The past several years have been transformational for many IT departments. Remote work became indefinite and accelerated the adoption of cloud services and extended on-premises resources to the WAN. Identity is foundational to access control, and consequently, identities (not network domains) have become the new perimeter. 探花大神鈥檚 open directory platform makes it possible to incorporate identities from anywhere while managing devices as a gateway. It securely centralizes access to what your team needs to make work happen.
This article provides a recap of the Q1 2023 roadmap webinar and outlines what鈥檚 coming next.
Open Directory Platform
探花大神鈥檚 open directory is not locked down to a single technology stack or vendor. You can mix and match identity sources, authentication targets, and access management environments. Q1 enhancements will simplify the flow for single sign-on (SSO) and identity management integrations, improve application integrations, and begin to automate group memberships. For example, 探花大神 will take action when a change is made in a human resources system.
New capabilities slated for Q1 include:
- Importing user updates
- Scheduled user imports
- Exporting users via REST API (Q2)
- Automated group memberships
- Enhanced app integration flow
- SCIM catalog expansion automates account creation
Modern Authentication
IT admins will make granular decisions about how to authenticate users into the platform by using different technologies for different sources. For example, TOTP and SAML could be used for some services while certificates are required to access others.
This change will first be noticeable in the Admin Portal where we鈥檒l be introducing more multi-factor authentication (MFA) capabilities and the option for more sophisticated password policies. These features will then be mirrored in the User Portal.
Over time, SSO device logins will be leveraged to access other resources. More passwordless options and simpler user flows for third-party authentications will be added later in 2023. In summary, 探花大神鈥檚 new authentication features will include:
- A more secure Admin Portal
- Passwordless options (H2)
- Federated authentication (H2)
Identity and Access Management (IAM)
探花大神 is uniquely positioned to leverage its dual presence in device and identity management to introduce robust conditional access policies. Password Manager and MFA enhancements reduce friction for end users while improving your security posture.
Protecting Against Push Bombs
MFA fatigue attacks are increasing and have been implicated in several . 探花大神 is responding to that risk by introducing several additional protections. Geolocation information was added to notifications in late 2022; and the next steps will be to limit push attempts on the backend, add challenge codes in 探花大神 Protect鈩, and introduce deny reasons. Deny reasons allow a user to flag a malicious request to notify administrators of a potential attack. Admins will then be able to take action by locking the account and revoking any exposed credentials before the attacker can gain access.
Conditional Access Device Posture
探花大神 is combining device management and IAM capabilities to strengthen conditional access rules. Existing rules focus on the user context. New rules will examine device posture prior to making access decisions. For example, confidence is higher when a device is up to date with patches and has antivirus software (EDR) installed. The initial round of device conditions will include:
- Disk encryption (GA)
- OS version
- Antivirus status
- Browser status
Future rule releases will incorporate more sophisticated context scenarios that leverage risk-based evaluations, i.e., detecting and evaluating anomalous user behaviors.
Password Manager
探花大神鈥檚 Password Manager has a decentralized architecture that eliminates master passwords. Master passwords are usually considered a weak point of many cloud-based password management solutions. Consequently, there鈥檚 been significant growth in user adoption and many feature requests from our customers. Deliverables for Q1 include:
- A Safari browser extension
- Password Manager account recovery
- The ability to create shared folders
- New Password Manager policies
- Enhanced account import flows from third-party password managers
- A password health score
- Password Manager logs on Directory Insights
Devices
探花大神 has extended support for Windows by blending its agent-based endpoint management approach with Microsoft鈥檚 mobile device management (MDM) protocols. Patch Management is broadening its release to browsers and popular third-party applications. We鈥檙e also close to an Android enterprise mobility management (EMM) release, broadening our Apple and Linux device policies, and introducing an autonomous device onboarding framework.
Windows Self-Service Onboarding
- Use the standard Windows Out-of-Box-Experience (OOBE) with 探花大神 MDM
- Enroll an existing device via Settings (Add Work Account) or via the 探花大神 user portal (MDM only)
Android Enterprise Mobility Management
探花大神鈥檚 EMM for Android will be certified for Google鈥檚 Android Enterprise to set up, secure, and manage Android devices. This release will have parity with our existing iOS/iPadOS offerings. The initial launch will feature the ability to:
- Enforce device and work profile security
- Lock, wipe, and reset devices
- Drive device compliance
- Search, organize, and distribute apps
Remote Assist
Live Assist: 探花大神鈥檚 free Remote Assist product was released in 2022. Its workflow originated with support tickets, leading to issuing session tokens with explicit user opt-in. We鈥檙e adding the option for support technicians to prompt the user to start a session and the capacity to copy and paste. Significantly, IT admins can now control group or global opt in/out from the Admin console. This provides granular control over application components for compliance.
Silent Assist: IT admins will soon be able to access corporate-owned devices without end users present. This makes it easier for teams to manage IT infrastructure and help behind the lockscreen. 探花大神鈥檚 objective is to deliver full remote monitoring and management (RMM) by the end of the year. Note that sessions have default time limits and don’t persist.
Global CDN for Agent Deployment
A global content delivery network (CDN) will ensure faster agent installs for global customers. Additional servers are presently being introduced.
Patch Management
Browser support: 探花大神 is extending OS Patch Management by delivering simple (but powerful) Chrome management. Features planned for Q1 and beyond are:
- Preset policies for Chrome, Edge, Firefox (Apple manages Safari)
- Policies that are 鈥渦niversal鈥 and apply cross-OS
- The ability to force browser update
- The ability to manage employee browser settings
Enforce third-party apps: Patch Management is moving down the stack to include top enterprise apps. 探花大神 will ensure that your most valuable line of business apps are kept up to date in a very seamless way. Patching helps to make employee workstations more safe and secure.
Policy: Windows Bitlocker Policy Roadmap
探花大神 delivered complete policy controls for encryption on all fixed local disks in 2022 and improved platform behaviors around Trusted Platform Module (TPM) enabled machines.
Customers who have already deployed policies can seamlessly switch on the new options.
| Essential | Enhanced Statuses | All Fixed Disks | Advanced Configuration |
| Out-of-the-box system disk full encryption policy Recovery key escrow for lockout use casesSimple and easy | Support audit use cases and simplify troubleshooting with enriched status reportingView TPM presence on device and status in System Insights | Encrypt all fixed local drivesTPM unlock mechanism for resilience | Encrypt removable drivesFast encryption 鈥 encrypt used space only |
| Delivered | Delivered | NEW! | Future |
More Policies for macOS and iOS/iPadOS
Apple device support is continuing to make significant quarterly progress with the objective of providing the most robust solution on the market over time. New policies for Q1 are:
- A content Caching Service Policy for better network performance
- A Malwarebytes Pre-Built Agent Policy
- A Simple Certificate Enrollment Protocol (SCEP) Policy
- A HTTP Proxy Policy
More Linux Policies
- SSH Timeout Policy
Commands
探花大神鈥檚 commands are one of the most used features in the platform. We鈥檙e introducing templates for command reuse in addition to command triggers that will simplify device onboarding by automatically enrolling new hardware with the appropriate security baselines. You鈥檒l be able to automatically run preset policies and commands on new devices.
Command triggers operate on events such as:
- On Enrollment
- On Next Login
- On Every Login
Default OS groups: Auto-populate newly enrolled devices into a group based on their operating system. A new device will bind to default company policies for an OS, which partially automates your enrollment flow. This reduces management overhead while adding more custom orchestrations and delivering seamless experiences for user onboardings.
Data Services
Our mission is to provide observability, analytics, and insights into activities within the 探花大神 ecosystem. We do this by collecting relevant data at scale, by generating the right events, and by building the right data relations and connections. This is made possible through backend work that helps with compliance and security. This work is focused on:
- Speed: MSP ticket integration.
- Scale: Enhanced infrastructure for faster results, culminating in a 鈥減ush鈥 model to export events (in addition to our existing API) into a SIEM. This is made possible through Apache Kafka and data pools that will increase visibility and responsiveness for compliance and reporting.
- Clarity: Data catalog additions for a common set of attributes and schema across all events.
Other upcoming improvements target widgets, data normalization, and data retention.
Multi-Tenant Portal (MTP)
探花大神 is adding several MSP-specific enhancements that will help you securely and efficiently provide your customers with seamless access to their IT resources.
These include widgets for:
- Creating Users/Devices Page for MTP with bulk action capabilities
- Creating a Command Page allowing commands to be run, created, modified, etc.
- Creating a widget to generate reports across organizations while remaining on the homepage
Data Normalization and Retention
- We鈥檙e extending data retention to 365 days
- We鈥檙e introducing unified data structures across all platforms
- Additional events are being added to support new feature releases
New Reports and Reporting Capabilities
We will focus our efforts on widgets and reporting to align with 探花大神 becoming an open platform and best-in-class device management system. We鈥檙e also beginning to introduce enhancements such as report filtration to make sorting possible prior to report generation.
Try 探花大神
探花大神 offer a to help get you started. MSPs can sign up for a tenant to try out the platform without a formal partnership agreement. Feature requests and roadmap discussions can be initiated within our .听
探花大神鈥檚 features are broadly driven by customer requests, and we鈥檙e humbly soliciting your feedback for suggestions on new OS policies and preferences for event stream processing. You may also request beta program access for our mobile admin app (a popular customer request).
