Generally Available Features

• Simplified Entra ID config for end user authentication:

  • Admins can now use the metadata URL to automatically configure Entra ID (using SAML) as an IDP for end users.
  • The metadata URL updates daily, so any changes made in CSE are transferred to the IDP.
  • Admins can now upload the certificate if manually configuring Entra ID using SAML.

• New Filter for Unauthorized Access Attempts via Service Tunnels:

  • Admins can now view end users’ unauthorized access attempts via a Tunnel Policy.
  • Admins can also filter access attempts by Service Tunnel.

Enhancements

• User Attributes are now Collected by CSE Services:

  • Used for infrastructure services and hosted websites; admins can create one service and use the user attribute as a variable to set up user-specific host domains.

Bug Fixes

Remove API key after Access Tier install package.

New hosted web services erroring out due to certificate issues.

Generally Available Features

• New Cloud Secure Edge License Management:

  • Admins can now grant and revoke user licenses as part of the new Cloud Secure Edge licensing model, which includes SIA (Secure Internet Access) and SPA (Secure Private Access licensing.

• Support for a Windows-based Connector:

  • The Cloud Secure Edge now supports Windows-based Connectors, installable via the Windows executable.
  • Supported on Windows version 2022.

• Enhanced Connector Install and Details page:

  • Simplified UI flow for Connector install via all methods.

• Enhanced Service Tunnel Policy:

  • Service Tunnel policies have been adapted to reflect a firewall style in the UI, to promote ease of use.

Enhancements

• ReadOnly admins can now view everything with sensitive details redacted.

Bug Fixes

Connector status reporting was showing the incorrect status colour.

Custom remediation messaging was not being shown in Linux.

Read only admins were unable to view Access Tier details.

Identity Providers were prompting authentication twice in certain scenarios.

Internet connectivity issues encountered when devices were waking from sleep.

Generally Available Features

• New Cloud Secure Edge Licensing:

  • Secure Private Access licenses are now available for customers seeking a VPNaaS or a ZTNA platform.
  • Secure Internet Access licenses are now available for customers seeking compliance or security focused web filtering.

• Name Resolution Policy Table (NRPT) Setting for Windows devices:

  • Name Resolution Policy Table (NRPT) rules tell end users’ (Windows) devices where to send traffic.
  • We recommend that admins enable this setting when the Cisco Umbrella Roaming Client is installed on end users’ devices.

Bug Fixes

Serial number casing changed, which made the app unable to recognize registered devices.

The app was facing technical issues calculating Trust Level directly after a device awakened from sleep.

Generally Available Features

• Event Geolocation Setting:

  • Event Geolocation is now an org-level setting available for admins to configure in the Command Center.
  • This setting allows admins to collect end users’ geolocation data for Event logs, if necessary for their company’s privacy standards or security practices.

• New Geolocation Trust Factor:

  • The Device Geolocation Trust Factor assesses whether devices are in admin-blocked countries.
  • Admins can use this Trust Factor if your org has specific legal, compliance, or expected use requirements that mandate user access be blocked in specific countries.

Generally Available Features

• Define File Properties for RDP Services:

  • Admins can now define additional aspects of RDP service usage by adding file properties to the service configuration.

• Trusted Network Detection:

  • Admins can configure Trusted Networks for end users in their org.
  • A Trusted Network can be configured to automatically disconnect end users from Service Tunnels when Trusted Networks are available.

Enhancements & Updates

• Enhanced Event Chart UI for Troubleshooting:

  • Collapsible UI to enhance visibility for troubleshooting purposes.

• Search Domains: Domain names and FQDNs are now case insensitive.

Bug Fixes

Service Tunnels with certain configurations were not appearing in the Service Tunnels list.

Generally Available Features

• Search Domains:

• Admins can now configure search domains so that end users can use a short-hand search (i.e., a hostname) to navigate to an FQDN, enabling easier use of file sharing.

• Admins can set search domains in order of priority; users are navigated to top priority search domains first. (Last updated April 18th, 2024)

• New Service Tunnel UI:

  • Service Tunnel features a new long-form configuration.
  • Global and Private Edge routing is now configurable via one Service Tunnel.

• Connect on Login:

  • End users can auto-connect to admin-configured Service Tunnels upon app login.
  • Admins can prevent users in their org from changing the auto-connected Service Tunnel.

• System for Cross-Domain Identity Management (SCIM):

  • SCIM can tell the Command Center which users exist at any given time, keeping the list of created and deleted users up-to-date.

Early Preview Features

• Connector Open Virtual Appliance (OVA) Install:

  • An OVA file is available within a Linux-based operating system, with the Connector pre-installed.
  • Admins can run the Connector for their end users via a simple configuration.

• Geolocation Visibility Events:

  • End user location logs are now available in Events log.
  • Access Event Logs can contain geolocation data including city, country, latitude, and longitude.
  • This event is enabled via an API; Work with Banyan to enable it.

Enhancements & Updates

• Global Edge Troubleshooting:

  • When a device is connected to a Service Tunnel, the Device Details page (in the Command Center) will indicate which point of presence (POP) the device is connected to (under the Device Information tab).

Bug Fixes

Admins were unable to create a Service Tunnel for public traffic only without selecting a Connector. (Last updated April 19th, 2024)

Early Preview Features

• Enable URL Filtering:

• Admins can now inspect host URLs within domains that are not considered a threat.

• Admins can configure URL filtering within ITP settings using a PAC file that contains URL inspection rules.

• Event Charting:

  • Admins can now view trends related to user access and service usage within Banyan.
  • Event charting provides a visualization of events within the Command Center.

Enhancements & Updates

• Active Roles in Internet Threat Protection (ITP) Policies:

• Roles used in ITP policies now show as Active.

• Terraform Exemptions:

  • Terraform now supports exemptions within service configurations.

Bug Fixes

• Private domain names were not working as expected in L4 policies in Global Edge deployments.

Early Preview Features

• Create a Custom Public App:

• Admins can now define public apps that Banyan has not already pre-populated in the App Discovery list in the Command Center.
• This new feature allows admins to easily surface, secure, and monitor apps that are critical to their business.

• Support for Oracle Linux in the OS Version Trust Factor:

  • Banyan now supports Oracle Linux 8 and 9 as values in the OS Version Trust Factor.

Enhancements & Updates

• Simplified Silent Cert Authentication:

  • Silent cert authentication now works directly through the API in orgs that have the silent cert auth flow configured; Admins no longer need to maintain the mdm-config file in order for this flow to work.

Bug Fixes

• Authentication issues for devices with ITP enabled in orgs that use JAMF mdm (macOS devices only).

Generally Available Features

• Cloud Command Center User Interface (UI) Re-design:

• Banyan’s Command Center UI has been re-designed for improved usability.
• New navigation categories include Private Access, Internet Access, and Trust.

• Enable Private Resource Discovery:

• Admins can enable private resource discovery in the Advanced Settings of their Access Tier configuration.

• Once enabled, private resources will be displayed in the Discovery section of the Command Center.

• Encrypting DNS via DoT:

• With Banyan app versions 3.14+, devices’ DNS requests are resolved over TLS by default; these requests are encrypted.

• Auto re-enablement of ITP:

• Now, when an end user disables ITP enforcement from the desktop app, ITP is automatically re-enabled after 1 hour.

Early Preview Features

• Silent Cert Authentication for User Sessions:

• Admins can now configure silent certificate user authentication for Mac and Linux devices.
• With this configuration, users will no longer need to manually accept a certificate prompt each time they authenticate.
• This configuration works for any IDP that supports OIDC or SAML.

Enhancements & Updates

• Improved Netagent performance by lowering overall CPU usage.

Bug Fixes

• Banyan app was still using previously configured (outdated) remediation links.

• Zero touch install script (deployed through Kandji) was failing to execute and timing out.

• App login sessions were not refreshing when users selected the Re-Login button.

• AI-assisted admin search was indefinitely loading.

Release Notes Archive - 2023

Release Notes Archive - 2022

Release Notes Archive - 2021

Release Notes Archive - 2020

Release Notes Archive - 2019