VSA release 10.13 is laser focused on improving security for both your team and your end users. Release 10.13 includes enhancements to Role-Based Access Control for Remote Control and for Kaseya MDM’s application patching capabilities. The 10.13 release also includes five new Automation Workflow Templates to help you automate more and stress less.
Finally, the release of VSA 10.13 brings the much-anticipated integration between VSA 10 and both Datto EDR and Datto AV. With this new integration, VSA admins will be empowered to automate the deployment, day-to-day management, and monitoring of Datto EDR and Datto AV agents.
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Remote Control: Additional permissions
The following four new Teams permissions have been added to the Remote Control category:
Allow Sharing of Console Sessions
Allow Private RDP Sessions
Allow Microsoft RDP Client Sessions
Allow Sharing of Active User Sessions
MDM: iOS SoftwareUpdate configuration
VSA 10 is introducing the SoftwareUpdate configuration for iOS devices as part of the Apple MDM Restrictions profile. To maintain consistency, the macOS patching configuration has also been moved to profiles. Use the Apple MDM Restrictions profile to configure deferral parameters and the Apple MDM System Configuration profile for software update settings.
Other enhancements
Options have been added to set thresholds for individual drives/volumes when monitoring storage on macOS and Linux/BSD devices.
Apple MDM
This update enables moving an Apple device enrolled through MDM to a different organization, site, or group while preserving end user assignments.
This release introduces a Lock command for Apple devices enrolled through MDM, accessible within the device details pane. The command can be used to remotely and immediately lock a device.
An integration with Apple Business Manager is available to take advantage of Automated Device Enrollment of Apple devices.
New workflow templates
Set Balanced Power Plan
Run Extended Audit For Computers And Servers
Create System Restore Point
Deploy Custom Font
Audit Certificates Expiring Within 30 Days
Integrations
Unified Endpoint Security with Datto EDR and VSA 10
An integration between Datto EDR and VSA 10 adds the following improvements and features:
Automatic synchronization of organizations and sites between VSA 10 and Datto EDR.
Devices protected by the Endpoint Security agent will be synced and associated with the corresponding locations.
Updated Datto EDR/AV Windows agent deployment.
Monitoring the status of the Datto EDR/AV agent from the device details pane.
The release of VSA 10.12 brings a salvo of powerful new features and integrations to improve daily IT efficiency. VSA release 10.12 empowers technicians to remote control devices not currently under management through the new Remote Control on Demand feature. Long time VSA users will recognize this as the next generation LiveConnect on Demand. Additionally, release 10.12 brings new powerful integrations with Apple Business Manager, Datto Endpoint Backup, and Bitdefender to support technicians in managing, securing, and backing up their endpoints from a single pane of glass. Finally, VSA 10.12 improves performance and scalability of commonly used datasets.
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Remote Control on Demand
At times, end users require remote technical assistance while working from a device that is not under management and need quick support.
Remote Control on Demand (RCoD) enables VSA 10 technicians to gain temporary remote desktop access to a computer without an agent installed, even if the user does not have Administrator-level permissions.
Please note that when the Remote Control Client is used for the first time (whether RCoD or standard Remote Control), the client will automatically detect an available update. A message will appear stating that a new update is available, and the update process has begun. The app will then update automatically, and the session will continue without interruption.
To dive deeper on this powerful new capability, please refer to our video on Remote Control on Demand.
Scalability
In this release we have significantly improved the performance of the following datasets:
Rmm – Disk Usage
Rmm – Disk Usage Filtered
Rmm – CPU Usage
Rmm – Memory Usage
Rmm – Assets
Rmm – Applications
Rmm - Applications Extended
Rmm - Audit Log
Key Integration Enhancements
Apple Business Manager Integration
We are excited to introduce Automated Device Enrollment (ADE) to Kaseya Mobile Device Management through a new integration Apple Business Manager, which simplifies the deployment and onboarding of Apple devices. This feature enables devices to be preconfigured and automatically enrolled in mobile device management (MDM) as soon as they are powered on, eliminating the need for manual setup and facilitating zero-touch deployment.
To enable ADE, technicians should create and configure two key connectors: the Apple MDM Push Certificate and the Apple Automated Device Enrollment connector. These steps integrate with Apple Push Notification Service and Apple Business Manager, allowing devices to be automatically enrolled into the specified group.
Teams role-based access control enhancements
User Defined teams now include the ability to explicitly control the visibility of the pages in the left navigation menu.
The new Navigation tab reflects the pages of the left navigation menu. Your selections determine whether those pages will be visible to or hidden from members of the user-defined team. This tab does not control the team members’ functionality permissions, which are managed in the Permissions tab.
To enable the Datto Endpoint Backup integration, go to Integrations -> Datto Endpoint Backup tab
Access the Integration
a. In the VSA 10 platform, go to the left navigation menu.
b. Choose Datto Endpoint Backup tab
c. Click on Create Portal
Once enabled and configured in VSA 10, the new built-in Datto Endpoint Backup Integration features the following:
A Portals tab shows your total number of organizations and the number of devices associated with those organizations.
From a Protected Devices tab, you will be able to deploy the Datto Endpoint Backup Agent and monitor the health status of the agent and the backups.
After deployment, you can track the status of each protected device from the device details pane in VSA 10. Device links are available for you to seamlessly navigate to the Datto portal to view more detailed device information.
Bitdefender
The Bitdefender Integration can be enabled from VSA 10 and from GravityZone.
From VSA 10 go to Integrations -> Bitdefender and enable integration.
Once the integration is enabled, you can access it from the integration page.
Stopping the integration will remove all tokens.
V10.11
August 25, 2024
The release of VSA 10.11 focuses on improving day to day management of devices through improved information density and filterability. Additionally, the 10.11 release offers additional controls for the integrations with both KaseyaOne and Autotask. Finally, 10.11 offers improved the file-based settings management of Kaseya MDM.
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Integrations
KaseyaOne Centralized Management
KaseyaOne admins will be able to configure VSA 10 KaseyaOne access directly from both KaseyaOne interface and from VSA 10 KaseyaOne settings.
Controls for:
Enable KaseyaOne Unified Login
Enforce KaseyaOne Authentication
User Deprovisioning
Auto-Map Autotask Companies to VSA 10 Organizations
The first time a user enters the Organization Mapping step (initial setup) of the Autotask integration wizard, a popup dialog will suggest automapping top-level organizations.
If a user agrees to perform auto-mapping, we map top level VSA10 organizations with Autotask companies by name. Auto-mapping is not performed if the user does not agree (Skip)
Sites and groups that have not been mapped manually to Autotask companies inherit from the top-level organization Autotask companies whose names begin with the name of VSA10 organizations are highlighted in a dropdown box.
The suggested companies are highlighted in a drop-down box when the mapping is inherited from the default state and the drop-down box is scrolled to the first suggestion.
MDM
In this release we added support of file-based settings within Apple MDM Profiles, including:
com.apple.MCX.FileVault2
com.apple.applicationaccess.new
com.apple.declarations
com.apple.font
com.apple.mcxloginscripts
com.apple.security.certificaterevocation
com.apple.security.certificatetransparency
com.apple.security.pem
com.apple.security.pkcs1
com.apple.security.pkcs12
com.apple.security.root
com.apple.security.scep
com.apple.systempolicy.rule
com.apple.vpn.managed
With this release, Apple MDM Profiles now clearly highlight settings that require a device to be in supervised mode.
Platform
Continuing our efforts on improving the {Devices > Device Management} page, following are the improvements included with this release:
Enhanced Device Information – There are new visual icons representing certain states and activities related to a device, which are also accompanied by an informative tooltip that contains detailed information about the various states. The tooltip is available when hovering over the area of the Device Icon.
Improvements include:
Device Uptime
Logged in Users – includes information about user active versus inactive states. A logged in user is represented as inactive when they have been idle for 10 minutes or more.
Remote Control – indicates when Remote Control has been disabled and when there are active Remote Control sessions.
Maintenance Mode – indicates when a device is in Maintenance Mode.
Agent Diagnostic Logging – indicates when diagnostic logging is activated on a device.
Device Name - A new column that is also filterable and searchable within Quick Search in the Top Bar. For Agented devices, this name represents the device name retrieved by the audit process.
Scalability
Active Notifications limit
VSA 10 had a hard limit of 500 active notifications. So, the oldest notification was archived when the 501st one was received. This sometimes causes a “flood“ of notifications and might affect overall system performance. Now, the default limit is increased to 100k with the ability to increase it even further.
Other Enhancements
Device Management
In the VSA 10.10 release, improvements were made for Data Columns, Filtering, and Quick Search. In this release, support has been added for macOS, Linux, and BSD Agents
Bug Fixes & Other Improvements
fixVersion = “VSA 10.11” and issuetype = Bug and “Requires Release Notes[Dropdown]” = Required
API
Calling the GetSystem API v3 endpoint with valid credentials no longer produces an API error.
Devices
If a device card is pinned on the Device List page and then the page is refreshed, the same page is now shown instead of a blank page showing Uknown system.
On the Device Management page, the search bar size, icon size, and font size have been adjusted.
In the top bar, the Quick Search bar and Find Devices bar size, icon size, and font size have been adjusted.
VSA 10 now shows correct icons for online and offline statuses when devices are or are not in maintenance mode.
Help
The options to suggest a feature in VSA 10 now correctly redirect to the VSA 10 Ideas Portal.
Policies and profiles
Policy assignment at the Organization, Site, or Group level no longer fails.
When a device enters maintenance mode, goes offline, and remains offline when the maintenance period ends, the maintenance icon now changes as expected and offline status notifications are triggered as configured.
Remote Desktop profiles now highlight the correct options available for macOS device types.
Upgrade Wizard
For VSA accounts with an active BMS/Vorex integration, the integration is now successfully enabled upon upgrading from VSA 9 to VSA 10.
V10.10
July 25, 2024
VSA release 10.10 is all about improving automations both within the IT Complete ecosystem and with 3rd party solutions. VSA 10.10 includes many direct enhancements to Automation Workflows including the ability to call workflows from other workflows and the ability to export and import workflows to and from other VSA partners and users. Additionally, the 10.10 release includes enhancements to the integrations with ticketing solutions such as Autotask, BMS, Vorex, and ConnectWise.
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Device Management
Added additional data points to assist with triage and information gathering when working with devices:
Uptime
Supported on all devices.
Column added to Filter Options on Devices > Device Management page and to the “All Systems” default filter.
Last logged in user
Updated each time a new user logs in.
Supported for Windows and macOS agent devices (Linux and BSD will be added in a later release).
Column added to Filter Options on Devices > Device Management page and to the “All Systems” default filter.
Searchable using the Quick Search box in the top bar and within the Filter on the Device Management page.
Last bootup time
Supported on all devices with agent installed (Windows, macOS, Linux, BSD).
Column added to Filter Options on Devices > Device Management page and to the “All Systems” default filter.
Serial number
Supported for Windows and macOS agent devices (Linux and BSD will be added in a later release).
Column added to Filter Options on Devices > Device Management page and to the “All Systems” default filter.
Searchable using the Quick Search box in the top bar and within the Filter on the Device Management page.
MAC address
Supported for Windows and macOS agent devices (Linux and BSD will be added in a later release).
Column added to Filter Options on Devices > Device Management page and to the “All Systems” default filter.
Searchable using the Quick Search box in the top bar and within the Filter on the Device Management page.
MDM
The MDM Configuration profiles forms are now dynamic. Non-relevant fields are hidden based on the context, providing a cleaner and more intuitive user experience.
The VSA now handles the sleep state of mobile devices. Configuration profile provisioning will occur once the device wakes up, ensuring seamless and timely updates.
Integrations
(1) PSA Ticketing from VSA 10 Agent Tray [Autotask, ConnectWise, BMS/Vorex]
We are enhancing the PSA ticketing option from Agent Tray by associating the contact who created the ticket and the device associated to it.
New fields when creating a support ticket:
First name - mandatory
Last name - mandatory
Email - mandatory
Phone - mandatory
Priority – mandatory
Same list of priorities as we have in VSA10
PSA ticket will be associated with a PSA contact by the email that is provided in request:
BMS/Vorex a contact will be created and associated if there is no contact with this email. If contact already exists, it will be associated with the ticket.
ConnectWise a contact will be created and associated if there is no contact with this email. If contact already exists, it will be associated with the ticket.
Autotask- if contact exists it will be associated, if there is not a contact - no association happens.
If contact has existed before requesting support, we don’t update our first and last name and phone, we search for contact by email only.
Tickets are created only, not updated for any integrated PSA / ticketing solution
Creating Ticket from Agent Tray should be enabled first via “User Session” profile and then should be applied via a policy.
Users will be able to request support and create a PSA ticket from Agent Tray. Contact and device will be associated with the ticket.
When the user is hovering mouse over the agent try icon, it will display the device name (hostname).
(2) Create/Update PSA Ticket actions for notification workflow for all PSA
Re-enabled and enhanced Workflow automation actions to Create PSA Ticket and Update PSA Ticket for
Notification-triggered and Scheduled/Ad-hoc workflows for any of integrated PSA (Autotask/ConnectWise/BMS/Vorex).
Create/Update ticket actions are not available for Device-less workflows
For ticket creation - all technical fields are optional, values are taken implicitly based on default ticketing configuration either on BMS/Vorex, Autotask or ConnectWise.
For ticket update - all technical fields are optional, values are taken implicitly based on default ticketing configuration either on BMS/Vorex, Autotask or ConnectWise.
If PSA integration is removed - Create/Update PSA Ticket actions in existing Workflows will fail.
To create a Workflow Automation to create/update a PSA ticket, go to Workflow and Create Workflow.
Select the type of trigger: Notification or Scheduled/AD-hoc. Depending on your selection you will have to define the Context of the automation and where it should be applied.
Depending on the trigger type you will have different trigger options.
Example of a Create PSA ticket workflow from an Ad-hoc trigger
You can open the PSA ticket created related to the trigger notification from the notification module
(3) Evidence of Compliance Integration (GCR)
Compliance Manager GRC allows you to import data from other Kaseya products you frequently use directly into your assessment. This includes technical data such as proof of patch management, backups for endpoints, and evidence of two-factor authentication.
When you import this data, you can review evidence of compliance as you answer assessment questions for the Rapid Baseline, Controls, and/or Requirements Assessments. Evidence of compliance will automatically be mapped to the relevant controls — and will be available to download as reports.
Evidence Description: Proof of Patch Management from VSA 10
Evidence Metrics:
Device Hostname
Device IP address (if there is more than 1 send it separated with commas)
Device MAC addresses, comma-separated
Agent Version
Agent Last Seen Date/Time
Last Log in user
Patching information
Missing patch count - 0 if no Patch Policies assigned to a machine; number of approved patches otherwise
Patch Status
“No Patch Policy” - if there is no Patch Policy assigned to the machine
“Fully Patched” - if Device Missing Patch Count=0
“Missing Patches” - if Device Missing Patch Count > 0
The URL field of the Get URL action supports #variables.
The Path field of the Get URL action supports #variables.
Automation
Execute Workflow in a Workflow
With this new feature, any active Ad-hoc or Scheduled Workflow can now be executed from within another Workflow. The child Workflow will execute under the parent Workflow’s context, overriding its currently assigned context. On the Workflow History page, you are able to jump between the parent and child Workflow to visually follow the execution route. This enhancement allows for greater flexibility and customization of complex Workflow executions.
Import Workflow .flw files
We introduce the ability to import Workflow .flw flat files created using the existing Export Workflow feature. Now, any existing Workflow canvas can be exported and imported on an ad-hoc basis to any VSA 10 tenant. This new functionality enables VSA 10 admins to easily share and import Workflow templates between tenants and within the Kaseya Community, significantly boosting productivity.
The exported .flw files include the entire canvas structure, complete with Workflow Actions and Conditions. When importing an .flw file into a VSA 10 tenant, the canvas will be re-created with some minor manual adjustments if present during the import process before saving the Workflow:
Custom Fields must be created before importing or re-mapped to any already existing field.
Managed Files must be uploaded manually before importing or re-mapped to any existing file.
You will find the export Workflow as .flw feature on the right side next to the delete button when hovering over any existing Workflow in the list. To import, click on “Actions, Import Workflow” and select the .flw file to be imported.
Other Enhancements
The EULA (End User License Agreement) has been updated for product installers.
The local Agent Manager application tabs and settings that were previously deprecated have been reinstated.
API: Enhanced the existing “Get Assets” endpoint to include much more information about each device, including data such as installed software, and installed and available patches. Also, data is now filterable, including the ability to omit available information sections. VSA X REST API Reference
API: Added new API endpoints for Organizations, Sites, Groups to allow creation and updating of these objects. VSA X REST API Reference
Patch Management: The Patch Status page now supports filtering by Operating System (Product). This enhancement allows you to narrow down patches by the Operating System on which a given patch was discovered.
V10.9
June 25, 2024
VSA 10.9 is another strong release for VSA 10 including the highly requested ability for end users to be able to securely remote control into their own endpoint via VSA’s end user portal. VSA 10.9 continues to improve efficiency through automation through the ability to queue automated workflows to trigger when endpoints come back online. Additionally, VSA release 10.9 improves decision making quality and speed through more accurate and timely data flow between VSA and Autotask, KaseyaOne and/or third-party applications. Finally, the 10.9 release supports finding the right information at the right time through enhancements to Application and Service log filtering in monitoring, improves to policy targeting through custom tags, and better visibility into pending count of patches and estimated installation time.
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
End User Remote Control
This release adds the ability for “End User Accounts” to Remote Control associated devices from the Client Portal.
Important: Once Remote Control has been enabled for a Client Portal > End User Account, an additional factor of authentication will be required to gain access to the portal, in the form of a One-Time passcode. The end user will be taken through a configuration flow to set this up and technicians will have the ability to RESET REGISTRATION using an action from the Client
Portal > End User Accounts page.
For a Client Portal user to take advantage of this feature:
Create or edit a Client Portal > End User Account
Associate the account with at least one agented device
Under User Access, be sure to “Allow Client Portal Access” and “Allow Remote Management to Associated Devices” and select the type(s) of Remote Control sessions you wish to allow.
Once enabled, after a user successfully authenticates to the Client Portal, they will be presented with the option to Remote Control.
Policy Profile Enhancements
Several changes have been made to Configuration > Profiles to enhance the experience when organizing, filtering, and editing Profiles, including the introduction of Configuration > Content Tags. A profile can be assigned to multiple Content Tags
Folders have been replaced by Content Tags – All existing folders have been migrated to Content Tags and all existing Profiles that were located within a given folder have been automatically associated with the relevant Content Tag. You can quickly find locate these using the new Configuration > Content Tags page.
Icons have been added to Profiles and standardized based on the Profile’s Configuration Type
Visual enhancements made to the Profile Editor – The Configuration Type and the supported Device Types are now displayed, and you can highlight the settings that are supported per Device Type.
API Improvements
This release includes new API endpoints, and enhancements to existing endpoints to allow integrators and customers to programmatically retrieve more information regarding devices and Policies.
Added a “LocalIPAddresses” property to the following endpoint:
Get a Specific Device (api/v3/devices/:id)
Increased rate limits from 60 requests per hour to 3600 for the following endpoints:
Get Assets for a Specific Device (api/v3/assets/:id)
Get Assets (api/v3/assets/)
Added the following new endpoints for retrieving Policy information:
Get Device Applied Policies (api/v3/devices/:deviceId/appliedpolicies)
Patch Management
Get Patch Management Policy (api/v3/patchmanagement/policies/:id)
Get Global Rules (api/v3/patchmanagement/globalrules/)
Get Endpoint Protection Policy (api/v3/endpointprotection/policies/:id)
Integrations
Enabling Automatic User Deprovisioning
This article describes the Automatic User Deprovisioning feature and its benefits.
Pre-Requisites
You must be a partner administrator for both VSA 10 and KaseyaOne.
You must have login credentials for VSA 10 and KaseyaOne. If you do not have them, contact your administrator.
You must have the same email address for VSA 10 and KaseyaOne accounts.
Before the Automatic User Deprovisioning feature can be enabled, the Enable Log In with KaseyaOne toggle must be activated.
The Automatic User Deprovisioning feature automatically deactivates a user in VSA 10 when the user is deactivated or deleted in KaseyaOne.
When enabled, the feature provides the following benefits:
When you deactivate or delete users in KaseyaOne, you no longer need to manually deactivate each user in VSA 10 resulting in a more efficient offboarding process.
You enable the Automatic User Deprovisioning feature on the KaseyaOne tab on the Configuration -> Settings page -> Log In with KaseyaOne.
You manage user access from the KaseyaOne tab on the Admin Settings-> User Management
Import local users from VSA 10 to KaseyaOne
To import users from VSA 10 to KaseyaOne, do the following:
Navigate to the KaseyaOne Admin Settings > User Management view, click Add User, and then click Import from Module.
On the Import Users page:
Select VSA 10 from which to import users. If the VSA 10 has multiple instances, then expand the module option and select a module instance.
If none of your modules are connected to KaseyaOne, then you will receive the following message: Supporting modules are not connected to KaseyaOne.
Click Next.
Select the users you want to import and then click Next.
Configure the settings and user access. You must specify the KaseyaOne role, group, and Kaseya University courses that users will be assigned after they are imported to KaseyaOne. You can do this in bulk for the whole list of users or individually for each user.
a. In the Assign to All section, bulk assign the same settings and user access to all users being imported:
KaseyaOne Role. Select the role that imported users will be assigned in KaseyaOne.
Group. Select the access group(s) that imported users will be assigned in KaseyaOne.
Kaseya University Courses. Select the Kaseya University Course(s) that imported users will be assigned in KaseyaOne and will have access to in Kaseya University.
Click Assign to All to assign the selected role, groups, and courses to imported users.
b. (Optional) In the Assign Individual Users section, assign user settings and user access individually to each user:
KaseyaOne Role. Select the role that the user will be assigned in KaseyaOne.
Group. Select the access group(s) that the user will be assigned in KaseyaOne.
Kaseya University Courses. Select the Kaseya University Course(s) that the user will be assigned in KaseyaOne.
c. Click Next.
Review and confirm your assignments on the next page and then click Import. The import will take some time to complete.
When the import finishes, review the results of the import.
The number of records successfully imported
The number of records skipped due to errors (for example, the user already exists in KaseyaOne)
The number of records that failed with errors
Click Copy to copy the import log if you want to examine it more closely.
Click Done when finished reviewing the import results.
After the import:
The new users will be created in KaseyaOne and an invitation email will be sent to their email addresses.
Newly invited users must activate their accounts within 14 days of receiving the invitation email; otherwise the activation link will expire. If the activation link expires, users must contact their KaseyaOne Master user to request that the account invitation email be resent.
Autotask improved asset synchronization
Most of the VSA 10 asset information + deep link to VSA 10 Device Card will be sync to Autotask Configuration item, making it visible on Autotask.
Patch Management
Patch Policy form restructure
With this release, we’ve revamped the Patch Policy form to enhance its logical structure, organizing fields into distinct sections: Options, Deployment Schedule, and Reboot Schedule.
Patch installation time
For installed patches, we now display the exact installation time and specify the method of installation, whether through the operating system or VSA. Additionally, the new Installed Patches report can now be filtered by time period, allowing you to view patches installed within a specific timeframe.
Enhanced system requirements for software
With this release, we’ve enhanced the software requirements descriptions for third-party software installed through Patch Policy. This includes the latest operating systems and introduces dedicated sections for server and workstation operating systems.
MDM
Renew Apple MDM certificate
With this release, you can now edit the Apple MDM connector to renew the certificate.
Improved provisioning of MDM configuration profiles for non-supervised devices
During the provisioning of MDM configuration profiles, VSA now skips settings that require supervised mode for devices enrolled in non-supervised mode.
Application and Services Event Log Monitoring
Monitoring of Application and Services event logs on Windows devices is now supported and configurable using profiles and policies. This includes a workflow to import application specific event logs from endpoints into the VSA database and filter for them in Event Log Monitoring profiles.
When creating or editing a Filter from an Event Log Monitoring profile, there are two new functions available:
Import Event Logs
The technician can select a Windows System where the application or service that needs to be monitored is installed.
It will show a list of event logs detected on the chosen system:
By default, only logs which have not already been imported are displayed.
Clicking “Show All Logs” will display previously imported logs which are present on the selected system.
Selected log(s) can be imported into the VSA database, for use in Event Log filters. Once imported, an Event Log can be included in any filter or profile. It is a one-time process for each application or service that needs to be monitored.
After import, event logs will be automatically added to the filter being created or edited. They can be removed using the Edit Event Logs function (see below).
Edit Event Logs
Event Logs which are already known to VSA can be added or removed from the filter being created or edited. This includes Windows logs (Application, Security, System) and previously imported Application and Services logs.
Automation
New Role Based Access Controls in Teams Permissions for Automation
The Role Based Access Controls in Teams permissions now cover all the features available in the Automation tab:
Scripts
Tasks
Workflows
Workflow History
Custom Fields
Managed Files
If Automation is unchecked the whole Automation tab will be removed from the UI for that specific team of users. That also includes the “Device Card, Run Script” and “Device Management, Bulk Actions, Run Script/Workflow” functionality.
If “View and Run Automation” is checked, all Automation features will be available in a View and Run state for that specific team of users. Scripts, Tasks, Workflows, Custom Fields and Managed files can all be viewed, but not changed or removed. The “Device Card, Run Script” and “Device Management, Bulk Actions, Run Script/Workflow” functionality will also be available.
If “Edit Automation” is checked, all Automation features will be available in an Edit and Run state for that specific team of users. Scripts, Tasks, Workflows, Custom Fields and Managed files can all be edited and removed. The “Device Card, Run Script” and “Device Management, Bulk Actions, Run Script/Workflow” functionality will also be available.
Execute Queued Up Workflows When Device Comes Online
Scheduled and Ad-hoc Workflows with the “Skip if Offline” toggle set to disabled will now queue up for execution if the device currently is offline during the time of execution. This new feature ensures Workflows will run on devices regardless of their current online or offline status.
New feature functionality
Queues up any Ad-hoc or Scheduled Workflow on a device if not online during the time of execution.
View the current Workflows queue on the device card and jump directly to the Workflow Canvas for that specific Workflow
Other Feature Enhancements
MDM enrollment page now respects «Add Systems» permission rule.
Erase command is excluded from the list of possible commands for non-supervised devices.
User Defined Team Permissions can be configured to allow the movement of devices, which can be performed as a bulk action from the Device Management page.
V10.8
May 06, 2024
The release of VSA 10.8 is another incredibly exciting release. This release includes major enhancements to the integrations with Autotask, KaseyaOne, BMS, and Vorex. Additionally, VSA 10.8 supports device-level policy targeting, recording of remote control sessions, and added 18 new capabilities to the VSA 10 API. Finally, there were several new report templates and end-to-end automation templates added to support managing, securing, and automating your IT ecosystem with the content you need to get started.
Key Feature Enhancements
Policy Extensions – Explicit Targeting
Policy Extensions now support the ability to explicitly target one or more existing devices, which is useful when Policy changes are required on a device-by-device basis.
Policy Extensions operate in one of two selected Targeting Modes:
Dynamic Targeting - This is the default Extension mode and is the current operating mode of Extensions prior to changes within this release.
a. In this mode, direct assignment of this Policy Extension to specific devices is not available. The selections in the Device Targeting Criteria will be used to dynamically assign this Policy Extension to any devices in the assigned Context, that also match the Device Targeting Criteria. It is possible to further extend this Policy Extension
Explicit Targeting – This is a new mode that allows existing devices to be explicitly assigned to the Extension.
a. In this mode, it is possible to explicitly assign this Policy Extension to devices that conform to the following logic:
i. Devices that meet the Device Targeting Criteria as inherited by this Extension’s parent. As an example, if the parent of this Extension is an Extension that has device attributes selected as “Windows Servers”, then only devices that are “Windows Servers” will be available to be selected in this Extension.
ii. Devices which are contained within the Context as inherited by this Extension’s parent. As an example, if the Context that has been inherited by this Extension is Organization 1, then only the devices within Organization 1 will be available to be selected in this Extension.
b. Refinement of Device Targeting Criteria is not available in this mode.
c. It is not possible to further extend a Policy Extension operating in Explicit Targeting Mode.
Explicit Targeting Extension - Validation Errors – If an Explicit Targeting Extension has been created and the Context selections have been altered within a parent Policy to something other than the Organization, Site, or Group that contains the selected devices, or the Context of the parent has been completely removed, the Explicit Targeting Extension’s device selections will be cleared, and the Extension will display a validation error in the UI.
Remote Control Session Recording
Remote Control sessions can now be recorded manually or automatically. This feature is available for Windows Agents, and both Shared and Private Sessions are supported.
fVSA 10 Remote Control Session Recording Overview Video
There are five product areas to consider as it relates to this feature:
Device Configuration: Remote Desktop Profile - Enabling the feature for devices. To use the feature, it must be enabled within a Device Configuration: Remote Desktop Profile, for any device you wish to record sessions for. This Profile also includes an option to enforce recording for all remote desktop sessions. When enabled, any User connecting launching a supported Remote Control session will have the session automatically recorded.
Permissions for User Defined Teams – Specific configurations for members of User Defined Teams. Two new permissions have been added to User Defined Teams to support this feature:
a. Enforce recording for all remote desktop sessions – If checked, when a member of this Team launches a supported Remote-Control session, it will be automatically recorded.
b. View remote desktop session recordings – If checked, members of the Team will be allowed to view the newly introduced “Recorded Sessions” section within the Device Card.
Recording Status Control and Indicator – Changes to the Remote Control application toolbar. Once session recordings have been enabled for a device, for any supported Remote Control session, a new Recording control will be available in the Remote Control application toolbar.
Location of Saved Recordings – Where and how recordings are stored Remote Control session recordings are saved locally on the target Agent, in “Program Files\VSA X\Recordings” folder. Files are formatted using a date and time stamp, the Agent ID, and the user who initiated the recording.
Note:There is a protection mechanism to ensure that recordings do not result in the total consumption of disk space on the local device. Recordings will not start if there is less than 10% free disk space on the target Agent. If a recording has started, and the target Agent available disk space falls below 10%, the recording will immediately stop.
A new section has been added to the Remote Control section of the Device Card, named “Recorded Sessions” and will reference any recordings that are currently stored locally on the target Agent, in the related folder.
Audit Logs – Information about recordings for activity tracking.
Each time a Remote Control session recording is started or stopped, a log entry is captured in the Server Admin > Audit Log, under the “Remote Control” category for the target Agent.
Upload Screen Recording to external cloud storage services
To accommodate the new Screen Recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or AWS S3 storage. Learn more by referring to the automation section of these release notes.
macOS Remote Control
It is now possible to connect to a target macOS Agent with Remote Control when no user is logged in locally to the device.
Note:This feature will be enhanced in a subsequent release when we introduce support for Automatic Reconnect for macOS agents. Until then, although it is now possible to connect with Remote Control before a user is logged in locally, during the login process, the Remote Control session will be disconnected and will require manual re-connection.
Patching notifications
With this release we introduce Patch Policy notifications. Three notification types are available:
Notification for new patches pending review.
Notification upon error during operating system patching.
Notification upon error during software patching.
To better align with the technician’s workflow, the notifications’ priority and schedule can be customized.
Patch Status page enhancements
This release enhances the Patch Status page by adding the ability to filter the patch list and customize visible columns.
Additionally, the number of pending patches is now displayed next to each Patch Policy in the policies list.
Integrations
KaseyaOne: Disabling Local Login and Enforce KaseyaOne Authentication
Introduction
The Require Log In with KaseyaOne feature forces users to login with their KaseyaOne credentials to access VSA 10. When the feature is enabled by an organization, users can no longer log into VSA 10 locally with their local credentials.
Enabling the Require Log In with KaseyaOne feature allows users to authenticate with their KaseyaOne modules using just one set of credentials. This provides a smoother user experience and increased security.
Pre-Requisites:
You must be a partner administrator for both VSA 10 and KaseyaOne.
You must have the same email address for VSA 10 and KaseyaOne accounts.
Before the Require Log In with KaseyaOne feature can be enabled, the Enable Log In with KaseyaOne toggle must be activated. For more information, see Unified Login with KaseyaOne
When you have enabled KaseyaOne Unified Login for your organization, you can enable the Require Log in with KaseyaOne feature on the Settings page.
IMPORTANT: Once this option is enabled, any users that do not have a KaseyaOne account will no longer be able to log in to VSA 10 through local login unless you add them to **User Exceptions**.
Refer to Exempt users from being required to log in with KaseyaOne.
To enable the Require Log in with KaseyaOne feature:
On the Configuration module, click Settings.
The Settings page is displayed with the Log in with KaseyaOne tab. Verify the Enable Log In with KaseyaOne toggle is activated. If it is not, perform the steps in the article Unified Login with KaseyaOne
In the Require Log In with KaseyaOne section, click the Require Log In with KaseyaOne toggle to enable it.
To allow specific users, teams or users with specific email domain to continue to log into VSA 10 using their local VSA 10 credentials, in the Exceptions list, select the applicable users/teams/domains.
Click on Save
Exempt users from being required to log in with KaseyaOne
Once the Require Log In with KaseyaOne feature is enabled, you will be able to add any existing users, team or email domain to the Exceptions list.
Any users, teams or email domain part of the Exceptions will still be able to log in using VSA 10 local authentication.
This option is useful if you have users that need to log in to VSA 10 for remote access or reporting, such as customer IT staff, but do not require KaseyaOne accounts.
NOTE: All VSA 10 users that are assigned the **administrator** security level will be able to login locally, even if Enforce KaseyaOne login is enabled.
Login scenarios
The following describes user login scenarios that are possible when Require Log In with KaseyaOne is enabled:
When a user attempts to log into VSA 10 with their VSA 10 credentials AND Require Log In with KaseyaOne is enabled, the user is redirected to the KaseyaOne login page.
Note: This does not apply to users included in the User Exceptions list.
When Require Log In with KaseyaOne is enabled and a user is included in the Exceptions list, the user can log into VSA 10 using their VSA 10 local credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).
When Require Log In with KaseyaOne is disabled, the user can log into VSA 10 using their VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).
Enforcing KaseyaOne login disables VSA 10 password reset.
When Require Log In with KaseyaOne is enabled, the user’s ability to reset their VSA 10 password is disabled.
On the My Settings page, the Authentication tab is disabled and a message is displayed indicating that KaseyaOne Login is enforced. Therefore, resetting VSA 10 passwords is not allowed.
Note: This does not apply to users included in the User Exceptions list.
KaseyaOne: Role-Base Access Control
Introduction
Instructions follow on how to configure role-based access control (RBAC) — by defining mapping rules to control user access — for VSA 10. The purpose of defining mapping rules is to mimic or maintain the same levels of user access between KaseayOne and VSA 10.
If you enable Access Groups, then RBAC from KaseyaOne will be allowed for VSA 10 and you will be able to map KaseyaOne groups to (the same or similar) module roles.
If you disable Access Groups, then RBAC from KaseyaOne will not be allowed for VSA 10.
NOTE: RBAC is the process of assigning permissions to users based on their role within an organization. But rather than assigning permissions to users individually, you assign permissions to a group (and then assign users to the group).
Enable Access Groups for VSA 10
To enable Access Groups for VSA 10 do the following:
Log into VSA 10 in the usual way and click Configurations > Settings > Log in with KaseyaOne on the left navigation menu.
In the Access Groups section, turn on the Enable Access Groups toggle to enable the feature.
Create mapping rules to control user access:
Map each KaseyaOne Access Group to the same or a similar VSA 10 team.
Autotask Integration
SUGGESTION: We recommend you update the Autotask integration settings at least once after VSA 10.8 is released.
Pre-Requisites:
Only admins and those who have PSA Edit permissions are able to create Autotask integration
To setup the Autotask Integration, you should go to Integrations > Autotask
Once you are logged in with your Autotask API credentials, you will be at the Configuration Wizard page.
NOTE: The integration configuration page does not allow more than one user at the same time. If a user is trying to access the page and there is already another user in the integration page, access will be prevented.
NOTE: Depending on how many Organizations and assets you have in VSA 10 it will take between 30 seconds to a couple of minutes for the configuration page to be ready. Please be patient!.
Step 1- Mapping Device Type
In this screen you will be able to map VSA 10 Device type with an Autotask Product and a Configuration Item type.
The idea behind the Device type mapping is to populate data in Autotask (ConfigurationItemType and ProductType) for each asset. It will be then possible to add dashboard charts in Autotask using these fields.
You can map each VSA 10 device type to their corresponding type on Autotask:
NOTE: You can filter device types by name and map all devices top the same Autotask Product type / Configuration item type
First you need to define the “Default mapping settings for all device types”.
Once it’s done, you will be able to update each VSA 10 device type and associate it to the corresponding Autotask product and Autotask Configuration Item Type.
Once you finish doing the Device type mapping click on Next.
Step 2- Organization Mapping
In this step you will be able to map Organizations / Sites / Agent Groups to Autotask Companies.
First you need to define the Default mapping settings for all context field
Then you can map each VSA 10 organization, site or agent group to an Autotask Company.
Once you finish doing the mapping click on Next
NOTE: For new VSA 10 Organizations /Sites you will be able to “do nothing”, “map to new Autotask company” or “map to existing Autotask company”.
NOTE: If you want to change the mapping for an Organization / Site. All system mappings under the changed organization will be deleted. Consequently, inherited behavior will be applied that can lead to the creation of duplicate configuration items in the selected company
Step 3- Ticket Attributes Configuration
Alert rules allow you to handle VSA 10 alerts and their corresponding Autotask alert tickets. In the integration tab, begin by configuring your Autotask queue and filter alerts that will generate a ticket in Autotask base in alert priority.
First you need to define the default mapping setting for all context
Queue refers to the Service desk queue the ticket will be created in Autotask. Sets the default values for the Queue field in Autotask tickets. More information: Service Desk queues (autotask.net)
Notification type refers to the criticality of a VSA 10 alert to automatically create an Autotask ticket. For example, you could define that only Critical VSA 10 alerts trigger the ticket creation.
Once you finish with the ticket attributes click on Next.
Step 4- Asset Synchronization
The next step is to configure the asset synchronization between VSA 10 and Autotask.
If “Create new system and map” toggle is enabled, new VSA 10 assets will try to be auto mapped to existing Autotask Configuration items if there is a full or partial match with both
Automapping:
If VSA10 device and Autotask configuration item have the same name and company, only in this case auto mapping is possible.
If serial number also matches, it’s a full match.
Otherwise, it’s a partial match.
Select an existing Autotask product to map to your VSA 10 asset or allow the system to create a matching product in Autotask for you.
You can filter assets by:
All types
Mapped
Unmapped: full match
Unmapped: partial match
Do not map
Create new
Matching logic between VSA 10 and Autotask asset records:
Fully Match
Organization
Serial Number
Mac Address
Partial Match
NOTE: For new VSA 10 Organizations /Sites you will be able to “do nothing”, “map to new Autotask company” or “map to existing Autotask company”.
NOTE: When “Create New System and Map” toggle is enabled, you can still override the auto mapping on individual asset records. With this option, regardless of if there is a full/partial match it will create a new Autotask Configuration Item
When a device is deleted in VSA 10, the corresponding Autotask configuration item will be inactivated.
An asset sync will be triggered once every hour.
During setup, for any unmatched asset, you can either accept the suggested match, search for an Autotask configuration item, or create a new configuration. Once you click “Save” you will be able to save changes.
Once integration updates are done, you will be redirected to the settings page automatically.
NOTE: In addition to previous asset records we are adding Product Type, Configuration Item Type.
ADDITIONAL section for the Autotask Integration module
Create Tickets from Agent Tray
To enable users to create a support ticket, you need to create a “User Sessions” profile and enable “User Support Request”.
Then the profile should be applied to Organization / Site / Devices via Policies.
Integrated Customer Billing via Autotask and Kaseya BMS
Integrated Customer Billing is a new feature introduced as part of billing automation.
MSPs require an efficient and accurate way to bill for services provided to their customers, but manual billing processes are error-prone and tedious, and they can result in lost revenue. Having granular billing metrics for various Kaseya IT Complete modules available in Autotask and Kaseya BMS allows for flexible automated billing.
VSA 10 synchronizes billing metrics daily to a data lake accessible by both Autotask and Kaseya BMS via the KaseyaOne unified login portal.
The information provided is the total number of managed devices with a breakdown by the following types:
Number of devices under management (defined as having consumed a single device license whether it is network-enrolled, has an agent, is mdm-enrolled. A device will only count once regardless of its enrollment types).
Number of enrolled devices that do not have an agent installed and are not enrolled in MDM.
Number of devices that have an Agent installed.
Number of devices that are enrolled in MDM (includes Agentless and Agented devices).
Number of devices that have an Agent installed and have Webroot installed.
Number of devices that have an Agent installed and have Bitdefender installed.
Number of devices that have an Agent installed and have Ransomware Detection installed.
Number of devices that have an Agent installed and have an active Patch Policy applied.
Number of enrolled Network Devices (enrolled devices that do not have an agent and are not enrolled in MDM) that have Monitoring assigned directly or through a Monitoring Policy.
Number of Agented devices that have a Monitoring Policy assigned.
Number of devices that have an Agent installed and are listed as a “workstation”
Number of devices that have an Agent installed and are listed as a “server”
Number of devices that have an Agent installed and are listed as a “server” and OS = Windows
Number of devices that have an Agent installed and are listed as a “workstation” and OS = Windows
Number of devices that have an Agent installed and are listed as a “mac”
Number of devices that have an Agent installed and are listed as a “Linux”
Number of devices that have an Agent installed and were online in the last 30 days
Prerequisites and further information
KaseyaOne must be enabled for your VSA 10 account. Refer to Unified Login with KaseyaOne.
KaseyaOne must be enabled for your Autotask or Kaseya BMS instance, and you must have Admin permissions to configure Integrated Customer Billing in either of the products.
For detailed information, refer to the following guides:
Changes have been introduced in the 10.8 release to align with the terminology used across the IT Complete product suite. The changes are detailed in the release notes here.
Rename Devices
This release introduces the ability to rename devices directly from the Device Card, including Agents. To take advantage of this feature, open the Device Card and click the pencil icon next to the device name.
This feature also includes an ability to Reset to Default, which will allow you to reapply the default name to the device after it has been renamed. For example, for mobile devices, the default name would be the serial number, and for Agented devices, the default name would be the computer name.
Storage Monitoring
The existing Monitoring: Storage Profile has been enhanced to support individual conditions for granular storage monitoring of Windows Agents.
Note:Support for macOS, Linux, and BSD Agents will be included in a subsequent release.
Each individual Monitoring: Storage Profile supports a maximum of 20 conditions
When specifying a drive letter, acceptable formats are “DriveLetter” and “DriveLetter:” and are case insensitive
Services Monitoring
In VSA 10.7, we enhanced Service monitoring for Windows Agents, to support the ability to trigger notifications when a monitored service is missing on an agented device, and when a monitored service was in place but has been removed.
In this release, this feature has been extended to support Linux, and BSD Agents.
Mobile Application: Add MDM Commands
With this release, we have added a dedicated section for MDM commands on the system details of MDM-enrolled devices. This is in addition to the Agent-based commands:
Advanced Reporting
This release will bring new reporting features, datasets, report templates and performance improvements.
New datasets
“Rmm - Tags”
“Rmm - Application Extended”
New templates
“Tags”
“Tags tabular”
“Applications tabular”
“Unsupported Windows OS” (new version)
“Servers, Workstations, and Network devices per Organization”
“QR codes for Devices”
New features
Document binder - users can now seamlessly view, export, and schedule collections of templates
Multi-Section RDL - allows for the incorporation of ‘sections’ within RDL reports.
API Improvements
This release includes new API endpoints, and enhancements to existing endpoints to allow integrators and customers to programmatically drive automation. These enhancements include GET and POST methods and the ability to register webhooks during automation executions.
Automation Scripts
Get a Script (GET)
Get All Scripts (GET)
Run a Script (POST)
Get Script Executions (GET)
Get Script Execution Details (GET)
Automation Tasks
Get Script Executions (GET)
Get Script Execution details (GET)
Get a Task (GET)
Get all Tasks (GET)
Run a Task (POST) - enhanced
Get Task Execution Scripts (GET)
Get Task Execution Output (GET)
Automation Workflows
Get a Specific Workflow (GET)
Get All Workflows (GET)
Run a Workflow (GET
Get Workflow Executions (GET)
Get Workflow Execution Details (GET)
Automation
New Workflow Templates
Several new Workflow Templates have been added. Discover the available and growing list by clicking on “Action, Create from Template” while in the Workflow tab.
New Workflow Templates:
Ad-Hoc/Scheduled: Run Disk Cleanup
Low HDD Space: Disk Cleanup
Ad-Hoc/Scheduled: Set Desktop Wallpaper
Ad-Hoc/Scheduled: Ask User To Reboot YES/NO
Ad-Hoc/Scheduled: Set Screen Lock Policy To 5 Min
New Script Templates
To accommodate the new Screen Recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or AWS S3 storage.
New scripts in the “VSAX Start Pack” folder:
Upload Screen Recordings to Azure Blob Storage
Upload Screen Recordings to AWS S3 Storage
Note: The Script templates do not include any subscription to external cloud services. Individually owned subscription to the respective storage services is required.
Double-byte Language Support
We now support saving data objects containing double-byte characters. Prior to this release, double-byte characters would be replaced by “?” when written to the database.
Agent Diagnostic Logging
To streamline the Support process, we have added the ability to enable diagnostic logging on Windows agents remotely from the web application and collect them from the machine without interrupting the end user:
Added a new option to the Configuration > Settings page called “Enable agent diagnostic logging on device card”.
If enabled, Diagnostic Logging can be enabled on Windows systems for up to 72 hours from the Device Card. The Download Logs action will automatically package the logs and download them to the technician’s computer.
Log duration shows the remaining time that diagnostic logging will be enabled for, after which the agent will automatically revert to standard logging. The Disable action can be used to immediately stop diagnostic logging.
Note:diagnostic logging is resource intensive, and it can impact the performance of the target machine. It should only be enabled when recommended by a Kaseya Support representative.
We plan to extend this functionality to macOS and Linux agents in future releases.
V10.7
March 04, 2024
The release of VSA 10.7 is another strong release for VSA 10. This release supercharges VSA’s Mac management and mobile device management capabilities through complete management of Apple’s settings and configurations using VSA policies. Additionally, version 10.7 also includes several major enhancements to the integration with both BMS and Vorex empowering you to browse, open, update, and close tickets all from within the VSA 10 interface. Finally, 10.7 brings eight end-to-end, use case driven automation workflow templates, several enhancements to the performance and targeting of automation, SSO for any 3rd party IDP through KaseyaOne, and major enhancements to the upgrade wizard to support upgrading customers from VSA 9 to VSA 10
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Apple MDM Configuration Profiles
In this release, we introduce the Apple MDM Configuration Profiles. With the MDM Configuration Profiles, you can create pre-defined setup templates for supported Apple devices and associate them with management policies.
With MDM Configuration Profiles, you can automate the setup of networking settings, security policies, hardware, operating system, and application restrictions from the moment the device is enrolled.
MDM Configuration Profiles relate to the Device Configuration Policy Type and are split into the following profile types:
Policy Type
Profile Type
Description
Profile Sections
Device
Configuration
Apple MDM
Networking
Manage network
configuration, including
WiFi, Ethernet, and VPNs.
This release includes several improvements to agent and network device monitoring.
SNMP Monitoring – SNMP alerts now include the ability to trigger notifications based on a change to a previous value, regardless of what the existing value or the new value is.
There are two ways to take advantage of this new SNMP condition:
Configure as a condition type – useful for when a monitored value changes from its previous value and you don’t require additional logic.
Use as a variable value – useful when comparing the latest value against the previous value combined with various condition types, like equal to, greater than, less than, etc.
Service Monitoring - Service monitoring now includes the ability to trigger notifications when a monitored service is missing on an agented device, and when a monitored service was in place but has been removed.
NOTE: This feature is only applicable to services that are explicitly listed in the ”Additional Services and Exclusions” section of the Monitoring: Monitored Services profile. It does not apply to Automatic Services.
The Device Card has also been enhanced to show any monitored services that are missing, even if the service is not configured to generate an alert. If a particular service is configured to generate an alert, a notification will be generated for each individual service.
This release includes support for Windows agents only. Support for Linux and BSD agents will be added in a subsequent release.
Patch Management
In this release, we improved Patch History error messages to provide more details about common issues, including missing prerequisites or unsupported application versions.
UI Improvements
An improvement was made to the left navigation, adding a static footer with a pre-determined size to ensure all navigation entries can be accessed, regardless of browser or display resolution.
Automation
Execute Workflow Actions as Current User
We have enhanced the Execute as Current User feature in supported Workflow Actions. No longer do we emulate the Current User from the “NT AUTHORITY\SYSTEM” account, instead we proxy and execute the commands as the true Current User logged on to the console.
Supported Workflow Actions are:
Execute File
Execute Shell Command
Execute PowerShell Command
Run Script
Execute as the true Current User delivers valuable new features such as:
Enables automation targeting the current user context not previously possible from System, such as managing and executing user specific Files, Policies, Registry and Desktop settings.
Full environmental variable support from the Current User context, for example %UserName%, %Downloads% and %OneDrive%.
Run Scripts to execute on-boarding, Teams cache cleanups, user audit and remediations as the Current User, both for Microsoft 365 and Active Directory joined devices.
Send Message Improvements
The “Send Message” and “Get Device Value, Has User Confirmed” Workflow Actions can now be fully customized with text and variables.
Top left message icon now uses the custom tray icon from Server settings
Message title text is configurable including variable support.
Message text is configurable including variable support.
The YES/NO confirmation buttons presented to the Current User in “Get Device Value, Has User Confirmed” is now customizable with text up to 20 characters.
Distributed Workflow Templates
We now support Workflow Templates as part of our distributed Automation Content Packs. To access the template library, visit Automation, Workflows, click on the Action button and select “Create from Template”. This list will be updated frequently, so please re-visit the library for new templates and ideas. Workflow Templates release in 10.7:
System Registered: On-Boarding New Device
Ad-Hoc: App Deploy: 7zip MSI Example
Ad-Hoc: App Deploy: 7zip EXE Example
Ad-Hoc: Ask For User Approval To Reboot
Scheduled: Send Message If Uptime Is More Than 10 Days
Scheduled: Check BitLocker Status
Service Stopped: Print Spooler Cleanup Example
User Logged In: Map Network Drive As Current User
Onboarding Checklist
The Endpoint Policies Onboarding Checklist video has been updated to reflect the new Policy design.
Integrations
Enabling unified login with Kaseya One
This article explains how a security admin can enable the login to VSA 10 for all users at an organization using Login With KaseyaOne.
Environment
VSA 10
KaseyaOne
Prerequisites
A VSA 10 admin account that is member of administrator’s team
A KaseyaOne account with Master permissions
IMPORTANT The VSA 10 and the KaseyaOne user accounts must be associated with the same email address.
Enabling unified login v2
To enable login with KaseyaOne (unified login v2) for VSA 10, do the following:
Log into VSA 10 and navigate to Administration > Configuration > Settings > Log in with KaseyaOne.
Click Enable Login with KaseyaOne.
You will be prompted to log into KaseyaOne:
Enter your KaseyaOne username, password, and company name and then click Log In.
Enter the two-factor authentication code and click Verify.
KaseyaOne will open and show the VSA 10 on the My Modules list.
When you log in to the VSA 10 you will now see the KaseyaOne app launcher icon.
Clicking the icon will show a list of the modules enabled for login with KaseyaOne under the My IT Complete heading.
At the very top, you will see a link to open KaseyaOne.
Unified login for the VSA 10 is now enabled. All users with accounts in both KaseyaOne and the Partner Portal can now use their KaseyaOne login to access the module.
Disabling VSA 10 login with IT Complete for your entire organization
To disable the ability of users in your organization to log in to VSA 10 using IT Complete (KaseyaOne), follow these steps:
Log into VSA 10 and navigate to Administration > Configuration > Settings > Log in with KaseyaOne.
Click Disable Login with KaseyaOne.
You’ll be logged out for security purposes and receive a confirmation message. You will need to log back in with your VSA 10 local credentials.
Logging in using KaseyaOne log in credentials
If your administrator has enabled log in with KaseyaOne, all VSA 10 users whose primary email address matches that of a user in KaseyaOne can log into VSA 10 using their KaseyaOne credentials.
Using the KaseyaOne log in provides centralized access and seamless navigation to any other Kaseya modules where you have an account.
To use your KaseyaOne credentials, do the following:
Enter your VSA 10 Username and click Log In with KaseyaOne. You will be redirected to the KaseyaOne log in page.
Enter your credentials and authentication code. VSA 10 opens.
The app launcher icon appears in the top right corner. From there, you can easily navigate to any other connected Kaseya modules.
Auth & Provision | KaseyaOne Settings | JIT
Once you have enabled KaseyaOne Unified Login for your organization, you can automatically create VSA 10 user accounts for people without one, known as Just-In-Time (JIT) provisioning.
The objective of the Automatic User Creation tab is to create new user accounts for users who are coming from KaseyaOne to VSA 10 on the fly. For example, if a user is coming from KaseyaOne and has no account in VSA 10, the user’s account can be created on the fly using the default options using the Automatic User Creation tab or Just-in-Time feature.
For existing users in VSA 10 who log in from KaseyaOne, only first name and last name are to be updated based on the user info coming from KaseyaOne. In this case, KaseyaOne is taken as the source of truth. Existing users’ security roles will stay as they are defined in VSA 10 previously.
Prerequisites
You should have a KaseyaOne account.
a. Kaseya One Guides: Home (kaseya.com)
You should have admin access to VSA 10.
You should have KaseyaOne integration enabled.
Steps
Once the above prerequisites are in place, go to KaseyaOne Settings page (Configuration> Settings > KaseyaOne Settings > Automatic User Creation tab.
Enable the Automatic User Creation tab by dragging the slider to the right. A set of options under the Default User Team section appear. The chosen team will be the team given to the auto-provisioned user.
Click Save. The defaults are now saved.
At this point, after saving, if you disable the slider, the form will still be visible but the fields will remain unselectable. After you enable the Automatic User Creation tab for the first time, the form will remain visible even after you disable the tab later; however, the fields will remain unselectable.
Integrated Service Ticketing with BMS/Vorex
A new ticketing module has been released for technicians and IT teams within VSA 10. A technician who uses VSA 10 can access ticketing from either the VSA 10 WebApp or the VSA 10 mobile app (iOS or Android).
With this innovation, VSA 10 has improved the ticketing process as technicians can manage tickets within the same tool they will use to identify and fix the issue - and they can do this anywhere with the full functionality of the VSA 10 mobile app.
Prerequisites
You should have the BMS/VOREX integration enabled
You should have ticketing permission on VSA 10 (Edit)
You should have your BMS/Vorex credentials
There will now be a ticketing menu item available in the VSA 10 menu to access this feature. Here, users can view, create, update and monitor real-time status of tickets that are being resolved - using any device of their choice.
The launch of this in-app ticketing module has simplified the process and made it more efficient.
Steps
Once the above prerequisites are in place, go to the Tickets Module and enter your BMS or Vorex credentials.
You can view and edit all the tickets that you created or any ticket that you have permission to view/edit.
You can create or edit a PSA ticket directly from VSA 10
By reducing the time spent on ticketing, technicians will be able to concentrate on other key tasks, without having to switch dashboards or login to a separate portal.
Upgrade Wizard
The Upgrade Wizard now includes select and transfer Agent based VSA 9 Monitor sets to VSA 10 Device Monitoring Profiles. Once transferred the Profiles can be used in any Device Policy as part of the monitoring. The supported VSA 9 monitor sets are:
Performance Counters
Services
Processes
Mobile App
Integrated Service Ticketing with BMS/Vorex
The BMS / Vorex integrated service ticketing feature will also added to the Mobile Apps as part of this release.
Access the Integration screen and enter valid credentials:
View ticket details:
API
API enhancements in this release focus on Platform information, Custom Data, and Object Filtering, and contain several new API endpoints:
Get Environment Information – Use this endpoint to get platform information including version, server type, language, region, and more.
Scopes
Get All Scopes – returns a list of Scopes
Get a Specific Scope – returns the details of a specific Scope
Get Scope Usage – returns a list of places where the Scope is used
Custom Fields – this set of APIs can be used for Organization, Site, Group, and Device Custom Fields
Get All Custom Fields – returns a list of Custom Fields
Get a Specific Custom Field – returns the details of a specific Custom Field
Get Custom Field Usage – returns a list of places where the Custom Field is used
Assign a Custom Field – assigns a Custom Field
Update an Assigned Custom Field – updates the value of an assigned Custom Field
Unassign a Custom Field – unassigns a Custom Field
API documentation can be found at < YourServerURL >/api
V10.6
January 25, 2024
The release of VSA 10.6 is one of the most exciting updates in VSA’s history. This release includes a revolutionary upgrade to policies to greatly increase flexibility, targetability, and efficacy of policies. Additionally, version 10.6 also two major enhancements to patch management capabilities with manual patch approval workflows for organizations that want greater specificity and control in their patching process and end-user reboot prompt controls to increase the ease of patching around end-user schedules. Finally, there were several updates to the UI/UX in order to support the major enhancements to both patching and policy management while also continuing to improve the ease and speed of manually actioning a large number of endpoints simultaneously.
Key Feature Enhancements
Policies
This release includes major enhancements to Policies, bringing the next iteration of Policy Design improvements to the product.
Refer to this link for a detailed explanation of Policies and the updated design.
Please note: The changes in this release only apply to Device Configuration and Monitoring Policies.Other Policy types, such as Patch Management and Endpoint Protection, will be converted to this new design in future releases.
Please find the video link for the policy overview: Policy Overview
Following is a summary of the specific changes to Device Configuration and Monitoring Policies included in this release – you can read more about each of the changes below:
Introduction of Targeting capabilities directly within the Policy editor
Introduction of an “All Organizations” object in the Organizations page
Designation of Profiles as Cumulative and Non-cumulative
Introduction of Effective Settings
UI / UX Enhancements to Several Product Pages
Introduction of the Basic Profiles and Policies Package
Introduction of Targeting capabilities directly within the Policy editor, including Selection Preview
Context Targeting – Although Context Targeting was already supported prior to this release, it required a manual step of assigning a Policy directly at each Organization, Site, and/or Group. This release adds the ability to assign Organizations, Sites, and/or Groups directly within the Policy editor. As of this release, Context Targeting is only supported within a root Policy and not available for editing within Extensions. However, Context Targeting within Extensions is currently planned as an improvement for Q1 2024.
Device Criteria Targeting – Device Targeting is an entirely new feature to Policies and enables the ability to use certain device attributes for automatically assigning Policies to specific devices based on these attributes. For example, by creating an Extension and selecting Windows Servers as an OS Type, the Extension will automatically apply to Windows Servers within the Context that the Policy has been assigned to. As of this release, Device Criteria Targeting is only supported within Extensions. Root Policies are automatically applied to “All Devices” - Extensions can be used to refine settings for specific types of devices.
Device Criteria Targeting currently supports three device attributes:
Device Type
OS Type
Device Manufacturer
Introduction of an “All Organizations” object in the Organizations page – this new entity enables the ability for a Policy to be assigned to all current and future Organizations.
Introduction of Extensions - An Extension allows you to adjust a Policy’s settings for a subset of the Policy’s Targeted devices. This includes the use of deterministic Targeting Criteria for the following Device attributes:
Operating System (includes Major category of OS and major versions)
Device Type
Device Manufacturer
An Extension is effectively a child Policy that remains associated with its parent. The Extension automatically inherits the settings and targeting criteria from its parent; however, you can adjust the Targeting Criteria to refine your device selections and you can add, change, and remove Profiles while leaving any relevant Profiles from the parent intact.
Designation of Profiles as Cumulative and Non-cumulative - prior to this release, all profiles were non-cumulative, meaning any given profile could only be applied once to any given device through its Policy. This release introduces the concept of Cumulative Profiles to ensure that certain types of Profiles can be assigned multiple times within a given Policy.
Cumulative Profiles - are specific types of Profiles that can be applied to a device more than once because their settings are considered safe for layering – meaning, their settings do not exactly conflict if applied more than once. Examples of cumulative Profile types can be found in Monitoring Profiles.
Non-cumulative Profiles - are specific types of Profiles that can only be applied to a device once because their settings within the Profile are considered problematic for layering – meaning, their settings directly conflict if applied more than once. Examples of non-cumulative Profile types can be found in Device Configuration Profiles.
If you try to add an additional non-cumulative Profile of the same type within the same Policy, the UI will automatically replace the current non-cumulative Profile with the newly selected Profile. You will be able to instantly view this result within the Policy editor, and quickly adjust it if needed.
Introduction of Effective Settings - Effective Settings provide the visibility of the Policies, their Profiles, and the actual settings that have been assigned and applied at all levels of your environment. This includes Organizations, Sites, Groups, and most importantly devices.
UI / UX Enhancements to Several Product Pages
Policies Page – Updated to accommodate the new features of Policies
Profiles Page – Updated to include a new Folder “All Profiles” that includes paging and enhanced filtering when working with all your Profiles
Organizations, Sites, Groups – Policies have been migrated to a new “Policies” tab
Device Card – Introducing a new “Policies” entry within the Overview section
Introduction of the Basic Profiles and Policies Package
This release includes various preconfigured Profiles based on common configurations. A Basic set of Policies have also been included and contain a subset of the preconfigured Profiles, along with Extensions that provide settings adjustments for different Windows platforms.
The Policies will automatically be applied for new customers. However, for existing customers moving to this new release, the Policies will be added but will not be assigned to any Context – to make use of the new Policies, simply edit the root Policy and assign a Context.
Patch Management
Approval Workflows
With this release we introduce the “Patch Status” page with the list of patches identified within each Patch Policy.
The page allows a technician to review patches individually and either approve or reject installation. The list can be filtered by the Patch Category. Tabs are used to show only Pending, Approved, Rejected, or All Patches.
The following information is shown for each patch:
Patch name with identifier and release date.
Link to Microsoft Support article.
List of applicable operating systems (Microsoft products).
Security-related CVSS score.
Reboot behavior.
Patch category.
End-user Reboot Prompts
This release makes the patching reboot on end devices more predictable by displaying reboot prompts in advance. An end user can either postpone the reboot or execute it right away.
A technician specifies a reboot deadline and the time up to 23 hours before the deadline to start showing prompts.
UI / UX Enhancements
Multi-Selection and Bulk Actions
This release adds multi-selection and bulk action capabilities to the Advanced Search page.
There are a number of selection options available including the ability to perform single selection, multiple selections, page selections, and select all.
Select a device by clicking its checkbox:
Press the SHIFT key after making the first selection to select multiple devices on the same page:
Click the “Select Page” checkbox in the header of the selection column to select all the devices on the current page only:
Click the “Select All Items” button under the Search input to select all devices across all pages:
NOTE: Consider the following when using this option:
Final device selection is determined at the time that a bulk action is executed.For example, if you choose “Select All Items” and in the time between this selection and performing a Bulk Action a new device has been added to the table, that new device will also be included for Bulk Action execution. This same behavior exists for devices that may have been removed.
Devices can be explicitly excluded from the “Select All Items” option by using the following deselect options:
Clicking the checkbox again to remove the selection
Clicking the “Select Page” checkbox in the header of the selection column to remove the selections for the current page
Press the SHIFT key to deselect multiple devices (on the same page) at once
Using the “Deselect Page”
To exit or clear “Select All Items” use the “Clear All Selections” option from the dropdown menu
These options can also be accessed using the selection options menu:
The following Bulk Actions are available in this release:
Run Script
Run Workflow
Move Devices
Delete Devices
NOTE: Additional Bulk Actions are planned for future releases.
Bulk Actions can be accessed from the “Actions” menu which will be enabled when at least one device has been selected on the Advanced Search page:
In this example, the User has selected the Run Workflow Bulk Action and is required to select a Workflow to continue:
The User must confirm that they want to run the Bulk Action. Please note that certain selected devices may not be eligible for execution of a bulk action and will be skipped during execution:
The progress and results of the Bulk Action can be viewed by clicking the Bulk Action History button:
Please note that Device-level history will be added to the Bulk Action History in a future release.
In this release, Device-level results can be viewed from the Audit Log by selecting the new “Bulk Action” category:
Automation
Replace Workflow Action in Editor
Workflow Actions can now be replaced with any other action in the editor. This makes it easier to quickly edit a translated VSA 9 Agent Procedure where some Workflow Actions may be marked red, not currently supported. It also improves the general Workflow editing experience, swapping any current Action with a few simple clicks.
Improved Workflow Action description
We want to build the most intuitive, graphically appealing and flexible automation engine available. In this release we have updated all available Workflow Actions with new informational messages explaining how each Action work, expected outcomes, required inputs and currently available Device support.
Remote Control
Automatic Reconnect for Windows
Automatic Reconnect has been enhanced with some minor UI changes and major functional improvements, which include automatically reconnecting in the following scenarios:
Dropped connections
Restarting a device
Signing off a user account
Switching user accounts
Any event that involves a loss of connection, other than graceful exiting of the application or invalidation of the session token
MacOS Improvements
This release adds new functionality to macOS Remote Control, bringing macOS in parity with Windows for the following features:
Blackout End User’s Screen – this feature allows a technician to black out the end user’s screen and block end user inputs such as keyboard and mouse.
File Transfer Support in Remote Control sessions (Copy/Paste) - this feature allows a technician to transfer files between source and destination macOS devices and includes cross-platform support when using Windows and macOS as either combination of source or destination devices.
MDM
MDM devices license
With this release we introduce a new category of licensed devices, called «Mobile Endpoints». This category refers to MDM enrolled devices, such as iPhones, iPads.
Please, keep in mind that macOS device will consume an «Endpoint» license, regardless of enrollment type (MDM or agent).
Update Device Info
This release introduces an automatic update of asset information for MDM-enrolled devices, including the version of Operating System. The information is updated once per day.
Advanced Reporting
“Patch Policy Compliance” template
The new “Patch Policy Compliance” report template complements the existing ”Missing Patches” report. This new report template shows the number of confirmed updates as it relates to the selected Patch Policy.k
Performance improvements
This release also contains Advanced Reporting performance improvements that will significantly speed up the processing of large datasets, like “RMM - Applications”.
Content
Built in Profiles and Policies
No matter if you are an MSP managing many different clients or an MME managing one or more sites or offices, the need for a granular Policy assignment on Device types is a key. To enable your success utilizing the powerful VSA 10 Policy features released in 10.6 we deliver an extensive set of Monitoring and Device Configuration Profiles out of the box and a suggested set of basic Policies. Read more about the specific Policies and Profiles here.
V10.5.1
October 31, 2023
The release of VSA 10.5.1 includes several enhancements to improve the daily management of your IT ecosystem. This release includes improved variable support in automation, availability data for offline Linux and MacOS devices, an expansion of the Upgrade Wizard’s capabilities, and 8 new network device management templates.
Key Feature Enhancements
Automation
Variable support in Workflow Actions
This release is a major milestone in our efforts translating Agent Procedures to Workflows. In our previous 10.5 release we introduced environment variables support as part of the Workflow Actions where a file path is used. We continue this work with supporting variables in several commonly used Workflow Actions, enabling you to create even more powerful and dynamic automation. The variables are available by entering “#” followed by variable name in the drop-down list in any of the following Workflow Actions below:
Change Custom Field Value – As input value.
Send Email - As recipient, subject and body. Please note only one recipient is available as variable input, but multiple recipients can also be added manually.
Execute File - As part of the file path and command syntax.
Execute Shell Command - As part of the shell command syntax.
Execute PowerShell Command - As part of the Powershell command syntax.
Send Message - As part of the message to be sent.
Write Workflow Log - As part of the log to be written.
Write File - As part of the file path.
Get Device Value, Filesystem - As part of the file path.
We will continue adding additional variable support on more Workflow Actions coming releases.
Picture: A “ktemp” variable translated from Agent Procedures in the file path when downloading a file from Managed Files.
Picture: The Workflow Action “Execute File” using a environment file path variable in combination with a custom constant string Workflow variable containing all required command line switches.
Pictured: A file size variable created with “Get Device Value, File Size” used in the “Send Message“ Workflow Action.
Upgrade Wizard Updates
Agent Procedure to Workflow Actions Translator Update
The Agent Procedures to Workflow translator in the Upgrade Wizard now translates the supported variables above. The translator is also available XML file-based Agent Procedure export files in “Automation, Workflows, Actions, Create From VSA 9 Agent Procedure”.
BMS Integration Enhancements
The upgrade Wizard now detects any existing BMS integration configured in VSA 9, complete with URL, Company Name, Region and API user name. This simplifies the upgrade process as the only requirement in the Wizard will be to re-enter the dedicated API user password.
Audit
Application List for Linux and BSD
The Audit process for Linux and BSD has been improved and now includes the list of applications for VSA 10 Agents installed on these Operating Systems.
Availability of Data for Offline Agents
In addition to the enhancements made to Linux and BSD Agent Audit data, the Asset Info and Applications data for Linux, BSD, and macOS Agents are now available even when the Agents are offline.
UI / UX
Pagination
This release adds Pagination to the Advanced Search page which allows complete visibility of all enrolled and agented devices and provides the following navigation benefits:
The number of items displayed on each Page can be adjusted.
Navigate directly to a specific page.
Navigate directly to the Previous Page or the Next Page.
Navigate directly to the First Page or the Last Page.
Content
A new set of SNMP Profiles have been Added to further simplify monitoring of common network devices.
Switch: Cisco Catalyst
Server: Dell iDRAC (now all versions in one template)
AP: UniFi Generic
Firewall: Fortinet FortiGate
Firewall: SonicWall Generic
AP: Cisco Generic
Switch: Dell Generic
Router: MikroTik Generic
V10.5
September 28, 2023
The release of VSA 10.5 offers many new enhancements to make building and managing automated workflows easier, a major new integration with Datto Networking products, and many enhancements to reporting. VSA 10.5 includes the much-anticipated release of the integration with Datto Networking products to support quickly and easily analyzing and remediating network issues. Additionally, this release increases the configurability of remote control sessions to allow for more granular management of both the IT professionals’ and the end user’s remote control experience.
VSA 10.5 supports our mission of automating more so that IT professionals stress less with a major update to the VSA 10 API, several new standard automation functions including WebHooks, and the new capability to leverage automated workflows for non-device-based actions. Finally this release offers 6 new report templates, improvements to the mobile app, and increased control of mobile devices via the device card.
Key Feature Enhancements
Discover and Manage Datto Networking Devices
The Datto Networking integration with VSA 10 allows you to see and manage your endpoints and network infrastructure side by side.
When an issue that starts from the endpoint requires troubleshooting and interfacing with the network, you can seamlessly view information about the infrastructure device of interest. If you need to act, you can issue a set of quick actions directly from your VSA 10 dashboard, or, for more advanced configuration, jump straight into your Datto Network Manager dashboard for that device.
Supported Devices:
Access Points (also contains information about connected devices)
Switches (also contains information about connected devices)
Routers
Not including DNA devices
Managed Power
Discover Datto Networks and retrieve detailed asset information from the Datto switches, routers, access points, and managed power devices.
To access and use the new integration:
Log into VSA 10 Web App
Navigate to Integrations > Datto Networking > Switch to Portals tab
Switch to Networks tab > Choose one of your Networks and map it to the right organization
Switch to Devices tab > You can filter devices by different parameters
Hover over on device > Enroll Device > Choose Agent Group
Retrieve detailed asset information:
Execute commands like remotely resetting an Access point:
or resetting a Switch port:
Use contextual deep links to access the management dashboards of Datto Networks and its devices.
Enroll Datto Networking devices to unlock management functions that can be performed directly the VSA 10 UI to enable support technicians to resolve client networking issues faster. Enrolling a Datto Network Device will consume an Endpoint license.
The integration enables more effective troubleshooting and reduces the number of clicks (time) and context-switching from a single panel.
Local IP Information for Agents
This release introduces auditing of Local IP information for all “active” network interfaces. Supporting both IPv4 and IPv6, information is made available in the Device Card, Advanced Search, and the Top Bar Universal Search (aka Quick Search).
This data is audited as “System Fields” which means the data is updated much more frequently than standard Audit data. System Fields update much closer to real time.
Device Card
A new “Local IP addresses” entry has been added to the Device Card Overview section and will display the name of the network interface along with the IP address. If multiple entries are found, the entry will provide the number of additional entries.
When hovering over the entry, a tooltip will display all interface names and their associated IP addresses.
By clicking the entry, more details will be available for each network interface including data such as Subnet Mask, Default Gateway, DHCP Enabled (yes / no), and DNS Servers.
Advanced Search
The new “Local IP address” field has been added as a new column in Advanced Search and functions like the Device Card with hover-over tooltip information.
The field is also available for Filtering.
Universal Quick Search
IP addresses have been added to the Top Bar Quick Search as searchable criteria to make it easier to quickly find devices based on IP information when working throughout the product.
Remote Control Profile Settings
There are several NEW Remote Desktop settings available in the Device Configuration: Remote Desktop Profile. These settings introduce some new Remote Control behavior and allow for more granular controls over the Remote session, and the technician and end user’s experience.
Allow end users to confirm new Remote Desktop sessions and either accept or reject them (disabled by default).
Enable end user notifications for starting and ending Remote Desktop sessions (enabled by default). These notifications are NEW and operate separately from the existing pop-up dialog.
Control the behavior of the existing Remote Desktop pop-up dialog, allowing technicians to enable or disable the entire dialog, and to optionally hide session information and the end user’s ability to disconnect the session.
Enable automatic desktop locking when Remote Desktop sessions end.
Advanced Reporting
Additional granularity
Granularity was added to the dataset level, allowing filtering reports by Organization, Site, Group, Device name, and other parameters.
New dataset “RMM - Internal IPs”
The new dataset “RMM - Internal IPs” extends the “Local IP Information for Agents” feature. It allows customers to use information like Local IP, DNS address in Advanced Reporting.
New report templates
New templates were added:
“Network devices”
“Remote control sessions”
“Tabular Assets List with custom fields”
“Patch Policies”
“Patch Schedules”
The release includes improvements increasing datasets performance.
Deprecated reports
Several templates are marked as “- deprecated” and will be removed in future releases.
Please use:
“Windows Missing Patches” instead of “Windows Pending Critical & Important Patches”
“Operating Systems Versions” instead of “Linux OS versions - deprecated” and “Mac OS versions - deprecated”
”CPU models” instead of “Servers CPU models - deprecated”
“Devices with a low amount of RAM” instead of “Servers with a low amount of RAM – deprecated”
API v3 Enhancements
Continuing in our API expansion effort, several changes and improvements have been made for this release.
API v3 documentation is available from each instance at YourServerURL/API.
NOTE: To access API v3, you must first create a Third-party token
API v3 Changes
Devices
The previous “Systems” API endpoints and URL references have been renamed to “Devices”
“Device” data now includes information about Custom Fields
API v3 – NEW Endpoints
Devices
Get Device Custom Fields – this new endpoint returns Custom Field information for a given Device
Organizations
Get All Organizations – returns a list of Organizations
Get a Specific Organization – returns the Organization details
Get Organization Custom Fields – returns the Organization Custom Fields
Sites
Get All Sites – returns a list of Sites
Get a Specific Site – returns the Site details
Get Site Custom Fields – returns the Site Custom Fields
Groups
Get All Groups – returns a list of Groups
Get a Specific Group – returns the Group details
Get Group Custom Fields – returns the Group Custom Fields
Get a Group Package – returns the Name and Download URL for Group install package
Notification Webhooks – Using Notification Webhooks allows a third-party to subscribe to certain Device Notifications. Notification Webhooks are directly associated with the API Token used to create them. If an API Token is revoked, any Notification Webhooks associated with it will cease to function.
Get All Notification Webhooks – returns a list of Notification Webhooks
Get a Specific Notification Webhook – returns the Notification Webhook details
Create a Notification Webhook – creates a Notification Webhook
Update a Notification Webhook – updates a Notification Webhook
Re-generate a Notification Webhook – re-generates a Notification Webhook secret key
Delete a Specific Notification Webhook – deletes a specific Notification Webhook
Mobile Application
New fields have been added to the Computer Information to indicate if a device is managed by MDM or by an Agent:
Patch Policy Dashboard Widgets
We introduced new widgets for better patching visibility.
Patch Status
Patch Status widget divides devices into two categories: fully patched devices and devices with missing critical or important updates. Hidden updates are not considered.
Patch Policy Compliance
Patch Policy Compliance widget assesses device patching status based on approved patches via Global and Patch Policy OS Rules.
To easily view the patching schedule, the widget also displays the upcoming deployment and reboot schedules.
Microsoft Security Patching Rules
With this release it is possible to build patching rules automation based on the Microsoft security classification (MSRC). It means that Security updates category has expanded into 5 categories:
Security updates – Critical
Security updates – Important
Security updates – Moderate
Security updates – Low
Security updates – Unspecified
Patching Rules Actions Rename
To make patching automation more predictable we renamed Global Rules and OS Rules actions.
«Approve and Install» wasn’t changed.
«Don’t install and Hide» was renamed to «Reject and Hide».
«Don’t install» was renamed to «Skip and Review».
Silent Agent Deployment
With this release VSA agent will be silently installed during the MDM enrollment of macOS computer. Additionally, we added an explicit command to proceed with this silent installation from the Device card.
MDM Commands on Device card
With this release, we have added a dedicated section for “MDM commands” on the Device card of MDM-enrolled macOS computers. This is in addition to the agent-based commands.
Networks
Enhanced the Topology Map to expose additional NMAP scan data points in the device pane:
NIC vendor is now displayed alongside MAC address.
Device Type
Note: this is based on NMAP classification and does not automatically populate the device type in VSA, which uses different classifications.
OS Match
When enrolling a discovered device from the Topology Map, a warning will be displayed if the MAC address matches one or more existing enrolled devices.
Other Enhancements
Agent Enhancements
The BSD Agent is now supported on 64-bit ARM architecture.
MacOS Agents now support automatic version updates.
NOTE: Each existing macOS Agent will need to be updated to the latest version before automatic updates will work.
Linux, BSD, and macOS Agents are now included in search results when using the Top Bar’s Universal Search (aka Quick Search).
Remote Control Enhancements
This release includes several performance improvements for Remote Desktop sessions
The product will attempt to detect low bandwidth connections and automatically adjust connection parameters such as framerate, quality, wallpaper, and animations for better usability.
The Remote Desktop Relay algorithm has been updated to optimize the selection of Relay Servers.
Ransomware Detection
Updated Ransomware detection engine to version 1.2.1. This includes enhanced detection for new strains of ransomware, changed behaviors, and various other improvements to the speed and accuracy of detections.
Automation
New Deviceless Context for Workflow Automation
We are now introducing the deviceless Context for Ad-hoc and Scheduled Workflows, executing strictly from the VSA 10 server, without the need for any specific Scope, Org or Device. This is our first step expanding the Automation capabilities beyond just being Device centric, targeting any external Cloud services.
The current list of supported deviceless Workflow Actions is:
Conditions
End Workflow
Send Email
API Call (new in 10.5)
Workflow Log
Please note that only Custom Fields variables can be exposed in the above deviceless Actions.
Introducing the API Call Workflow Action
API Call executes strictly from the server and can be used in any of the Contexts, including the new deviceless Context above. API Calls can be used to send a custom payloads to a URL’s, commonly called Webhook Endpoints. In this first version the authentication must be embedded as part of the URL and all the available variables can be used in the payload, making it extremely customizable to execute automation such as:
Azure Runbooks to pause/resume a virtual machine
Send custom Teams or Slack messages
Update a CMDB database with newly discovered Devices
Alert a 3rd party Service Desk or Monitoring system with detailed trigger information
The API Call Workflow Action contains 3 fields and one toggle.
The web URL with embedded authentication hosting the Webhook Endpoint. Once the URL is added and the Workflow is saved the field will be masked.
Content type allowing to specify the payload format:
Application/XML
Text/XML
Application/JSON
Application/X-WWW-FORM-URLENCODED
Text/HTML
Payload content complete with variable support.
Timeout API Call after X seconds. The default value is 3 with a maximum of 10 seconds
Picture: The API Call Workflow Action sending a custom payload to a Teams Channel Webhook endpoint
Clone Workflows
You can now clone any existing Workflow, making it easy and fast to use existing Workflows as preferred templates and best practices or when you just want to make minor changes on existing ones, keeping the original.
Advance Workflow search and filtering
The ability to search and filter has been added to make it easy navigating a growing list of Workflows. Search for name and description. Filter by Scope, Trigger type, Last executed and Last changed, among others. You can also expand the column list to make it easy to sort any list of Workflows to your specific needs.
Extended KB articles with practical examples covering Workflow features
We regularly publish new KB articles in the VSA 10 help section covering key Workflow features complete with practical examples. Access the KB articles section “Automation - Scripts, Tasks and Workflows“ from the help icon at the top right corner. Latest additions:
Working Directory
Get Device Value
API Call
Bug Fixes
Integration
Fixed an issue in Automation Workflows where Create PSA Ticket and Update PSA Ticket was not enabled for BMS and Vorex.
V10.4
August 04, 2023
The release of VSA 10.4 offers many new enhancements to empower you to automate more and manage your IT ecosystem more efficiently. VSA 10.4 supports significantly more automation use cases and allows for much easier and robust PowerShell usage in the Automation Builder. Additionally, this release offers two improvements to patch history logging and reporting including 2 additional standard report templates. Finally, the release 10.4 now supports mass Mac and iPhone device enrollment by crowdsourcing the initial enrollment to end users via email request. This enrollment process also connects their Apple account with the device allowing for more robust user management in VSA.
Please read on to dive deeper on the exciting new enhancements or watch our short 10.4 Release Summary Video:
Key Feature Enhancements
Automation
New Workflows Actions and Conditions
The Workflows are now capable of delivering even more extensive automation without the requirement for advanced scripting skills. Common automation actions like running PowerShell and Command line one-liners, edit the Registry and download, extract and delete Zip files are now part of the ever-growing set of Workflow actions. We also introduce the Workflow Action “Get Variable” giving users the capability to query devices for specific apps and services running, registry keys and values present, user logged in or active among others. The queried values can then be used as variables in Workflow Conditions.
New Actions list
Execute PowerShell Command: Execute any PowerShell one-liner with the option to create a named output variable for use in Conditions.
Delete File: Delete named file in a path. Working folder is default path is not specified.
Delete From Registry: Delete a named Registry Key or specific Value
Set in Registry
Unzip File: Unzip named file in a path. Working folder is default path is not specified.
Get Variable, Services and Applications section
Is Process Running: Evaluate if one or multiple named Processes are running and returns a True/False response as variable for use in Workflow Conditions.
Is Service Running: Evaluate if one or multiple named Services are running and returns a True/False response as variable for use in Workflow Conditions.
Is User logged in: Evaluate if any or named user(s) are logged in against the console and returns a True/False response as variable for use in Workflow Conditions.
Is User Active:
Evaluate if any or named user(s) are active against the console and returns a
True/False response as variable for use in Workflow Conditions.
Get Variable, Registry section
Registry Key Exists:
Registry Value Exists:
Get Variable, Services and Applications section
File Exists: Evaluate if file exists or not.
File Timestamp: Evaluate the file created
File Contains: Set conditions based on file content.
File Version: Set file size conditions.
File Size: Set file size conditions.
Get Variable, General section
General:
Constant Value:
Get CPU Architecture:
Updated Action list
Execute Shell Command: Added the option to create a named output variable for use in Workflow Conditions.
Execute File: Added the option to create a named output variable for use in Workflow Conditions.
Picture: Executing a PowerShell one-liner to variable.
Upgrade Wizard
The upgrade Wizard now translates Agent Procedures to Workflows during the upgrade process. All previously existing and newly added Actions and Conditions in the list above are supported, producing Workflows by interpreting the Agent Procedure content. Any Action or Condition not yet supported will be colored in red and rendering the Workflow as unactive, unable to be activated. The Workflow can, however, be edited or modified.
Patching
Patch History
With this release VSA now identifies and stores the list of installed OS patches. To display the list, we use Windows Update -> Installed Patches page within a Device Card.
Please note that VSA utilizes the Windows Update Search method to retrieve the list of installed patches. However, it is important to be aware of certain limitations associated with this method, which may lead to inconsistency in the list of installed updates. In next versions, we will continue working to enhance the method of getting an effective list of installed patches.
After this update, VSA will store the list of updates in the database. This means that both pending and installed updates will be available for offline devices as well.
Reporting
Two NEW report templates accompany the enhancement to Patching and are available within the “Advanced Reporting” module:
Missing patches
Installed patches
MDM
Email device enrollment
In previous releases we added MDM capabilities to enroll and manage Apple devices. With this release we expanded this with user invitations. You can now send invites to existing users or create new ones instantly using the MDM enrollment page. Simply specify the organization and users you want to invite. Every user will receive an individual email with enrollment instructions.
You can manage users’ information in the Client Portal > End User Accounts page.
The device card now displays the user it is assigned to. In upcoming updates, we will add an interface that allows for changing the assigned user.
Other enhancements
Device Card
A NEW “Assigned User” field has been added to the device card and is available in both the Web and Mobile applications.
The field will be shown for the following Device Types
Windows Agents
macOS Agents
Linux Agents
iOS devices
iPadOS devices
The field will automatically display the user associated with a device. This association list can be viewed and modified for a given End User Account in “Client Portal / End User Accounts”
API Standardization Using REST and OData Best Practices
Endpoint response properties have been updated to standardize on the PascalCase naming convention
Endpoints that return lists have been updated to use OData and now support paging, filtering, and sorting
Mobile Applications
The iOS and Android mobile applications have been enhanced to include support for MDM devices.
Linux Agents
Linux agents now support Service monitoring when using “Monitored Services” profiles
V10.3
June 29, 2023
The release of VSA 10.3 offers many new enhancements and integrations that will support securing and managing your IT ecosystem more efficiently. VSA 10.3 now offers the ability to centrally store and developer files to documents such as custom app installers, printer drivers, or even a welcome letter. Release 10.3 includes several major enhancements to the Patch Management module including Risk Based Patching with CVE/CVSS Rules, robust Windows Update configuration, and macOS patching. Additionally, there are 6 new SNMP management templates and 6 new reporting templates to continue delivering on our promise of consistent new content to make your job easier.
Please read on to understand the exciting new enhancements that release 10.3 brings to continue to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Remote Control
This release includes two NEW features to improve the Remote-Control experience:
“Native” 1-Click Access – Native 1-Click is a NEW option to our existing 1-Click capabilities. The feature allows a technician to establish a Private Remote Desktop Session with a target Windows Agent while the Windows log in process is simultaneously and automatically performed in the background using a preconfigured local administrative user account, all with a single click.
One of the key benefits of this feature is to enable a technician to establish a remote administrative session without the requirement to first create a user account on the target device, and without the requirement of knowing the credentials of an existing local user account.
The use of this feature can be restricted with a Teams Permission setting.
NOTE: “Allow 1-Click Access” is enabled by default for all User-defined Teams but can be explicitly disabled for each Team.
To further understand this feature, the following outlines the steps that occur when using Native 1-Click:
A local administrative user account with a randomized password is automatically created on the target Windows Agent. If the user already exists, from a previous 1-Click session for example, the account will be enabled and a random password will be applied. The name of the local account can be customized in Configuration / Settings / Remote Control Settings.
A Private Remote Desktop Session is launched and the credentials from the previous step are used to automatically log in.
Upon termination of the session, the local user account is disabled.
The use of 1-Click is logged and can be tracked in Server Admin / Audit Log.
Blackout End User’s Screen – This new capability is useful for working with sensitive information and devices during Remote Control sessions. It allows the technician to optionally block a local user (aka end user) from viewing the technician’s screen activity while the Remote Control session is active.
In addition to blocking the local display, the local inputs (ie. Keyboard and mouse) will be disabled to prevent a local user from inadvertently interfering with the technician’s remote activity.
Managed Storage Support (Managed Files)
VSA 10 now includes the ability to centrally and securely store and distribute files to devices. Upload files to VSA 10 from the UI and use the “Write File” Workflow Action for common automation tasks such as custom applications installers, fonts configuration files distribution and printer drivers. Files are encrypted at rest and in transit, decrypted by the device.
Upload and store files on VSA 10:
Use Workflow Action “Write File” to download files to devices:
Patch Management
CVE/CVSS Rules
With this release, it is now possible to configure Patch Policy automation rules using vulnerability codes (CVEs) or vulnerability severity scores (CVSS). This simplifies the risk-based patching configuration.
Windows Update Configuration
To help you stay compliant with Patch Policy, VSA now offers the ability to fine-tune the Windows Update service. With this feature, you can prevent end users from making modifications to patching configuration and also have control over automatic updates. You can also defer quality or feature updates, and configure active working hours.
Additionally, Patch Policy now supports driver updates, although please note that this option is turned off by default.
macOS Updates Configuration
With this release, you can now configure updates for macOS computers. It is possible to control
automatic updates of the operating system, internal software, and AppStore applications. Additionally, you can specify a deferred period for major and minor operating system updates.
These settings are supported only for computers enrolled through MDM.
Mobile Application - Launch Ad-hoc Workflows
This release includes a feature to run ad-hoc Workflows from the Mobile Application for active Workflows that contain Ad-hoc or Scheduled Triggers.
The key benefit of this feature is to allow a technician to quickly execute ad-hoc Workflows directly from their Mobile device without having to access the Web Application.
To access the new feature, tap Workflows on a System:
New BSD Agent
This release includes a NEW Agent, which supports installation on BSD platforms such as pfSense, FreeBSD, and OpenBSD.
The BSD Agent is based on the VSA 10 Linux Agent and will support the same functionality. It will also be included in search and other query results when using pre-defined “Linux” filters.
KaseyaOne “K1” SSO v2
VSA 10 has been updated with a new version of KaseyaOne Single Sign-on.
The new version includes several important updates:
Introduction of a new SSO flow based on the OIDC standard – This change greatly simplifies the configuration and account mapping process by reducing the previous four-step configuration and mapping process from version 1, into one step in version 2. Refer to the new configuration steps below.
Introduction of a new requirement for mapping VSA 10 and K1 user accounts – Version 2 now requires a VSA 10 user account email address to match a corresponding K1 user account email address. The mapping, or association, of the VSA 10 user accounts with the K1 user accounts will occur automatically using the email address.
Migration of existing VSA 10 and K1 account mappings from v1 to v2 – For each VSA 10 user account that was previously mapped to a K1 account, it will either be migrated to v2 automatically, or the mapping will be removed.An existing mapping will be removed if the email address of the VSA 10 user account does not match the email address of the K1 user account it was associated with. To re-establish a mapping, update the email address of the VSA 10 account and the K1 account to match.
General usability improvements – Once KaseyaOne Log In has been enabled for a VSA 10 instance, all VSA 10 users with a corresponding KaseyaOne account will be able to Log In with their KaseyaOne account from the VSA 10 Login screen and from the VSA 10 K1 App Launcher icon on the right side of the Top Bar
Content
Additional SNMP Templates
6 New SNMP templates are available:
Switch: CISCO Catalyst: General
Firewall: Fortinet: General
Server: DELL iDRAC (all versions in one generic template)
Firewall: SonicWall: General
UPS: APC Generic
AP: UniFi Generic
Additional Report Templates and filters
6 new report templates are available in Advanced reporting:
Antivirus Protection Summary
Antivirus Protection
TOP problem devices
Unsupported Windows OS versions
Hardware compliance
Device performance
Additional filters were added to templates – Agent Group, Device Name etc.
V10.2
May 09, 2023
The VSA 10.2 Release is major step towards the Unified RMM vision of managing any device, any endpoint, any anything the same way. The 10.2 Release empowers you to discover, map, and manage Virtual Desktop Infrastructure as easily as you would manage any other endpoint. Additionally, this release included major enhancements to the VSA 10 API to support deeper and more secure integrations with third party applications. Based on client feedback, the EAP of Release 10.2 also includes a major change to Advanced Search to increase information density. Finally, this release includes several new SNMP profiles to easily manage HP iLO networking devices.
Please see below to dive deeper on the many new enhancements of release 10.2 that continue our mission to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Virtualization Discovery, Topology, and Management
VSA 10 now includes the ability to configure Hyper-V and VMware Connectors, allowing you to discover, view, and manage hosts and virtual machines.
By connecting directly to the hypervisor, VSA offers a single, consolidated view of your entire virtual infrastructure across multiple platforms.
You will need to create a new Integrations / Connector for each Hyper-V and VMware hypervisor you wish to manage.
Note: For Hyper-V, you must first install an agent directly on the host and then select the same host as the Hyper-V Connector probe.
Once a Connector has been added, we will expose the hypervisor and its child entities on the Topology Map and the new Systems / Active Connectors page. You can view version information, status, events, and other information from these product areas.
If you enroll the hypervisor’s “Host”, you will unlock the management features of both hosts and virtual machines, such as powering on/off, restarting, suspending, and working with snapshots.
Note: Enrollment of a host will consume a single device license.
VSA 10 APIs and Token-based Access Control
VSA 10 now includes a set of API Endpoints that are only accessible by using a secure token. The API documentation and sample data can be found by accessing https://<your_server_URL>/api Token-based API access allows technicians to grant explicitly controlled authorization tokens for a more secure API-only access entity that is distinctly separate from user accounts, while also consolidating the management of API access controls.
There are two methods of API access authorization that can be granted:
Trusted Applications – This allows a simple OAuth-based authorization process to be used to enable VSA 10 integration from an implicitly trusted product – for example, products that are part of Kaseya’s IT Complete product suite.
Note: Although the VSA 10 Trusted Application infrastructure is now ready, integrated products will be working with our team to convert their existing VSA 10 integration and legacy API calls to the new Token-based APIs.
We will be working with internal product teams over the coming months to coordinate such changes. Once the changes are in place, there will no longer be a need to hard-code a VSA 10 username and password into the integration configurations for such Trusted Applications. Instead, a simple OAuth process will be initiated from the integrated product and used to establish the implicit trust with VSA 10.
Third-Party Tokens – This allows the creation of a unique API Token that requires explicit trust configurations for controlling when, what, and from where the Token is authorized for use with respect to the API. Once the token is generated, the Token ID and Token Secret would be used to gain access to the API and its use would be restricted based on any authorization controls defined.
To increase security, you can define start and expiration dates, whitelist IP addresses for access restrictions, and control granular access to specific Organizations and individual API endpoints.
You can also revoke an existing token to immediately prohibit further use. By revoking an existing token, you will have 30 days until it is automatically deleted. To reinstate the token, simply regenerate the token secret prior to end of the 30-day period.
Note: Third-party tokens should not be used to establish integration with VSA 10 from other Kaseya products that currently support integration. Such products use a different VSA 10 API today and will be changed to use Trusted Application tokens in the future.
Content: Additional SNMP Profiles
New SNMP profiles to support the management of HP iLO devices
Other Improvements
Onboarding Checklist Update
This release includes new additions to the Onboarding Setup Checklist so that new users can learn how
to get the most out of VSA 10.
New Default Columns for the Advanced Search / All Systems View
We expanded the data columns that are displayed in the Advanced Search / All Systems view to enhance
your productivity and streamline your search experience.
Upgrade Wizard - API Time-Out Fix
A bug has been fixed where API connection timeout could occur when querying large amounts of Orgs in
the upgrade process.
SNMP Content: Network Device Profile Fixes
The built-in SNMP Template library is constantly improving with added devices and fixes. Refer to the
“created at” date in the Description field for each device template for the latest version.
V10.1
April 18, 2023
The VSA 10.1 Release offers many new innovations and integrations to better support your IT operations. This release includes the first version of our long-awaited Mobile Device Management capabilities supporting enrollment and basic management of Apple iPhone and iPad devices. Release 10.1 also features many major enhancements to patching capabilities including macOS patching, category and release-date automations, and more robust patch history logging. This release also includes integrations with and a suite of scripts to support automating and managing Datto Workplace and Datto File Protect. Finally, the Release of V10.1 offers several new reporting templates and 9 new monitoring profiles for common networking devices.
Please see below to dive deeper on the many new enhancements of release 10.1 that continue our mission to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Datto Workplace and File Protection Deployment Templates
Datto Workplace and File Protection deployment script templates are now available enabling easy deployment of each application and can be used ad-hoc or in combination with Tasks and Workflows.
You can find each of the scripts in Automation / Scripts / VSAX Starter Pack.
OS & Software Patch Management
This release includes two new Operating System Rules criteria:
Patch Category.
It is possible to install or reject a given patch based on its category. The following categories are supported: Security Update, Critical Update, Update Rollup, Service Pack, Tools, Feature Pack, Update, Definition Update.
Release date.
It is possible to install or reject a given patch based on the number of days since its release.
With this release we made Patch History statuses clearer and more consistent. Depending on the result of patch execution the statuses may be as follows:
Errors
OS updates were installed
OS updates were skipped
Software updates were installed
Restarted
The error popup now displays additional information, including the error code and message.
MDM: Apple Integration
This release includes MDM integration with Apple Services, which is required for comprehensive centralized management of iOS and macOS devices. Refer to Apple’s documentation for more information about how devices work with APNs.
In subsequent releases, we will continue adding new device-level management capabilities but as part of the changes in this release, you can now:
Create APNs (Apple Push Notification service) connectors - To start Apple device management with MDM, an APNs connector needs to be created per organization.Navigate to the “Integrations”-> “Connectors” page, Apple MDM tab, and click “Create Connector”.
Follow the steps on the screen to create the connector and it will appear in the list.
Perform Device enrollment - There is a new Device Enrollment page under the Systems navigation menu where Apple devices can be enrolled. Choose the Organization, Site, and Agent Group, the method of enrollment and follow the onscreen instructions.
Enrollment methods
QR Code enrollment – This method of enrollment is typically used for personal iOS and iPadOS devices (aka BYOD devices).
Link enrollment – This method of enrollment is required for macOS devices but can also be used for iOS and iPadOS.
USB enrollment – This method is typically used on business or corporate-owned devices and enables additional management capabilities. Only iOS and iPadOS devices are supported for this enrollment type.
Warning: USB enrollment is intended for new iOS and iPadOS devices only and will FACTORY RESET the device.
QR Code or Link enrollment:
USB enrollment:
Once enrolled, the device will have an MDM profile and can be managed by VSA 10.
Please note that enrolled devices may take up to 15 minutes to appear in VSA. If an enrolled device does not appear after an hour, please contact support.
Device cards
USB-enrolled devices (iOS and iPadOS only):
QR Code or Link-enrolled devices:
iOS and iPadOS devices:
macOS devices:
Following is an example of asset information for MDM devices:
All MDM-enrolled devices will automatically receive an ”EMM” Tag for easy filtering.
Advanced Reporting
This release includes new report templates that provide summary information regarding Ransomware Detection and Datto BCDR, like Protected vs Supported, Protected vs Detected etc.
There are also new templates for Device Summary, OS Summary, and Devices with low free space on the system drive.
In addition, a variety of minor improvements and fixes to the existing templates were made.
Kaseya One Application Launcher
This release includes the Kaseya One App Launcher which allows Users authenticating with their Kaseya One account to easily access their Kaseya Apps from the Application Launcher.
When a User authenticates using the Login with IT Complete option, the Kaseya One “K1” icon in the far right of the header is replaced with the Application Launcher waffle icon:
VSA 9 Agent Procedures to VSA 10 Automation Workflows Translation Tool
This release will introduce the first version of the translation tool for converting VSA 9 Agent Procedures to VSA 10 Automation Workflows. The tool will give VSA 9 users moving to 10 a better understanding of how any Agent Procedures will be represented as Workflows. To import and evaluate existing Agent Procedures from VSA 9, do the following:
Export one or multiple Agent Procedures as XML
In VSA 9, right click on any specific Agent Procedure or folder containing multiple Agent Procedures and choose export. Save the file to the suggested XML format.
Import Agent Procedure in VSA 10
In VSA 10, in the Automation / Workflows tab, a new button is introduced called “Import VSA 9 Agent Procedure”. When importing any Agent Procedure XML file, the translator tool will parse the file content and present the Agent Procedures to be imported in a list where you can select and continue. There will also be information about the current compatibility score 1- 5 for each Agent Procedure where 5 is the highest. This information gives an overview and understanding on what specific Agent Procedures features currently is available in Workflow Actions & Conditions.
Create Automation Workflows based on Agent Procedures
Any selected Agent Procedure within the imported XML file will generate a Workflow to be reviewed. The tool can be used to evaluate the currently supported Actions & Conditions translated from the Agent Procedures. The tool will also show any Action or Condition not yet supported by coloring it red and rendering the Workflow as inactive, unable to be activated. The Workflow can however be edited modified.
New set of SNMP Profiles for popular devices
New SNMP Profiles have been added to this release to make it simple to enroll and assign monitoring on 9 popular devices including:
Firewall: Check Point Generic
Firewall: Juniper Generic
Firewall: Palo Alto Generic
Firewall: Sophos/Cyberoam
Firewall: WatchGuard Generic
Router: Cisco Generic
Server: Dell iDRAC FW v1-6
Server: Dell iDRAC FW v7+
Switch: HP ProCurve
Additional Platform Improvements
Remote Control - Implemented a new algorithm for improved handling of invalid display objects to optimize session traffic for low bandwidth connections. Enhanced logging to support more performance and connection data.
MacOS Agent – Added .PKG support for the generic macOS Agent deployment package. This package is accessible via the Onboarding / Downloads page.
BMS Integration (some issues related to resetting the integration from VSA 10 depend on fixes from BMS, which are expected in BMS release 5.20.0)
Fixed a BMS Integration issue preventing VSA 10 Remote Control connections from being launched within BMS.
Fixed a BMS Integration issue where tickets failed to sync after resetting the integration from VSA 10 Integrations page.
Fixed a BMS Integration issue where the previous token was still being used after generating a new token.
VSA 9 Upgrade Wizard
Fixed an issue where the VSA 9 upgrade wizard was importing invalid users.
Fixed an issue where users imported from VSA 9 could not be edited or deleted.
Fixed an issue where the VSA 9 upgrade wizard gets connected when replayed but failed to work as expected.
Other Platform Fixes
Fixed an issue where notifications for performance counters failed to appear in Systems > All Systems > System from precondition > System Details > Notifications.
Fixed an issue where an Agent’s Network Interface audit would fail.
Fixed an issue where an Automation Workflow fails to initialize due to its Notification Parameters.
Fixed a Datto BCDR Integration issue where the system was sending an incorrect value for the secret key on server validation after the key was modified.
Fixed an issue where a Workflow’s Execute File action was not supporting 32-bit apps when executing them from the working folder.
V10.0
February 01, 2023
The VSA 10.0 Release offers many new innovations and integrations to better support your IT operations. This release includes major enhancements to automated workflows, upgrades to remote control to support concurrent multi-monitor setups, several updates to Software Management and the launch of the much-anticipated Advanced Reporting Module (previously known as BI Center).
VSA 10 includes many improvements to Mac and iOS management including audit support and more endpoint information as well as the first release of our Mobile Device Management module which supports enrollment, discovery, and asset management of iPhones. Release 10.0 also empowers you to automate more with a fully rebuilt and further enhanced integration with both the Datto BCDR suite of appliances and the Kaseya PSA/Service Desks including Autotask, BMS, and Vorex.
New Features
Advanced Reporting
With this release, we are glad to present the Advanced Reporting module (previously known as the BI Center) that empowers you to visualize data fast, make smarter decisions and easily report on the true value of IT. The starter pack includes 16 report templates in Executive, Audit and Compliance categories.
The live preview shows a limited number of pages immediately and allows to search and filter data.
Advanced Report Designer
The new intuitive designer is perfect for ad hoc or pixel-perfect reports with graphical content. Basic and advanced reporting modes are available for technical and non-technical users. Built-in expressions allow users to perform many types of calculations using a set of pre-defined functions. The drag and drop interface empowers you to create high-value reports quickly and easily.
Industry Standard Export Formats
Reports can easily be exported to Excel, html, pdf, csv, bmp, json and other formats.
Enhancements
Remote Control
Concurrent Multi-Monitor Support — In addition to the ability to work with multiple monitors individually, Remote Control now supports simultaneous viewing and control of all monitors, exactly as they are configured on the target device.
We also added thumbnails of monitors to make it easier to connect to individual monitors or all monitors at once.
Software Management
We have introduced a new option within Patch Policy to schedule a reboot when the patch process requires one. The addition of this functionality allows you more flexible control over the reboot process. You can now choose to either suppress, start immediately or specify when the reboot will occur.
The following changes to Patch Management are also included:
Software installation scripts now fully support Windows 11.
A paid version of Adobe Acrobat is now included with the 3pp Software Catalog. Both Pro and Standard versions are now supported.
We added Firefox ESR, the enterprise version of the Firefox browser, to the software catalog.
Policies
Pending Reboot Notification added to Endpoint Policies — You can now send a notification when a device requires a reboot.
Platform & Security Improvements
Password Complexity — With this release, you get improved security for managing user passwords by arming you with the ability to configure complexity requirements. Configured in Server Admin / Security and once enforced, if a user logs into the web application and their password does not meet the configured requirements, they will be prompted to change their password.
Note that for added security, some of the attributes, such as minimum password length, have pre-defined minimum values as determined by our internal security team.
Mobile Application
Support for Block User Input for iOS — We added the ability to block end-user input (keyboard and mouse) when using Remote Control within the iOS mobile application.
Approve 2FA from Apple Watch — Users who have the iOS mobile application and an Apple Watch can now approve or decline their 2FA login requests directly from their Apple Watch.
Content Packaging
We are introducing auto-provisioned and self-updating Content Package capabilities with this release. It enables vendors and third-party integrators to distribute compelling content to further enhance the VSA X platform and ease of use. The first available package is delivered by Kaseya and adds “Extended Audit For Serves and Computers” as a core component of the VSA X Audit capabilities.
25 custom fields for extended Audit and Reporting
30 Scripts
10 additional scopes
Integrations
Discover and Manage Datto BCDR Devices
We have rebuilt and enhanced the Datto BCDR integration in this release providing the ability to discover and manage BCDR appliances with the following benefits:
Discover Datto BCDR Appliances
Deploy Datto Continuity Agents to VSA X devices
Remote Control into Datto BCDR Appliances
View and Manage Datto BCDR Appliances
Please note manage is achieved via deep links into the Datto Native BCDR appliance
December 01, 2022
The December release of VSA X features two major innovations to improve both the security posture of your IT ecosystem and supercharge the productivity of your team. The first innovation is Ransomware Detection, an optional licensed add-on that will protect your users, data, and network from ransomware. The second innovation is a significant improvement to our integrations with both Autotask PSA and ConnectWise Manage PSA to include the ability to build automated workflows based on ticket-based triggers.
Ransomware Detection
SMBs faced 31,000 ransomware attacks per day last year. Our community is under attack and we here at Kaseya knew we needed to do something about it. The new Ransomware Detection module for VSA X protects businesses against ransomware attacks and ensures control and ownership remain undisrupted.
VSA X will monitor the status of endpoints and generate alerts or tickets for any detected ransomware-style behavior such as file encryption/deletion, deletion of backups or even the presence of ransomware notes.
VSA X can then trigger automated workflows to isolate any infected machines and disconnect the endpoint from the network to prevent damage. Users can then leverage their favorite BCDR solution to restore the infected machine and make the network whole.
Additionally, the VSA X mobile app empowers you to isolate or revert isolation of an endpoint with just a click of a button from anywhere.
This new module is free until December 31, 2022 and will be $0.50/endpoint/month in 2023. Give you account manager a shout if you have any questions.
Two Way Ticketing with PSA
This release brings incredible updates to the PSA integrations for both Autotask PSA and ConnectWise Manage. This upgrade to the integration supports two-way tickets and also the ability to add/update/close tickets during Automated Workflows. Additionally you can now use ticket-based triggers for automated workflows.
The dreaded my printer isn’t working ticket can now be entirely, and easily, auto-remediated easily through the Automation Workflow Builder.
A brief overview of the changes include:
Bi-directional change management between RMM notifications and PSA tickets
When a notification changes in the RMM, if it was already associated with a PSA ticket, the ticket will be updated automatically with information about the change.
New improvements to Automation Workflows allow more comprehensive management of changes.
Map RMM devices and PSA configuration items
Devices can be optionally mapped to existing PSA configuration items, or the mapping can be configured to create a new PSA configuration item that will automatically be associated (mapped) with the RMM device.
Mapped devices will automatically be linked to PSA tickets that are associated with RMM notifications for the given device.
NEW PSA ticket management capabilities to the Automation Workflow Builder for customized process automation
Trigger
PSA Ticket has closed – will trigger when a PSA Ticket that is associated with an RMM object (device or notification) has closed in the PSA.
Conditions
Ticket has been created – provides true/false validation logic to determine if a PSA Ticket was already created for the selected Trigger type.
Ticket has been opened for the same alert within “x” hours – this is useful when a new RMM notification is triggered but you want to validate whether there is still an open PSA ticket for a previous RMM notification of the same type, within a configurable timeframe. Using this option allows you to build workflows that update previously opened PSA tickets.
Actions – the actions will show PSA vendor-specific attributes (ie. Queue, Priority, Status, etc) when a PSA integration is active. When no integration is active, the vendor-specific attributes will not be available within these actions.
Create Ticket – Allows creation of a new PSA ticket.
Update Ticket – Allows updating of an existing PSA ticket.
We have updated the notification pages to provide a contextual deep link for easy navigation to the associated PSA Ticket
