Management console and platform services Skip Navigation

Management console and platform services

This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
service or the general experience of the console. Console changes that impact specific
Cylance Endpoint Security
services are described in the respective sections of this guide.

What's new in the management console

Feature
Description
Date added
Administrator controls for discovery of devices not protected by
CylancePROTECT Desktop
Previously, the discovery of devices not protected by
CylancePROTECT Desktop
was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your
Microsoft Azure
Active Directory
,
Microsoft Active Directory
, and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by
CylancePROTECT Desktop
are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to
Cylance Endpoint Security
.
For more information, see Discover unprotected devices in the
Cylance Endpoint Security
Administration content.
Jan 2023
Default authentication
To enhance security, the default authenticator for all apps and services except the
Cylance
console,
CylanceGATEWAY
agent, and
CylancePROTECT Mobile
app has been changed from Enterprise password to Deny authentication.
Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in.
Dec 2022
FIDO
authenticator
You can now add
FIDO
as an authenticator in authentication policies. Users can register one or more
FIDO2
devices during sign in and use them to verify their identity.
Dec 2022
Identify devices not protected by
CylancePROTECT Desktop
The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by
CylancePROTECT Desktop
. Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires
BlackBerry Connectivity Node
2.12.1 or later.
For more information, see Discover unprotected devices in the
Cylance Endpoint Security
Administration content.
Oct 2022
BlackBerry Connectivity Node
enhancements
The
BlackBerry Connectivity Node
now supports identifying devices that are not protected by
CylancePROTECT Desktop
.
Oct 2022
New SAML and Deny authenticators and skip OTP option
Cylance Endpoint Security
now supports integration with third-party IDPs that support SAML (
Azure
,
Okta
,
Ping Identity
) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.
A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented.
Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed.
For more information, see Add an authenticator in the
Cylance Endpoint Security
Setup content.
August 2022
Hide application secrets for custom app integrations with the
Cylance
User API
Cylance Endpoint Security
supports integration with third-party programs using the
Cylance
User API, a set of RESTful APIs. This allows your organization to programmatically manage
Cylance Endpoint Security
settings and configurations. Administrators can customize integration settings to control which API privileges a user has. For security, an API user needs an application ID and an application secret that you generate when you add a custom application in the management console.
A security enhancement has been introduced for existing
Cylance Endpoint Security
tenants. Users with the Administrator role can enable a new feature that permanently removes application secrets from the management console after they are generated, ensuring that they cannot be viewed by any users with access to the
Cylance
console. If you enable this feature in Settings > Integrations, when an administrator generates or regenerates an application secret, it will display only until the administrator dismisses the dialogue or navigates away from the screen. The app secret will not display in the list. To remove your existing application secrets and enable this behavior, you can expand Improved Security Available and click Remove Secret. After you enable the feature, any application secrets that were generated previously will no longer be available to view. You should record existing application secrets before you enable this feature. You cannot revert to the previous behavior that exposes application secrets in the console. You can generate new application IDs and secrets as necessary.
For new
Cylance Endpoint Security
tenants created after July 2022, this feature is enabled by default.
For more information, see Enable access to the Cylance User API in the
Cylance Endpoint Security
Administration content.
July 2022
Enhanced authentication sign in
The
Cylance
console now provides enhanced authentication capabilities, such as local multifactor authentication via one-time password, as well as more granular authentication policies and policy assignment for administrators or groups of administrators. You can also create authentication policies for your tenant to specify the default authentication requirements users must complete to sign in to the
Cylance
console, and to activate the
CylancePROTECT Mobile
app or
CylanceGATEWAY
desktop agent. The password pop-up screen has been rebranded to
Cylance
.
The preview period for enhanced authentication has ended and the updated sign-in flow is now the only method to access the
Cylance
console. Any authentication policies that you applied in your console during the preview period have taken effect.
June 2022

BlackBerry Connectivity Node
version

  • BlackBerry Connectivity Node
    version 2.12.1 (bundle 28.11.0). To download the latest version of the
    BlackBerry Connectivity Node
    , click here.