be as simple as downloading and running an installer, or customize the package using actions such as pre-deployment detection logic, copy files or folders, zip/unzip, reboot, or run a script.
• Deploy to individual devices or device groups.
• Integration with Devices. A new action Install App is available in Devices . Also, in Devices you can see what has been assigned to a device by selecting Software > Assigned apps.
• Optionally configure the device to continually check to ensure an application is installed, ensuring compliance for critical applications.
• View up-to-date status of deployments, and use built-in tools for troubleshooting.

Learn more about App Distribution.

This first version supports only Windows devices.

A dedicated extension to bots to provide a dedicated experience for building, monitoring, and scoring surveys delivered with Microsoft Teams. To help organizations measure more facets of their user’s digital experience. This is in early access/phased rollout and if you are interested in test driving this feature please contact us.

A new visual graphic and drill-down to show the status of devices targeted by a triggered bot.

We have introduced the ability to create a draft of a bot. This allows easy saving of progress whilst bypassing the rigorous validation that takes place on a full save. This minimizes the risk of you losing work from failing to save an in-progress bot. A single draft per bot per user is supported. Only your own drafts are visible. You can elect to save a draft at any time and this draft is available from the bot version selector.

Learn more about Bots versioning.

We are in the process of making our Teams bot manifests available through the Microsoft AppStore and making some changes to the configuration process to improve security and configurability. Once this process is complete we will be changing the status of our Teams integration from ‘Beta’ to Production ready.

It is now possible for a Neurons bot creator to further control the end user experience with bot delivered Microsoft Teams messages. The admin can choose whether to display new message cards for each message, or replace a previously delivered bot message card.

Learn more about Teams stage settings.

We have introduced a number of new stages in this release:

• Browser extensions: As well as Chrome there are now additional stages for reporting on the extensions installed in Safari, Edge and Firefox.
• Files in User Profile: Returns the user, quantity and total size of files matching the specified extension which is useful as part of a disk cleanup routine.
• Startup items : This stage can be used to identify processes starting during the logon phase which have a high impact on the logon duration. This also returns the CPU and Disk consumed by processes during startup.
• Web Request (Preview Coming Soon): This stage can be used to interact with both authenticated and open APIs directly from the cloud. It currently supports both basic (Username/Password) and API key authentication which are first created in the credential store. Once authenticated according to the target API requirements, the web request stage can either GET, POST, PUT, PATCH, DELETE and interpret results as RAW, JSON or NONE. It has the ability to map the returned key value pairs to columns which can be used to filter/branch and insert responses as tokens in subsequent stages. It can also loop through arrays as required with an in-built preview functionality.
• Group Policy Update: This will update user, computer, or all policies on a device. This query has two inputs that are used:
  • Force: True or False setting if you want to force the policies to change.
  • Scope: This can be set to All for all policies to be updated. User for just user policies, or Computer for computer only policies.
• Device Driver (Preview): Displays device driver data including status, problem, date installed, version, hardware device ID, manufacturer, device type and name.
• Enable Device Driver: This will enable a disabled device driver. This action needs the following property passed to it: Hardware Device Id - Unique hardware id of the device, this value can may be obtained using the Device Driver query stage.
• Disable Device Driver: This will disable an enabled device driver. This action needs the following property passed to it: Hardware Device Id - Unique hardware id of the device, this value can may be obtained using the Device Driver query stage.
• Add Network Printer: Adds a network printer to the current user session. Connectivity must be available.
• High CPU Process: Query will gather the highest CPU processes that are not part of: system, network service, or local service, or, related to: explorer, taskmgr, softmoncloud, msedge, dwm, or teams. This query returns: ProcessName, Id, Description, Timestamp, Username.
• Set DNS Server: Set Primary or Secondary DNS server on endpoint.
• Delete User Downloads: Delete content from logged in user's download folder.
• Clear Print Spooler: Clears Window device's printer spooler.
• Compress File/Folder: This action compresses all files in a folder or just a specific file. Requires the following properties passed to it:
  • SourcePath - This is the path to the location of the file, or folder to compress e.g. C:\Temp\unzip.zip or C:\Temp
  • DestinationPath - This is the location to save the compressed archive.
• Uncompress File/Folder: This action unzips all files in a folder or just a specific file. Requires the following properties passed to it:
• SourcePath - This is the path to the location of the file, or folder to unzip e.g. C:\Temp\unzip.zip or C:\Temp
• DestinationPath - This is the location to save the unzipped archive.

New patch management KPIs and Widgets added to the Ivanti Neurons Home dashboard. The following KPIs are visible to users with Patch Intelligence entitlements:

• Exploited missing patches
• Devices with known vulnerabilities
• Security Critical patches in the past 14 days

The following KPIs are visible to users with Patch Management entitlements:

• Devices missing patches that are known to be exploited

• Devices that haven’t been scanned for missing patches in over 7 days

The following widgets are visible to users with Patch Management entitlements:

• Compliance reports
• Patch policy by devices
• Devices by exploit & malware type

In the Patch Groups view of Patch Intelligence, a new column was added for Recent changes. This column shows the number of recent changes to the patch group. Changes include: patches added, patches removed, patch group name changes, and patch group archive status. Click on a number to display the Patch Group audit page to view further details. The Patch Group audit page can be filtered to display the Latest changes or All changes.

Learn more about Patch group audit.

In the Set recurrence tab of Scheduling for a Patch Configuration, a new monthly deployment option has been added. When Monthly is selected there is a new option to set the occurrence (First, Second, Third, Fourth, or Last) for a day of the Week (Monday, Tuesday, Wednesday, etc.). For example, Patch Admins can now schedule a patch deployment to occur on the last Sunday of the month or first Saturday of the month.

Learn more about creating a patch configuration.

When configuring a Windows patch deployment, the configuration options for reboot after deployment have been updated to utilize the Ivanti Neurons platform centralized reboot capability. When Reboot after deployment is toggled on for a Windows patch deployment, there are now two options:

• Always
• When Required

The behavior of the reboot, including when the reboot will occur, the ability for the user to: postpone the reboot, defer the reboot until sign out, and cancel the reboot, is now set in the Neurons Policy Group.

Learn more about creating a patch configuration.

Additional columns have been added to Deployment History to provide additional patch and deployment context, new columns include:

• KB number
• Patch release date
• Deployment configuration

Learn more about Deployment History.

When creating or editing a Patch Configuration with Mac Patching enabled, there is now the option to Deploy by severity. Patch Configurations that are set to deploy Mac patches by severity will deploy all patches, including newly released patches, with a vendor severity that aligns to the configured deployment severity.

Learn more about creating a patch configuration.

For Mac devices managed natively from Ivanti Neurons you can perform the following actions on the devices:

Endpoint Vulnerability table:

• Scan now: An on demand task is initiated on each client agent and the results are reported to Device > Patches and to Endpoint Vulnerability.
• Deploy missing patches: Override the current policy settings to initiate a patch deployment of all patches identified as missing during the most recent patch scan on the selected devices.
• Deploy by Patch Group: Initiates a patch deployment of the patches that are contained within the specified Patch Group.

Patches tab of Device Details:

• Scan now: Initiates a patch scan of the devices for all missing patches and the results are reported to Device > Patches and to Endpoint Vulnerability.
• Deploy patches: Initiates an immediate deployment of the selected missing patches.

The following enhancements were made to the Ivanti Neurons for Patch Management API:

• cves-to-patch-group: There is now a GET method that returns a collection of CVE IDs and their associated Patch IDs that exist in the provided Patch Group ID.
• Deployment History: We have removed the int32 status column and replaced it with an enumeration column called more accurately: deploymentStatus.
• Patch Group Audit: We have added a new end point: patch-group-audit. This endpoint enables you to retrieve the set of data items that represents all changes that have occurred to a given patch group. All patches added, removed, and group-level updates are available as documented patch group actions.

Learn more about the Ivanti Neurons for Patch Management API (opens in a new window).

Windows Server 2012 and Server 2012 R2 are scheduled to reach end of support on October 10, 2023. This will be the last Patch Tuesday with general security updates released for these operating systems. Ivanti will provide custom ESU content support for Microsoft Server 2012 and 2012 R2, the custom content for the Microsoft ESUs is available for an annual subscription fee. Ivanti will offer custom content support which allows the Microsoft ESUs to work seamlessly with Ivanti Neurons for Patch Management.

Learn more about Custom Patch Support for Microsoft Server 2012/2012 R2 Extended Security Updates (ESU) (opens in a new window).

Icons that can be published to Intune for use in the company portal are now included for all supported applications. Administrators can also upload and select custom icons if they prefer.

Learn more about Selecting a Product Icon for the Company Portal.

If you do not want to include x86 versions in Intune they can now be excluded.

Learn more about Stopping Publishing x86 Versions.

Administrators can choose from 3 options for application supersedence within Microsoft Intune:

• Offer all versions
• Offer the latest version
• Offer latest after uninstalling previous version

Learn more about managing applications.

We have exposed all of our attributes which will allow us to filter on those attributes in the Device view. This will make it much easier to find the required devices/user records.

There is a more comprehensive list of column options that have been implemented to choose from.

Enhancements have been made to the Remote-Control Tunnel making it more stable and reliable.

If you have the Spend Intelligence entitlement you can now view charts that focus on software costs, including spend year to date and upcoming renewal costs. One new KPI around software reclamation opportunities has also been added.

See Ivanti Neurons Home Dashboard – New Patch KPIs and Widgets.

The option to invite a temporary user to your tenant. You can choose to enable this feature in Admin > Authentication. You can then invite a specified user, with feature administrative access, to the tenant . You can choose to modify the roles associated with this invite and the length of time the account is active for. This feature also provides a local login experience if SSO is enabled with a dedicated URL for the support user to log in.

Learn more about Support users.

You can now specify whether a license has a Per User metric. The License Balance calculations will consider installations of the same product, on multiple devices that all have the same user, and not report an overage.

Learn more about managing licenses.

Reclamation Opportunities under Licensable Software now includes usage from software discovered by Ivanti Neurons for Discovery. Helping you to understand what reclamation opportunities there may be and identify potential cost savings.

Learn more about software usage.

It is now possible to trigger custom actions against multiple devices from the device list view. This is especially useful to customers who leverage scopes and want to empower analysts to roll out remediations to multiple devices under their jurisdiction without needing access to the whole bots feature. Along with this capability is the ability for analysts to view their own bot history and the capability to control from an RBAC perspective which users can execute multiple bots and a per-bot setting to control which view a bot is available from. To enable a bot to be run as a custom action on multiple devices, the Device view published options must be enabled for multiple devices in the bot Trigger settings.

It is now possible to deploy capabilities from the User Workspace Manager (UWM) suite via Ivanti Neurons. The agents of Environment Manager, Application Control and Performance Manager are now available as capabilities of the Neurons agent and configurations can be deployed to them through Ivanti Neurons.

Learn more about Agent capabilities.