Connect to Ivanti Neurons for Discovery & Service Mapping to increase overall visibility of your data center environments and corporate network by importing all discovered hardware into Ivanti Neurons.

New scan Status column for each network range. Hover over the progress bar to display further status information, such as the scan types, number of target IPs in the network and scan duration. The scan Status can be found in Admin > Discovery > Discovery Scans.

Learn more about Scan Status.

Additional column filters have been added to query table views. This adds the necessary flexibility of filtering on results of interest. The filters are taken into account when exporting data from the table view.

It is now possible to copy and paste workflow content between workflow instances (including between Healing and Workspace) as well as between tenants.
Use this capability from within the workflow editor:

1. Use CTRL+A (or CTRL+multi-select) to choose the stages to copy.
2. Use CTRL+C to copy to clipboard.
3. Use CTRL+V to paste the copy in the destination workflow.

These key combinations are also the same on Apple Mac devices.

All stages copied must be installed on the destination server. If the source tenant contains reusable library nodes, the content from these will need to be recreated on the target tenant before the workflow can be saved.

The Service State stage can now be used to take action to heal. If a service is not present on a device, the stage will return a result with category 'not_found', which can be filtered upon to take further action.

The App State stage can now be used to report on missing software. If the specified software title is not found, the stage will return a result with category 'not_found', which can be filtered upon to take further action, such as installing software.

Introduction of Patch Groups. Patch Groups allow you to organize patch information within the Ivanti Neurons Platform in a way that is relevant to your environment. For example, a Patch Group can be created to include only patches that have been approved for a patch deployment or patches that were released on Patch Tuesday with a severity of Security Critical.

Patch Groups can be created, viewed and managed in Patch Management > Patch Intelligence, and then associated with a Patch Configuration and deployed in Patch Management > Patch Settings.

Learn more about Patch Groups.

Sometimes a patch cannot be downloaded directly from the vendor by Ivanti Neurons for Patch Management. This can happen for a number of different reasons. For example, the patch might be an ISO that represents a missing Windows 10 product level, it might be an old patch that has been removed by the vendor, a login to the vendor website might be required to access the patch, or, the patch might have been only available via a temporary patch link, etc.

If a patch cannot be automatically downloaded from the vendor by Ivanti Neurons for Patch Management, the phrase ‘Sideload Required’ will be displayed in the Download Status column of the Patch Summary in Patch Intelligence.

The Sideload action in the Patch Detail panel, adds the patch file to the Pending Sideloads section in the Manage Sideloads tab on the Patch Intelligence dashboard. Pending sideloads are ready for file selection to upload to Ivanti Neurons. The file goes through a series of verification scans before it can before approved. Once approved, it can then deployed in the usual manner.

Learn more about how to Patch Sideloads.

In the Patch Configuration detail view, a new Show summary button is now available above the details panel. Click the button to display a summary of your custom patch configuration options.

The Deployment Behavior area enables you to configure what patches will be deployed. Two new options are now available:

• Filter by Vendor/Product: Allow patches for the vendors, product families and product versions that you specify to be deployed to endpoints.
• Deploy by Patch Group: Specify one or more patch groups that contain the patches that you want to deploy. This is a good way to make sure that only approved patches are deployed.

Learn more about these options in the Patch Settings topic.

In the Endpoint Vulnerability Device Summary and on the Patches tab of Device Details, a known exploit indicator icon is now displayed for devices with at least one missing patch tied to a CVE that has been exploited.

Learn more about Endpoint Vulnerability.

In the Endpoint Vulnerability view, select a device in the device summary table to enable the Actions menu. The new Actions menu includes two options:

• Deploy missing patches: When the selected device has missing patches, the Deploy missing patches option allows you to deploy the missing patches to the device. The missing patches will be deployed to the device and, if required, the device will reboot immediately following the successful deployment of the patches. If the user is logged on, the reboot action will be forced after one day. A countdown time-out of one hour will be displayed to the user and an OS shutdown message will display to the user for 60 seconds. The user will have the option to extend the time-out for up to 10 minutes.

• Scan now: Initiates a patch scan for all missing patches on the selected device.

Two new action buttons are now available on the Patches tab of Device Details:

• Scan now: Initiates a patch scan of the selected Cloud-managed device.

• Deploy patches: Initiates an immediate deployment of the selected missing patches. The missing patches will be deployed to the device and, if required, the device will reboot immediately following the successful deployment of the patches. If the user is logged on, the reboot action will be forced after one day. A countdown time-out of one hour will be displayed to the user and an OS shutdown message will display to the user for 60 seconds. The user will have the option to extend the time-out for up to 10 minutes.

Ivanti Neurons Patch for MEM extends existing Microsoft Intune implementations to include third-party application updates. Its threat and patch intelligence help organizations properly prioritize remediation of third-party software vulnerabilities.

Ivanti Neurons Patch for MEM helps you drive an adaptive security strategy purely in the cloud with actionable intelligence for risk-based prioritization. Ivanti Neurons Patch for MEM provides comprehensive third party patch publication capabilities.

Key features:

• Extend Microsoft Intune with third-party patch management.
• Proactively patch against active exploits.
• Avoid failed patch deployments with patch reliability insight.
• Streamline patch management processes.

By leveraging Ivanti Neurons Patch for MEM, organizations can better protect themselves from data breaches, ransomware and other threats that stem from vulnerabilities in third-party applications.

Learn more about Patch for Intune.

Customers can now navigate much faster and find required license or spend information either by using a new expanded menu on the left or by typing contract number, product name or vendor name in the Search field.

Learn more about Spend Intelligence.

On the Software Insights page some charts may take longer to load because real-time calculations involving large amounts of data are happening. Customers can now enable a Pre-Calculate option that improves the page viewing experience. This new setting is under Software > Admin > Software > Software Insights.

Learn more about Configuration and administration.

We are breaking away from dependency on OKTA. Organizations that do not have OKTA or any other single sign-on solution in place can now use Adobe SaaS and Salesforce SaaS standalone connectors.

Learn more about SaaS Management.

With the expansion of remote work and an ever more complex technology set, it is more important than ever to manage digital employee experience. As part of Digital Employee Experience Management, we have introduced the Digital Experience Score (DEX Score) to quantify and measure digital experiences for devices. Making use of a curated set of indicators, hybrid machine learning, and statistical models as the scoring engine, a Digital Experience Score between 0-100 is calculated for each device.

Key features:

• Score is calculated using Service Management, Device, Security, and Application Indicators that provide a comprehensive view of digital experience.
• New DEX Score column added to Devices page.
• New Digital Experience Score page under Device Details page where potential issues and recommended remediations can be seen.
• Further drill down to see all Indicators used to calculate DEX Score for that device.

Learn more about the DEX Score.

Agent Policy now supports Patch Management as a new Action to be deployed to selected endpoint devices. Through Agent Policy you can also associate a Patch Management configuration to be installed to the devices within the Agent Policy Group.

Ivanti Neurons for Patch Management provides zero trust security capabilities and brings a continuous vulnerability management experience to help organizations manage vulnerabilities from detection through to remediation.

Learn more about Agent Policy and Patch Management.

Associating a Patch Management configuration to an Agent Policy Group can also be performed directly from within Ivanti Neurons > Patch Management > Patch Settings, so that configuring and deploying patch management can all be performed using a single user workflow. This is achieved via the Associations tab within the Patch Management settings.

Learn more about Patch Settings.

A specific Deployment Representative can now be assigned as the Elected Scanner, to perform discovery scans on each configured IP Range. This ensures discovery will find all subnet devices for organizations that have separate sites or segregated networks. Furthermore, subnet configured scanners will ensure active scans return the MAC address, and NetBIOS name, of the discovered devices, without the need for additional remote inventory or SNMP Scans.

Performing a remote inventory, or SNMP scan, alongside the active scan will return MAC address and NetBIOS information.

Learn more about Discovery Scans.

Connect to Ivanti Cherwell Service Management to import devices from Cherwell Service Managements CMDB and further increase visibility of your entire hardware estate.

For the table view of a query, you can now change the number of results shown per page.

Internet latency is now introduced as a new standalone sensor that queries the internet latency across all you devices.

The event log details query can be accessed via the Count column that is present on the Event Log Summery query. The UI when configuring parameter on the event log details has been improved so that all records are available in the Windows Event Viewer.

Improvements to the Server State stage; you can now identify devices where the service is not found by using the Category column. In order to take advantage of this in existing Neurons workflows that are using this stage, you need to delete and re-add the stage from the Neurons workflow.

New supersedence logic has been introduced so that when breaking updates are made to stages, we will honor the previous version of the stage in the existing workflows, but the ability to save the Neuron workflow will be blocked until the existing stage is deleted and re-added from the library.

Ivanti Endpoint Manager is no longer a pre-requisite for this smart advisor. The Ivanti Neurons agent will now also populate the Device Stability Smart Advisor.

Machine Learning Lab is the new centralized location to train and deploy machine learning models. Take advantage of the advancement in Machine Learning without the data science expertise. We have selected and implemented the machine learning algorithm, you simply provide the data to train the models.

The first model available in this release is Ticket Classification. Once a model is trained and deployed, Ivanti Neurons for ITSM can automatically categorize your incidents.

Key features:

• Create and train new models by uploading training data and optional stop words.
• Evaluate model accuracy.
• Deploy trained models.
• View a list of models you have trained or deployed.

Learn more about Machine Learning Lab

Ivanti Neurons for Patch Management is a cloud patching solution. It combines the asset information and device risk insights of Ivanti Neurons with risk-based prioritization and comprehensive patch management capabilities to drive an adaptive security strategy. The cloud patching solution is available for your Windows-based machines and includes the ability to patch products from both Microsoft and third-party vendors. The key patch management features include:

• The ability to assess the risk posture of the devices in your environment using the Endpoint Vulnerability component.
• The ability to gather and aggregate data in order to manage, prioritize, and streamline your patching environment using the Patch Intelligence component.
• The ability to drill into your recent deployment operations to identify trends, zero in on exceptions and quickly troubleshoot any issues using the Deployment History component.
• A multi-function Ivanti Neurons agent that safeguards your devices. Upon installation, the agent will perform a patch scan of each device and report the results to the Ivanti Neurons Platform, providing immediate visibility into the risk posture of each device.
• The ability to create one or more custom patch configurations that define how patches will be deployed by your agent machines.

If you are a new customer, you can immediately begin using the cloud workflow. If you are an existing customer using an Ivanti on-premise patching solution, you can begin your journey to the cloud using a hybrid approach. You simply configure a connector that will import your on-premise data into the Ivanti Neurons Platform. This enables you to view, monitor and manage both your cloud and on-premise machines from a single web interface. You can transition the management of your devices from the on-premise patch management console to the cloud at your own speed.

Patch Intelligence has moved from Ivanti Neurons Platform > Software menu, to the new Patch Management menu.

Available menu options are license dependent. Customers that have purchased Patch Intelligence will only see Patch Management > Patch Intelligence. Customers that have purchased Patch Management will see Patch Management > Endpoint Vulnerability, Patch Intelligence, Deployment History and Patch Settings.

New Management column in the Patch Detail > Unpatched Devices tab provides the name of the agent managing the device, which will either be; a supported Connector, or Ivanti Neurons. If a device is managed by multiple Connectors, it will display the most recent patch status. Having multiple Connectors reporting on a device can provide conflicting information due to differing schedules, deployment results, and assessment results. We recommend managing endpoint devices with a single Connector and are indicating in the UI that multiple connectors are reporting for a device.

Learn more about Patch Details.

Scopes define the devices and users Ivanti Neurons members can see and manage. Once an Ivanti Neurons Administrator assigns a scope to a member, that member will only see the devices and users the scope allows.

Use scopes to define which devices and people members can see and manage. Administrators can create a scope containing a static list of devices or they can create a scope that works dynamically based on filters.

Learn more about Members, roles, and scopes.

App Registrations is a new authentication mechanism to allow selected Ivanti applications to securely connect to Ivanti Neurons in order to interact with specific APIs. The initial supported integration is Ivanti-hosted Cherwell Service Management.

Learn more about App Registrations.

When adding an Azure SSO client secret, you can now specify a Client Secret Expiry Date. Reminders will be sent via email and UI banner ahead of the secret expiring, to prompt administrators to take action and review before the secret expires and interrupts service. A banner will be shown and email sent to users with the admin role, 28 days before the expiry. Further emails will be sent 7 days prior, and a day before expiry.

Learn more about how to Update Client Secret.

The agent client is a multi-function program that safeguards an endpoint device. It tracks the status of the machine and performs actions that are configured by the program administrator. It can perform periodic scans to detect all missing patches and product levels, and it can deploy any missing patches and product levels in order to close security holes in the software.

Learn more about Agent Client.

Improvements to the import templates, which make importing contract and transaction records simpler and more robust.

Performance improvements, faster connection remote control connection times to a device.

UI design enhancements.

Target specific areas of an organizational network in which to find devices, using just a single agent, across different subnets. This helps in the situation where an IT administrator does not want to install a Deployment Representative on every subnet, or, if there are subnets without any Windows devices, where it is not physically possible to install the Deployment Representative.

Network Targeting enables IT Admins to manually create IP address ranges or import an existing list of known ranges from a file, to minimize administrative overhead. Active, Remote Inventory and SNMP scans can be started, stopped, or automatically scheduled, for each individual network segment. Active scans now utilize ICMP to enable device discovery across subnets, all from a single Deployment Representative, to alleviate load on the network and reduce ongoing maintenance.

To learn more, see Discovery Scans.

Previously, multiple Policy Groups were processed sequentially, which could result in impeded deployments of agent and capabilities to endpoints if the processing of an earlier Policy Group became stalled. In addition, devices not showing a state of ‘complete’ could not be removed from those Policy Groups, causing further obstruction.

With Concurrent Deployment, Policy Groups are now processed simultaneously to ensure rapid and accurate deployment of agent and capabilities to endpoints. Devices can also now be removed from Policy Groups irrespective of their state.

Settings for both active and passive discovery have been updated to give a much cleaner experience and delineate between the two different types of discovery methods. Previously, the use of pop-out panels for Discovery Settings restricted space. In addition, the user workflow could be interrupted if the user needed to add credentials as part of the configuration.

The UI has been re-worked to include full-screen configuration, future proofing the solution for additional discovery options. In addition, in-line creation of Credentials is now possible, allowing the user workflow to remain uninterrupted.

To learn more, see Discovery Settings.

Connect to Google Chrome Enterprise to increase visibility of your Google Chrome OS environment and provide a centralized management console to make your frontline analysts even more efficient.

The Google Chrome OS connector can both import all your Google Chrome OS devices into Neurons for complete visibility with your other IT devices and enables analysts to manage these Google Chrome OS devices without having to log into Google Chrome Enterprise. Actions like rebooting, moving the machine to another OU, or wiping the device, are all supported.

Connect to Qualys to increase visibility into device vulnerabilities across your environment and start the process of vulnerability lifecycle management to ensure your environment is fully secure.

Qualys provides in-depth device vulnerability results that help illuminate gaps in your security attack vector. Once these vulnerabilities have been uncovered, you can leverage Ivanti Security Controls or Ivanti Endpoint Security for Endpoint Manager to address those vulnerabilities.

Connect to Ivanti Endpoint Security to increase visibility into installed and missing patches per device. Leverage the insights of Ivanti Neurons for Patch Intelligence to prioritize vulnerabilities based on active risk exposure, reliability and compliance to achieve faster SLAs and improve operational efficiencies.

You can now create an alert on application errors. This alert allows you to automatically monitor application crashes that occur on client devices.

A new sensor has been introduced that allows you to view Edge browser extensions that are installed on your client devices.

A new sensor has been introduced that allows you to view Firefox browser extensions that are installed on your client devices.

We have expanded our self-heal toolbox of actions with new delete file and folder stages to allow straightforward removal of content from Mac or Windows endpoints.

We have enhanced the Filter result stage to allow the filtering of both passed-through properties of Edge Intelligence backed queries, as well as custom queries via a new ‘custom property’ entry in the properties list.

We have enhanced our Teams Beta stage to allow messages to be sent to a preset recipient, or to be sent to the initiator of a custom action from the device view.

Machine Learning Lab is the new centralized location to train and deploy machine learning models. Take advantage of the advancement in Machine Learning without the data science expertise. We have selected, implemented the machine learning algorithm, you simply provide the data to train the model.

The first model available in this release is Ticket Classification. Once a model is trained and deployed, Ivanti Neurons for ITSM can automatically categorize your incidents.

Machine Learning Lab features:

• Create and train new models by uploading training data and optional stop words
• Evaluate model accuracy
• Deploy trained model
• View a list of models you have trained or deployed

Addition of macOS patches in the All Patches and My Environment tabs of Ivanti Neurons for Patch Intelligence. In addition to adding the macOS patches, the user interface was updated to reflect support for multiple platforms. These updates include the addition of a Platform column to the All Patches and My Environment grids that can be used to filter by Windows and macOS. To learn more, see Patch Summary.

You can now use the macOS insights in Ivanti Neurons for Patch Intelligence to protect your organization from security threats, and evolving risks, by reducing time to patch and prioritizing the most critical patches for deployment.

Enhancement to the workflow for renewing expired client secrets when using Microsoft Azure SSO. It is now possible to reset the client secret without needing to re-apply the whole configuration. To learn more, see Update Client Secret.

As part of our continuous endeavor to maximize security of Ivanti Neurons we have enhanced our anti-automation attack controls. This is subject to a phased roll-out and may result in users needing to perform Captcha based anti-bot verification upon Ivanti Neurons login.

Typically, most of your contract data will be imported into Ivanti Neurons for Spend Intelligence from spreadsheets. However, from this release, you can also create, update, and delete contracts manually from the Contracts dashboard in the License Manager component. To learn more, see Contracts.

The existing feature that enables you to create, update, and delete transactions manually has also been enhanced by providing a list of matching vendors to choose from when you start typing in the Vendors field. This helps you to enter consistent vendor names that match vendors in the Ivanti SKU Library.

Scopes define the devices and users Ivanti Neurons members can see and manage. Once an Ivanti Neurons administrator assigns a scope to a member, that member will only see the devices and users the scope allows.