Management console and platform services
This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
service or the general experience of the console. Console changes that impact specific Cylance Endpoint Security
services are described in the respective sections of this guide.What's new in the management console
Feature | Description | Date added |
---|---|---|
Administrator controls for discovery of devices not protected by CylancePROTECT Desktop | Previously, the discovery of devices not protected by CylancePROTECT Desktop was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your Microsoft
Azure Active
Directory , Microsoft Active
Directory , and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by CylancePROTECT Desktop are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to Cylance Endpoint Security .For more information, see Discover unprotected devices in the Cylance Endpoint Security Administration content. | Jan 2023
|
Default authentication | To enhance security, the default authenticator for all apps and services except the Cylance console, CylanceGATEWAY agent, and CylancePROTECT Mobile app has been changed from Enterprise password to Deny authentication.Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in. | Dec 2022 |
FIDO authenticator | You can now add FIDO as an authenticator in authentication policies. Users can register one or more FIDO2 devices during sign in and use them to verify their identity. | Dec 2022 |
Identify devices not protected by CylancePROTECT Desktop | The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by CylancePROTECT Desktop . Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires BlackBerry Connectivity Node 2.12.1 or later.For more information, see Discover unprotected devices in the Cylance Endpoint Security Administration content. | Oct 2022 |
BlackBerry Connectivity Node enhancements | The BlackBerry Connectivity Node now supports identifying devices that are not protected by CylancePROTECT Desktop . | Oct 2022 |
New SAML and Deny authenticators and skip OTP option | Cylance Endpoint Security now supports integration with third-party IDPs that support SAML (Azure , Okta , Ping Identity ) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented. Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed. For more information, see Add an authenticator in the Cylance Endpoint Security Setup content. | August 2022 |
Hide application secrets for custom app integrations with the Cylance User API | Cylance Endpoint Security supports integration with third-party programs using the Cylance User API, a set of RESTful APIs. This allows your organization to programmatically manage Cylance Endpoint Security settings and configurations. Administrators can customize integration settings to control which API privileges a user has. For security, an API user needs an application ID and an application secret that you generate when you add a custom application in the management console.A security enhancement has been introduced for existing Cylance Endpoint Security tenants. Users with the Administrator role can enable a new feature that permanently removes application secrets from the management console after they are generated, ensuring that they cannot be viewed by any users with access to the Cylance console. If you enable this feature in Settings > Integrations, when an administrator generates or regenerates an application secret, it will display only until the administrator dismisses the dialogue or navigates away from the screen. The app secret will not display in the list. To remove your existing application secrets and enable this behavior, you can expand Improved Security Available and click Remove Secret. After you enable the feature, any application secrets that were generated previously will no longer be available to view. You should record existing application secrets before you enable this feature. You cannot revert to the previous behavior that exposes application secrets in the console. You can generate new application IDs and secrets as necessary.For new Cylance Endpoint Security tenants created after July 2022, this feature is enabled by default.For more information, see Enable access to the Cylance User API in the Cylance Endpoint Security Administration content. | July 2022 |
Enhanced authentication sign in | The Cylance console now provides enhanced authentication capabilities, such as local multifactor authentication via one-time password, as well as more granular authentication policies and policy assignment for administrators or groups of administrators. You can also create authentication policies for your tenant to specify the default authentication requirements users must complete to sign in to the Cylance console, and to activate the CylancePROTECT Mobile app or CylanceGATEWAY desktop agent. The password pop-up screen has been rebranded to Cylance .
The preview period for enhanced authentication has ended and the updated sign-in flow is now the only method to access the Cylance console. Any authentication policies that you applied in your console during the preview period have taken effect. | June 2022 |
BlackBerry Connectivity Node version
BlackBerry Connectivity Node
version- BlackBerry Connectivity Nodeversion 2.12.1 (bundle 28.11.0). To download the latest version of theBlackBerry Connectivity Node, click here.