Management console and platform services

Administrator controls for discovery of devices not protected by

CylancePROTECT Desktop

Previously, the discovery of devices not protected by

CylancePROTECT Desktop

was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your

Microsoft Azure

Active Directory

,

Microsoft Active Directory

, and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by

CylancePROTECT Desktop

are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to

Cylance Endpoint Security

.

For more information, see Discover unprotected devices in the

Cylance Endpoint Security

Administration content.

Default authentication

To enhance security, the default authenticator for all apps and services except the

Cylance

console,

CylanceGATEWAY

agent, and

CylancePROTECT Mobile

app has been changed from Enterprise password to Deny authentication.

Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in.

FIDO

authenticator

You can now add

FIDO

as an authenticator in authentication policies. Users can register one or more

FIDO2

devices during sign in and use them to verify their identity.

Identify devices not protected by

CylancePROTECT Desktop

The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by

CylancePROTECT Desktop

. Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires

BlackBerry Connectivity Node

2.12.1 or later.

For more information, see Discover unprotected devices in the

Cylance Endpoint Security

Administration content.

BlackBerry Connectivity Node

enhancements

The

BlackBerry Connectivity Node

now supports identifying devices that are not protected by

CylancePROTECT Desktop

.

New SAML and Deny authenticators and skip OTP option

Cylance Endpoint Security

now supports integration with third-party IDPs that support SAML (

Azure

,

Okta

,

Ping Identity

) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.

A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented.

Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed.

For more information, see Add an authenticator in the

Cylance Endpoint Security

Setup content.

Hide application secrets for custom app integrations with the

Cylance

User API

Cylance Endpoint Security

supports integration with third-party programs using the

Cylance

User API, a set of RESTful APIs. This allows your organization to programmatically manage

Cylance Endpoint Security

settings and configurations. Administrators can customize integration settings to control which API privileges a user has. For security, an API user needs an application ID and an application secret that you generate when you add a custom application in the management console.

A security enhancement has been introduced for existing

Cylance Endpoint Security

tenants. Users with the Administrator role can enable a new feature that permanently removes application secrets from the management console after they are generated, ensuring that they cannot be viewed by any users with access to the

Cylance

console. If you enable this feature in Settings > Integrations, when an administrator generates or regenerates an application secret, it will display only until the administrator dismisses the dialogue or navigates away from the screen. The app secret will not display in the list. To remove your existing application secrets and enable this behavior, you can expand Improved Security Available and click Remove Secret. After you enable the feature, any application secrets that were generated previously will no longer be available to view. You should record existing application secrets before you enable this feature. You cannot revert to the previous behavior that exposes application secrets in the console. You can generate new application IDs and secrets as necessary.

For new

Cylance Endpoint Security

tenants created after July 2022, this feature is enabled by default.

For more information, see Enable access to the Cylance User API in the

Cylance Endpoint Security

Administration content.

Enhanced authentication sign in

The

Cylance

console now provides enhanced authentication capabilities, such as local multifactor authentication via one-time password, as well as more granular authentication policies and policy assignment for administrators or groups of administrators. You can also create authentication policies for your tenant to specify the default authentication requirements users must complete to sign in to the

Cylance

console, and to activate the

CylancePROTECT Mobile

app or

CylanceGATEWAY

desktop agent. The password pop-up screen has been rebranded to

Cylance

.