Management console and platform services
This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Securityservice or the general experience of the console. Console changes that impact specific
Cylance Endpoint Securityservices are described in the respective sections of this guide.
What's new in the management console
Administrator controls for discovery of devices not protected by
Previously, the discovery of devices not protected by
CylancePROTECT Desktopwas enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your
Microsoft Active Directory, and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by
CylancePROTECT Desktopare displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to
Cylance Endpoint Security.
To enhance security, the default authenticator for all apps and services except the
CylancePROTECT Mobileapp has been changed from Enterprise password to Deny authentication.
Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in.
You can now add
FIDOas an authenticator in authentication policies. Users can register one or more
FIDO2devices during sign in and use them to verify their identity.
Identify devices not protected by
The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by
CylancePROTECT Desktop. Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires
BlackBerry Connectivity Node2.12.1 or later.
BlackBerry Connectivity Nodeenhancements
BlackBerry Connectivity Nodenow supports identifying devices that are not protected by
New SAML and Deny authenticators and skip OTP option
Cylance Endpoint Securitynow supports integration with third-party IDPs that support SAML (
Ping Identity) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.
A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented.
Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed.
For more information, see Add an authenticator in the
Cylance Endpoint SecuritySetup content.
Hide application secrets for custom app integrations with the
Cylance Endpoint Securitysupports integration with third-party programs using the
CylanceUser API, a set of RESTful APIs. This allows your organization to programmatically manage
Cylance Endpoint Securitysettings and configurations. Administrators can customize integration settings to control which API privileges a user has. For security, an API user needs an application ID and an application secret that you generate when you add a custom application in the management console.
A security enhancement has been introduced for existing
Cylance Endpoint Securitytenants. Users with the Administrator role can enable a new feature that permanently removes application secrets from the management console after they are generated, ensuring that they cannot be viewed by any users with access to the
Cylanceconsole. If you enable this feature in Settings > Integrations, when an administrator generates or regenerates an application secret, it will display only until the administrator dismisses the dialogue or navigates away from the screen. The app secret will not display in the list. To remove your existing application secrets and enable this behavior, you can expand Improved Security Available and click Remove Secret. After you enable the feature, any application secrets that were generated previously will no longer be available to view. You should record existing application secrets before you enable this feature. You cannot revert to the previous behavior that exposes application secrets in the console. You can generate new application IDs and secrets as necessary.
Cylance Endpoint Securitytenants created after July 2022, this feature is enabled by default.
For more information, see Enable access to the Cylance User API in the
Cylance Endpoint SecurityAdministration content.
Enhanced authentication sign in
Cylanceconsole now provides enhanced authentication capabilities, such as local multifactor authentication via one-time password, as well as more granular authentication policies and policy assignment for administrators or groups of administrators. You can also create authentication policies for your tenant to specify the default authentication requirements users must complete to sign in to the
Cylanceconsole, and to activate the
CylancePROTECT Mobileapp or
CylanceGATEWAYdesktop agent. The password pop-up screen has been rebranded to
The preview period for enhanced authentication has ended and the updated sign-in flow is now the only method to access the
Cylanceconsole. Any authentication policies that you applied in your console during the preview period have taken effect.
BlackBerry Connectivity Node version
BlackBerry Connectivity Nodeversion
- BlackBerry Connectivity Nodeversion 2.12.1 (bundle 28.11.0). To download the latest version of theBlackBerry Connectivity Node, click here.