Early Preview Features

• New Risk-based URL Filtering:

  • Admins can now enable risk-based URL filtering to inspect and determine threats associated with host URLs; if threats are detected, end user access will be blocked.
  • Admins can configure URL filtering within Internet Threat Protection (ITP) settings in CSE.
  • This preview feature is available for customers with an SIA Advanced license.

Enhancements and Updates

• New Service Tunnel logging of connections and disconnections to Service Tunnels; These logging messages can be found under the Access event type.

• Use Geolocation is now enabled by default in Advanced Settings, for more convenient use of the Geolocation Trust Factor.

• Service Tunnel Connect on Login is now enabled by default.

• Real-time Trust Factor assessments have been enhanced and now include local checks on the CSE app every minute as well as cloud syncing of any changes within this interval.

Bug Fixes

• Service Tunnel was delaying disconnecting and connecting due to excessive DNS cache entries.
• Advanced Settings were resetting to default when modifying configurations.
• Events page in the Command Center was not loading.
• Trust Profile changes were not appearing in system logs.
• Events were not generated when user Trust Level was Low.

Generally Available Features

• New Zero Touch Deployment tab for ITP:

  • Admins can now enable role-based Zero-Touch deployments for Chromebooks using Internet Threat Protection (ITP), providing more granular control over different business units.

Enhancements and Updates

• New Enable Auto Login:

  • A new toggle on the CSE app allows admins to set the app to automatically re-authenticate user sessions on app start up.
  • This toggle is not enabled by default; it must be enabled by the admin in order to work.
  • Available on macOS and Windows devices.

Bug Fixes

• After users re-authenticate in the CSE app, infra services were occasionally binding to random ports even when the specified listening port was available.

• With ITP enabled, Service Tunnel was delaying connecting and disconnecting to configured domains.

Generally Available Features

• Extended Network Access for Connectors:

  • Admins can now configure Connectors so that they route to public IP addresses.
  • The new Public IPs & Increased Connector Limit toggle is available on latest versions of Linux Connectors and Virtual Appliance Connectors.

• New Lookup Domain Policy Verdict:

  • The Lookup Domain functionality now displays the Content Category, the Threat Classification, and the Policy Verdict associated with the searched domain. The Policy Verdict indicates whether the searched domain is blocked or allowed in the Internet Threat Protection (ITP) policy.

• Enable Service Tunnel over TCP:

  • This new desktop app toggle can be applied by end users temporarily on a restrictive public network that blocks regularly used ports and protocols (e.g., UDP is blocked).
  • This toggle currently only applies to users in a Private Edge org.

• Enable Continuous Ping:

  • End users that are experiencing issues with Service Tunnel going down and not restarting in a timely manner can now toggle on Enable Continuous Ping in CSE app settings.
  • This new toggle keeps sessions alive and prevents the connection from dropping, in odd scenarios when the network connection keeps failing.

Enhancements and Updates

• Block Domains <30 Days Old:

  • Internet Threat Protection (ITP) now automatically blocks domains created less than 30 days ago, protecting users from emerging threats.

Bug Fixes

• Zero-touch script link was broken.

• Users with non-admin privileges were unable to clear the Windows defender notifications after Intune pushes.

Generally Available Features

• New Zero Touch Deployment Tab for ITP on Managed Chromebooks:

  • Admins can configure zero touch deployment for Internet Threat Protection on managed Chromebooks.

• Improved RDP file download option:

  • End users can now trigger the download of an RDP file, removing the need to interact with the RDP pop-up download prompt.

Bug Fixes

Admin service was not starting after device reboot.

Bug messages were sent when end users were upgrading app versions.

After device restart, end users were receiving a notification requesting admin password entry.

Generally Available Features

• Enhanced Internet Threat Protection Policies:

  • New Automatically blocked threat types, including Bots/Cryptomining, Malware/Ransomware, Phishing, Spam/Ad Fraud /Spyware, and more.
  • Support for managed Chromebooks.

Bug Fixes

Entra ID first-time setup now pre-selects the Metadata URL option, instead of admins having to manually select this option.