The release of VSA 10.8 is another incredibly exciting release. This release includes major enhancements to the integrations with Autotask, KaseyaOne, BMS, and Vorex. Additionally, VSA 10.8 supports device-level policy targeting, recording of remote control sessions, and added 18 new capabilities to the VSA 10 API. Finally, there were several new report templates and end-to-end automation templates added to support managing, securing, and automating your IT ecosystem with the content you need to get started.
Key Feature Enhancements
Policy Extensions – Explicit Targeting
Policy Extensions now support the ability to explicitly target one or more existing devices, which is useful when Policy changes are required on a device-by-device basis.
Policy Extensions operate in one of two selected Targeting Modes:
Dynamic Targeting - This is the default Extension mode and is the current operating mode of Extensions prior to changes within this release.
a. In this mode, direct assignment of this Policy Extension to specific devices is not available. The selections in the Device Targeting Criteria will be used to dynamically assign this Policy Extension to any devices in the assigned Context, that also match the Device Targeting Criteria. It is possible to further extend this Policy Extension
Explicit Targeting – This is a new mode that allows existing devices to be explicitly assigned to the Extension.
a. In this mode, it is possible to explicitly assign this Policy Extension to devices that conform to the following logic:
i. Devices that meet the Device Targeting Criteria as inherited by this Extension’s parent. As an example, if the parent of this Extension is an Extension that has device attributes selected as “Windows Servers”, then only devices that are “Windows Servers” will be available to be selected in this Extension.
ii. Devices which are contained within the Context as inherited by this Extension’s parent. As an example, if the Context that has been inherited by this Extension is Organization 1, then only the devices within Organization 1 will be available to be selected in this Extension.
b. Refinement of Device Targeting Criteria is not available in this mode.
c. It is not possible to further extend a Policy Extension operating in Explicit Targeting Mode.
Explicit Targeting Extension - Validation Errors – If an Explicit Targeting Extension has been created and the Context selections have been altered within a parent Policy to something other than the Organization, Site, or Group that contains the selected devices, or the Context of the parent has been completely removed, the Explicit Targeting Extension’s device selections will be cleared, and the Extension will display a validation error in the UI.
Remote Control Session Recording
Remote Control sessions can now be recorded manually or automatically. This feature is available for Windows Agents, and both Shared and Private Sessions are supported.
fVSA 10 Remote Control Session Recording Overview Video
There are five product areas to consider as it relates to this feature:
Device Configuration: Remote Desktop Profile - Enabling the feature for devices. To use the feature, it must be enabled within a Device Configuration: Remote Desktop Profile, for any device you wish to record sessions for. This Profile also includes an option to enforce recording for all remote desktop sessions. When enabled, any User connecting launching a supported Remote Control session will have the session automatically recorded.
Permissions for User Defined Teams – Specific configurations for members of User Defined Teams. Two new permissions have been added to User Defined Teams to support this feature:
a. Enforce recording for all remote desktop sessions – If checked, when a member of this Team launches a supported Remote-Control session, it will be automatically recorded.
b. View remote desktop session recordings – If checked, members of the Team will be allowed to view the newly introduced “Recorded Sessions” section within the Device Card.
Recording Status Control and Indicator – Changes to the Remote Control application toolbar. Once session recordings have been enabled for a device, for any supported Remote Control session, a new Recording control will be available in the Remote Control application toolbar.
Location of Saved Recordings – Where and how recordings are stored Remote Control session recordings are saved locally on the target Agent, in “Program Files\VSA X\Recordings” folder. Files are formatted using a date and time stamp, the Agent ID, and the user who initiated the recording.
Note:There is a protection mechanism to ensure that recordings do not result in the total consumption of disk space on the local device. Recordings will not start if there is less than 10% free disk space on the target Agent. If a recording has started, and the target Agent available disk space falls below 10%, the recording will immediately stop.
A new section has been added to the Remote Control section of the Device Card, named “Recorded Sessions” and will reference any recordings that are currently stored locally on the target Agent, in the related folder.
Audit Logs – Information about recordings for activity tracking.
Each time a Remote Control session recording is started or stopped, a log entry is captured in the Server Admin > Audit Log, under the “Remote Control” category for the target Agent.
Upload Screen Recording to external cloud storage services
To accommodate the new Screen Recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or AWS S3 storage. Learn more by referring to the automation section of these release notes.
macOS Remote Control
It is now possible to connect to a target macOS Agent with Remote Control when no user is logged in locally to the device.
Note:This feature will be enhanced in a subsequent release when we introduce support for Automatic Reconnect for macOS agents. Until then, although it is now possible to connect with Remote Control before a user is logged in locally, during the login process, the Remote Control session will be disconnected and will require manual re-connection.
Patching notifications
With this release we introduce Patch Policy notifications. Three notification types are available:
Notification for new patches pending review.
Notification upon error during operating system patching.
Notification upon error during software patching.
To better align with the technician’s workflow, the notifications’ priority and schedule can be customized.
Patch Status page enhancements
This release enhances the Patch Status page by adding the ability to filter the patch list and customize visible columns.
Additionally, the number of pending patches is now displayed next to each Patch Policy in the policies list.
Integrations
KaseyaOne: Disabling Local Login and Enforce KaseyaOne Authentication
Introduction
The Require Log In with KaseyaOne feature forces users to login with their KaseyaOne credentials to access VSA 10. When the feature is enabled by an organization, users can no longer log into VSA 10 locally with their local credentials.
Enabling the Require Log In with KaseyaOne feature allows users to authenticate with their KaseyaOne modules using just one set of credentials. This provides a smoother user experience and increased security.
Pre-Requisites:
You must be a partner administrator for both VSA 10 and KaseyaOne.
You must have the same email address for VSA 10 and KaseyaOne accounts.
Before the Require Log In with KaseyaOne feature can be enabled, the Enable Log In with KaseyaOne toggle must be activated. For more information, see Unified Login with KaseyaOne
When you have enabled KaseyaOne Unified Login for your organization, you can enable the Require Log in with KaseyaOne feature on the Settings page.
IMPORTANT: Once this option is enabled, any users that do not have a KaseyaOne account will no longer be able to log in to VSA 10 through local login unless you add them to **User Exceptions**.
Refer to Exempt users from being required to log in with KaseyaOne.
To enable the Require Log in with KaseyaOne feature:
On the Configuration module, click Settings.
The Settings page is displayed with the Log in with KaseyaOne tab. Verify the Enable Log In with KaseyaOne toggle is activated. If it is not, perform the steps in the article Unified Login with KaseyaOne
In the Require Log In with KaseyaOne section, click the Require Log In with KaseyaOne toggle to enable it.
To allow specific users, teams or users with specific email domain to continue to log into VSA 10 using their local VSA 10 credentials, in the Exceptions list, select the applicable users/teams/domains.
Click on Save
Exempt users from being required to log in with KaseyaOne
Once the Require Log In with KaseyaOne feature is enabled, you will be able to add any existing users, team or email domain to the Exceptions list.
Any users, teams or email domain part of the Exceptions will still be able to log in using VSA 10 local authentication.
This option is useful if you have users that need to log in to VSA 10 for remote access or reporting, such as customer IT staff, but do not require KaseyaOne accounts.
NOTE: All VSA 10 users that are assigned the **administrator** security level will be able to login locally, even if Enforce KaseyaOne login is enabled.
Login scenarios
The following describes user login scenarios that are possible when Require Log In with KaseyaOne is enabled:
When a user attempts to log into VSA 10 with their VSA 10 credentials AND Require Log In with KaseyaOne is enabled, the user is redirected to the KaseyaOne login page.
Note: This does not apply to users included in the User Exceptions list.
When Require Log In with KaseyaOne is enabled and a user is included in the Exceptions list, the user can log into VSA 10 using their VSA 10 local credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).
When Require Log In with KaseyaOne is disabled, the user can log into VSA 10 using their VSA 10 credentials or KaseyaOne credentials (if the user has a KaseyaOne account that is linked to their VSA 10 account).
Enforcing KaseyaOne login disables VSA 10 password reset.
When Require Log In with KaseyaOne is enabled, the user’s ability to reset their VSA 10 password is disabled.
On the My Settings page, the Authentication tab is disabled and a message is displayed indicating that KaseyaOne Login is enforced. Therefore, resetting VSA 10 passwords is not allowed.
Note: This does not apply to users included in the User Exceptions list.
KaseyaOne: Role-Base Access Control
Introduction
Instructions follow on how to configure role-based access control (RBAC) — by defining mapping rules to control user access — for VSA 10. The purpose of defining mapping rules is to mimic or maintain the same levels of user access between KaseayOne and VSA 10.
If you enable Access Groups, then RBAC from KaseyaOne will be allowed for VSA 10 and you will be able to map KaseyaOne groups to (the same or similar) module roles.
If you disable Access Groups, then RBAC from KaseyaOne will not be allowed for VSA 10.
NOTE: RBAC is the process of assigning permissions to users based on their role within an organization. But rather than assigning permissions to users individually, you assign permissions to a group (and then assign users to the group).
Enable Access Groups for VSA 10
To enable Access Groups for VSA 10 do the following:
Log into VSA 10 in the usual way and click Configurations > Settings > Log in with KaseyaOne on the left navigation menu.
In the Access Groups section, turn on the Enable Access Groups toggle to enable the feature.
Create mapping rules to control user access:
Map each KaseyaOne Access Group to the same or a similar VSA 10 team.
Autotask Integration
SUGGESTION: We recommend you update the Autotask integration settings at least once after VSA 10.8 is released.
Pre-Requisites:
Only admins and those who have PSA Edit permissions are able to create Autotask integration
To setup the Autotask Integration, you should go to Integrations > Autotask
Once you are logged in with your Autotask API credentials, you will be at the Configuration Wizard page.
NOTE: The integration configuration page does not allow more than one user at the same time. If a user is trying to access the page and there is already another user in the integration page, access will be prevented.
NOTE: Depending on how many Organizations and assets you have in VSA 10 it will take between 30 seconds to a couple of minutes for the configuration page to be ready. Please be patient!.
Step 1- Mapping Device Type
In this screen you will be able to map VSA 10 Device type with an Autotask Product and a Configuration Item type.
The idea behind the Device type mapping is to populate data in Autotask (ConfigurationItemType and ProductType) for each asset. It will be then possible to add dashboard charts in Autotask using these fields.
You can map each VSA 10 device type to their corresponding type on Autotask:
NOTE: You can filter device types by name and map all devices top the same Autotask Product type / Configuration item type
First you need to define the “Default mapping settings for all device types”.
Once it’s done, you will be able to update each VSA 10 device type and associate it to the corresponding Autotask product and Autotask Configuration Item Type.
Once you finish doing the Device type mapping click on Next.
Step 2- Organization Mapping
In this step you will be able to map Organizations / Sites / Agent Groups to Autotask Companies.
First you need to define the Default mapping settings for all context field
Then you can map each VSA 10 organization, site or agent group to an Autotask Company.
Once you finish doing the mapping click on Next
NOTE: For new VSA 10 Organizations /Sites you will be able to “do nothing”, “map to new Autotask company” or “map to existing Autotask company”.
NOTE: If you want to change the mapping for an Organization / Site. All system mappings under the changed organization will be deleted. Consequently, inherited behavior will be applied that can lead to the creation of duplicate configuration items in the selected company
Step 3- Ticket Attributes Configuration
Alert rules allow you to handle VSA 10 alerts and their corresponding Autotask alert tickets. In the integration tab, begin by configuring your Autotask queue and filter alerts that will generate a ticket in Autotask base in alert priority.
First you need to define the default mapping setting for all context
Queue refers to the Service desk queue the ticket will be created in Autotask. Sets the default values for the Queue field in Autotask tickets. More information: Service Desk queues (autotask.net)
Notification type refers to the criticality of a VSA 10 alert to automatically create an Autotask ticket. For example, you could define that only Critical VSA 10 alerts trigger the ticket creation.
Once you finish with the ticket attributes click on Next.
Step 4- Asset Synchronization
The next step is to configure the asset synchronization between VSA 10 and Autotask.
If “Create new system and map” toggle is enabled, new VSA 10 assets will try to be auto mapped to existing Autotask Configuration items if there is a full or partial match with both
Automapping:
If VSA10 device and Autotask configuration item have the same name and company, only in this case auto mapping is possible.
If serial number also matches, it’s a full match.
Otherwise, it’s a partial match.
Select an existing Autotask product to map to your VSA 10 asset or allow the system to create a matching product in Autotask for you.
You can filter assets by:
All types
Mapped
Unmapped: full match
Unmapped: partial match
Do not map
Create new
Matching logic between VSA 10 and Autotask asset records:
Fully Match
Organization
Serial Number
Mac Address
Partial Match
NOTE: For new VSA 10 Organizations /Sites you will be able to “do nothing”, “map to new Autotask company” or “map to existing Autotask company”.
NOTE: When “Create New System and Map” toggle is enabled, you can still override the auto mapping on individual asset records. With this option, regardless of if there is a full/partial match it will create a new Autotask Configuration Item
When a device is deleted in VSA 10, the corresponding Autotask configuration item will be inactivated.
An asset sync will be triggered once every hour.
During setup, for any unmatched asset, you can either accept the suggested match, search for an Autotask configuration item, or create a new configuration. Once you click “Save” you will be able to save changes.
Once integration updates are done, you will be redirected to the settings page automatically.
NOTE: In addition to previous asset records we are adding Product Type, Configuration Item Type.
ADDITIONAL section for the Autotask Integration module
Create Tickets from Agent Tray
To enable users to create a support ticket, you need to create a “User Sessions” profile and enable “User Support Request”.
Then the profile should be applied to Organization / Site / Devices via Policies.
Integrated Customer Billing via Autotask and Kaseya BMS
Integrated Customer Billing is a new feature introduced as part of billing automation.
MSPs require an efficient and accurate way to bill for services provided to their customers, but manual billing processes are error-prone and tedious, and they can result in lost revenue. Having granular billing metrics for various Kaseya IT Complete modules available in Autotask and Kaseya BMS allows for flexible automated billing.
VSA 10 synchronizes billing metrics daily to a data lake accessible by both Autotask and Kaseya BMS via the KaseyaOne unified login portal.
The information provided is the total number of managed devices with a breakdown by the following types:
Number of devices under management (defined as having consumed a single device license whether it is network-enrolled, has an agent, is mdm-enrolled. A device will only count once regardless of its enrollment types).
Number of enrolled devices that do not have an agent installed and are not enrolled in MDM.
Number of devices that have an Agent installed.
Number of devices that are enrolled in MDM (includes Agentless and Agented devices).
Number of devices that have an Agent installed and have Webroot installed.
Number of devices that have an Agent installed and have Bitdefender installed.
Number of devices that have an Agent installed and have Ransomware Detection installed.
Number of devices that have an Agent installed and have an active Patch Policy applied.
Number of enrolled Network Devices (enrolled devices that do not have an agent and are not enrolled in MDM) that have Monitoring assigned directly or through a Monitoring Policy.
Number of Agented devices that have a Monitoring Policy assigned.
Number of devices that have an Agent installed and are listed as a “workstation”
Number of devices that have an Agent installed and are listed as a “server”
Number of devices that have an Agent installed and are listed as a “server” and OS = Windows
Number of devices that have an Agent installed and are listed as a “workstation” and OS = Windows
Number of devices that have an Agent installed and are listed as a “mac”
Number of devices that have an Agent installed and are listed as a “Linux”
Number of devices that have an Agent installed and were online in the last 30 days
Prerequisites and further information
KaseyaOne must be enabled for your VSA 10 account. Refer to Unified Login with KaseyaOne.
KaseyaOne must be enabled for your Autotask or Kaseya BMS instance, and you must have Admin permissions to configure Integrated Customer Billing in either of the products.
For detailed information, refer to the following guides:
Changes have been introduced in the 10.8 release to align with the terminology used across the IT Complete product suite. The changes are detailed in the release notes here.
Rename Devices
This release introduces the ability to rename devices directly from the Device Card, including Agents. To take advantage of this feature, open the Device Card and click the pencil icon next to the device name.
This feature also includes an ability to Reset to Default, which will allow you to reapply the default name to the device after it has been renamed. For example, for mobile devices, the default name would be the serial number, and for Agented devices, the default name would be the computer name.
Storage Monitoring
The existing Monitoring: Storage Profile has been enhanced to support individual conditions for granular storage monitoring of Windows Agents.
Note:Support for macOS, Linux, and BSD Agents will be included in a subsequent release.
Each individual Monitoring: Storage Profile supports a maximum of 20 conditions
When specifying a drive letter, acceptable formats are “DriveLetter” and “DriveLetter:” and are case insensitive
Services Monitoring
In VSA 10.7, we enhanced Service monitoring for Windows Agents, to support the ability to trigger notifications when a monitored service is missing on an agented device, and when a monitored service was in place but has been removed.
In this release, this feature has been extended to support Linux, and BSD Agents.
Mobile Application: Add MDM Commands
With this release, we have added a dedicated section for MDM commands on the system details of MDM-enrolled devices. This is in addition to the Agent-based commands:
Advanced Reporting
This release will bring new reporting features, datasets, report templates and performance improvements.
New datasets
“Rmm - Tags”
“Rmm - Application Extended”
New templates
“Tags”
“Tags tabular”
“Applications tabular”
“Unsupported Windows OS” (new version)
“Servers, Workstations, and Network devices per Organization”
“QR codes for Devices”
New features
Document binder - users can now seamlessly view, export, and schedule collections of templates
Multi-Section RDL - allows for the incorporation of ‘sections’ within RDL reports.
API Improvements
This release includes new API endpoints, and enhancements to existing endpoints to allow integrators and customers to programmatically drive automation. These enhancements include GET and POST methods and the ability to register webhooks during automation executions.
Automation Scripts
Get a Script (GET)
Get All Scripts (GET)
Run a Script (POST)
Get Script Executions (GET)
Get Script Execution Details (GET)
Automation Tasks
Get Script Executions (GET)
Get Script Execution details (GET)
Get a Task (GET)
Get all Tasks (GET)
Run a Task (POST) - enhanced
Get Task Execution Scripts (GET)
Get Task Execution Output (GET)
Automation Workflows
Get a Specific Workflow (GET)
Get All Workflows (GET)
Run a Workflow (GET
Get Workflow Executions (GET)
Get Workflow Execution Details (GET)
Automation
New Workflow Templates
Several new Workflow Templates have been added. Discover the available and growing list by clicking on “Action, Create from Template” while in the Workflow tab.
New Workflow Templates:
Ad-Hoc/Scheduled: Run Disk Cleanup
Low HDD Space: Disk Cleanup
Ad-Hoc/Scheduled: Set Desktop Wallpaper
Ad-Hoc/Scheduled: Ask User To Reboot YES/NO
Ad-Hoc/Scheduled: Set Screen Lock Policy To 5 Min
New Script Templates
To accommodate the new Screen Recording feature, we now provide optional scripts to upload recordings to your own dedicated Azure Blob or AWS S3 storage.
New scripts in the “VSAX Start Pack” folder:
Upload Screen Recordings to Azure Blob Storage
Upload Screen Recordings to AWS S3 Storage
Note: The Script templates do not include any subscription to external cloud services. Individually owned subscription to the respective storage services is required.
Double-byte Language Support
We now support saving data objects containing double-byte characters. Prior to this release, double-byte characters would be replaced by “?” when written to the database.
Agent Diagnostic Logging
To streamline the Support process, we have added the ability to enable diagnostic logging on Windows agents remotely from the web application and collect them from the machine without interrupting the end user:
Added a new option to the Configuration > Settings page called “Enable agent diagnostic logging on device card”.
If enabled, Diagnostic Logging can be enabled on Windows systems for up to 72 hours from the Device Card. The Download Logs action will automatically package the logs and download them to the technician’s computer.
Log duration shows the remaining time that diagnostic logging will be enabled for, after which the agent will automatically revert to standard logging. The Disable action can be used to immediately stop diagnostic logging.
Note:diagnostic logging is resource intensive, and it can impact the performance of the target machine. It should only be enabled when recommended by a Kaseya Support representative.
We plan to extend this functionality to macOS and Linux agents in future releases.
V10.7
March 04, 2024
The release of VSA 10.7 is another strong release for VSA 10. This release supercharges VSA’s Mac management and mobile device management capabilities through complete management of Apple’s settings and configurations using VSA policies. Additionally, version 10.7 also includes several major enhancements to the integration with both BMS and Vorex empowering you to browse, open, update, and close tickets all from within the VSA 10 interface. Finally, 10.7 brings eight end-to-end, use case driven automation workflow templates, several enhancements to the performance and targeting of automation, SSO for any 3rd party IDP through KaseyaOne, and major enhancements to the upgrade wizard to support upgrading customers from VSA 9 to VSA 10
To dive deeper on any of the exciting innovations and integrations in this release check out the full release notes here.
Key Feature Enhancements
Apple MDM Configuration Profiles
In this release, we introduce the Apple MDM Configuration Profiles. With the MDM Configuration Profiles, you can create pre-defined setup templates for supported Apple devices and associate them with management policies.
With MDM Configuration Profiles, you can automate the setup of networking settings, security policies, hardware, operating system, and application restrictions from the moment the device is enrolled.
MDM Configuration Profiles relate to the Device Configuration Policy Type and are split into the following profile types:
Policy Type
Profile Type
Description
Profile Sections
Device
Configuration
Apple MDM
Networking
Manage network
configuration, including
WiFi, Ethernet, and VPNs.
This release includes several improvements to agent and network device monitoring.
SNMP Monitoring – SNMP alerts now include the ability to trigger notifications based on a change to a previous value, regardless of what the existing value or the new value is.
There are two ways to take advantage of this new SNMP condition:
Configure as a condition type – useful for when a monitored value changes from its previous value and you don’t require additional logic.
Use as a variable value – useful when comparing the latest value against the previous value combined with various condition types, like equal to, greater than, less than, etc.
Service Monitoring - Service monitoring now includes the ability to trigger notifications when a monitored service is missing on an agented device, and when a monitored service was in place but has been removed.
NOTE: This feature is only applicable to services that are explicitly listed in the ”Additional Services and Exclusions” section of the Monitoring: Monitored Services profile. It does not apply to Automatic Services.
The Device Card has also been enhanced to show any monitored services that are missing, even if the service is not configured to generate an alert. If a particular service is configured to generate an alert, a notification will be generated for each individual service.
This release includes support for Windows agents only. Support for Linux and BSD agents will be added in a subsequent release.
Patch Management
In this release, we improved Patch History error messages to provide more details about common issues, including missing prerequisites or unsupported application versions.
UI Improvements
An improvement was made to the left navigation, adding a static footer with a pre-determined size to ensure all navigation entries can be accessed, regardless of browser or display resolution.
Automation
Execute Workflow Actions as Current User
We have enhanced the Execute as Current User feature in supported Workflow Actions. No longer do we emulate the Current User from the “NT AUTHORITY\SYSTEM” account, instead we proxy and execute the commands as the true Current User logged on to the console.
Supported Workflow Actions are:
Execute File
Execute Shell Command
Execute PowerShell Command
Run Script
Execute as the true Current User delivers valuable new features such as:
Enables automation targeting the current user context not previously possible from System, such as managing and executing user specific Files, Policies, Registry and Desktop settings.
Full environmental variable support from the Current User context, for example %UserName%, %Downloads% and %OneDrive%.
Run Scripts to execute on-boarding, Teams cache cleanups, user audit and remediations as the Current User, both for Microsoft 365 and Active Directory joined devices.
Send Message Improvements
The “Send Message” and “Get Device Value, Has User Confirmed” Workflow Actions can now be fully customized with text and variables.
Top left message icon now uses the custom tray icon from Server settings
Message title text is configurable including variable support.
Message text is configurable including variable support.
The YES/NO confirmation buttons presented to the Current User in “Get Device Value, Has User Confirmed” is now customizable with text up to 20 characters.
Distributed Workflow Templates
We now support Workflow Templates as part of our distributed Automation Content Packs. To access the template library, visit Automation, Workflows, click on the Action button and select “Create from Template”. This list will be updated frequently, so please re-visit the library for new templates and ideas. Workflow Templates release in 10.7:
System Registered: On-Boarding New Device
Ad-Hoc: App Deploy: 7zip MSI Example
Ad-Hoc: App Deploy: 7zip EXE Example
Ad-Hoc: Ask For User Approval To Reboot
Scheduled: Send Message If Uptime Is More Than 10 Days
Scheduled: Check BitLocker Status
Service Stopped: Print Spooler Cleanup Example
User Logged In: Map Network Drive As Current User
Onboarding Checklist
The Endpoint Policies Onboarding Checklist video has been updated to reflect the new Policy design.
Integrations
Enabling unified login with Kaseya One
This article explains how a security admin can enable the login to VSA 10 for all users at an organization using Login With KaseyaOne.
Environment
VSA 10
KaseyaOne
Prerequisites
A VSA 10 admin account that is member of administrator’s team
A KaseyaOne account with Master permissions
IMPORTANT The VSA 10 and the KaseyaOne user accounts must be associated with the same email address.
Enabling unified login v2
To enable login with KaseyaOne (unified login v2) for VSA 10, do the following:
Log into VSA 10 and navigate to Administration > Configuration > Settings > Log in with KaseyaOne.
Click Enable Login with KaseyaOne.
You will be prompted to log into KaseyaOne:
Enter your KaseyaOne username, password, and company name and then click Log In.
Enter the two-factor authentication code and click Verify.
KaseyaOne will open and show the VSA 10 on the My Modules list.
When you log in to the VSA 10 you will now see the KaseyaOne app launcher icon.
Clicking the icon will show a list of the modules enabled for login with KaseyaOne under the My IT Complete heading.
At the very top, you will see a link to open KaseyaOne.
Unified login for the VSA 10 is now enabled. All users with accounts in both KaseyaOne and the Partner Portal can now use their KaseyaOne login to access the module.
Disabling VSA 10 login with IT Complete for your entire organization
To disable the ability of users in your organization to log in to VSA 10 using IT Complete (KaseyaOne), follow these steps:
Log into VSA 10 and navigate to Administration > Configuration > Settings > Log in with KaseyaOne.
Click Disable Login with KaseyaOne.
You’ll be logged out for security purposes and receive a confirmation message. You will need to log back in with your VSA 10 local credentials.
Logging in using KaseyaOne log in credentials
If your administrator has enabled log in with KaseyaOne, all VSA 10 users whose primary email address matches that of a user in KaseyaOne can log into VSA 10 using their KaseyaOne credentials.
Using the KaseyaOne log in provides centralized access and seamless navigation to any other Kaseya modules where you have an account.
To use your KaseyaOne credentials, do the following:
Enter your VSA 10 Username and click Log In with KaseyaOne. You will be redirected to the KaseyaOne log in page.
Enter your credentials and authentication code. VSA 10 opens.
The app launcher icon appears in the top right corner. From there, you can easily navigate to any other connected Kaseya modules.
Auth & Provision | KaseyaOne Settings | JIT
Once you have enabled KaseyaOne Unified Login for your organization, you can automatically create VSA 10 user accounts for people without one, known as Just-In-Time (JIT) provisioning.
The objective of the Automatic User Creation tab is to create new user accounts for users who are coming from KaseyaOne to VSA 10 on the fly. For example, if a user is coming from KaseyaOne and has no account in VSA 10, the user’s account can be created on the fly using the default options using the Automatic User Creation tab or Just-in-Time feature.
For existing users in VSA 10 who log in from KaseyaOne, only first name and last name are to be updated based on the user info coming from KaseyaOne. In this case, KaseyaOne is taken as the source of truth. Existing users’ security roles will stay as they are defined in VSA 10 previously.
Prerequisites
You should have a KaseyaOne account.
a. Kaseya One Guides: Home (kaseya.com)
You should have admin access to VSA 10.
You should have KaseyaOne integration enabled.
Steps
Once the above prerequisites are in place, go to KaseyaOne Settings page (Configuration> Settings > KaseyaOne Settings > Automatic User Creation tab.
Enable the Automatic User Creation tab by dragging the slider to the right. A set of options under the Default User Team section appear. The chosen team will be the team given to the auto-provisioned user.
Click Save. The defaults are now saved.
At this point, after saving, if you disable the slider, the form will still be visible but the fields will remain unselectable. After you enable the Automatic User Creation tab for the first time, the form will remain visible even after you disable the tab later; however, the fields will remain unselectable.
Integrated Service Ticketing with BMS/Vorex
A new ticketing module has been released for technicians and IT teams within VSA 10. A technician who uses VSA 10 can access ticketing from either the VSA 10 WebApp or the VSA 10 mobile app (iOS or Android).
With this innovation, VSA 10 has improved the ticketing process as technicians can manage tickets within the same tool they will use to identify and fix the issue - and they can do this anywhere with the full functionality of the VSA 10 mobile app.
Prerequisites
You should have the BMS/VOREX integration enabled
You should have ticketing permission on VSA 10 (Edit)
You should have your BMS/Vorex credentials
There will now be a ticketing menu item available in the VSA 10 menu to access this feature. Here, users can view, create, update and monitor real-time status of tickets that are being resolved - using any device of their choice.
The launch of this in-app ticketing module has simplified the process and made it more efficient.
Steps
Once the above prerequisites are in place, go to the Tickets Module and enter your BMS or Vorex credentials.
You can view and edit all the tickets that you created or any ticket that you have permission to view/edit.
You can create or edit a PSA ticket directly from VSA 10
By reducing the time spent on ticketing, technicians will be able to concentrate on other key tasks, without having to switch dashboards or login to a separate portal.
Upgrade Wizard
The Upgrade Wizard now includes select and transfer Agent based VSA 9 Monitor sets to VSA 10 Device Monitoring Profiles. Once transferred the Profiles can be used in any Device Policy as part of the monitoring. The supported VSA 9 monitor sets are:
Performance Counters
Services
Processes
Mobile App
Integrated Service Ticketing with BMS/Vorex
The BMS / Vorex integrated service ticketing feature will also added to the Mobile Apps as part of this release.
Access the Integration screen and enter valid credentials:
View ticket details:
API
API enhancements in this release focus on Platform information, Custom Data, and Object Filtering, and contain several new API endpoints:
Get Environment Information – Use this endpoint to get platform information including version, server type, language, region, and more.
Scopes
Get All Scopes – returns a list of Scopes
Get a Specific Scope – returns the details of a specific Scope
Get Scope Usage – returns a list of places where the Scope is used
Custom Fields – this set of APIs can be used for Organization, Site, Group, and Device Custom Fields
Get All Custom Fields – returns a list of Custom Fields
Get a Specific Custom Field – returns the details of a specific Custom Field
Get Custom Field Usage – returns a list of places where the Custom Field is used
Assign a Custom Field – assigns a Custom Field
Update an Assigned Custom Field – updates the value of an assigned Custom Field
Unassign a Custom Field – unassigns a Custom Field
API documentation can be found at < YourServerURL >/api
V10.6
January 25, 2024
The release of VSA 10.6 is one of the most exciting updates in VSA’s history. This release includes a revolutionary upgrade to policies to greatly increase flexibility, targetability, and efficacy of policies. Additionally, version 10.6 also two major enhancements to patch management capabilities with manual patch approval workflows for organizations that want greater specificity and control in their patching process and end-user reboot prompt controls to increase the ease of patching around end-user schedules. Finally, there were several updates to the UI/UX in order to support the major enhancements to both patching and policy management while also continuing to improve the ease and speed of manually actioning a large number of endpoints simultaneously.
Key Feature Enhancements
Policies
This release includes major enhancements to Policies, bringing the next iteration of Policy Design improvements to the product.
Refer to this link for a detailed explanation of Policies and the updated design.
Please note: The changes in this release only apply to Device Configuration and Monitoring Policies.Other Policy types, such as Patch Management and Endpoint Protection, will be converted to this new design in future releases.
Please find the video link for the policy overview: Policy Overview
Following is a summary of the specific changes to Device Configuration and Monitoring Policies included in this release – you can read more about each of the changes below:
Introduction of Targeting capabilities directly within the Policy editor
Introduction of an “All Organizations” object in the Organizations page
Designation of Profiles as Cumulative and Non-cumulative
Introduction of Effective Settings
UI / UX Enhancements to Several Product Pages
Introduction of the Basic Profiles and Policies Package
Introduction of Targeting capabilities directly within the Policy editor, including Selection Preview
Context Targeting – Although Context Targeting was already supported prior to this release, it required a manual step of assigning a Policy directly at each Organization, Site, and/or Group. This release adds the ability to assign Organizations, Sites, and/or Groups directly within the Policy editor. As of this release, Context Targeting is only supported within a root Policy and not available for editing within Extensions. However, Context Targeting within Extensions is currently planned as an improvement for Q1 2024.
Device Criteria Targeting – Device Targeting is an entirely new feature to Policies and enables the ability to use certain device attributes for automatically assigning Policies to specific devices based on these attributes. For example, by creating an Extension and selecting Windows Servers as an OS Type, the Extension will automatically apply to Windows Servers within the Context that the Policy has been assigned to. As of this release, Device Criteria Targeting is only supported within Extensions. Root Policies are automatically applied to “All Devices” - Extensions can be used to refine settings for specific types of devices.
Device Criteria Targeting currently supports three device attributes:
Device Type
OS Type
Device Manufacturer
Introduction of an “All Organizations” object in the Organizations page – this new entity enables the ability for a Policy to be assigned to all current and future Organizations.
Introduction of Extensions - An Extension allows you to adjust a Policy’s settings for a subset of the Policy’s Targeted devices. This includes the use of deterministic Targeting Criteria for the following Device attributes:
Operating System (includes Major category of OS and major versions)
Device Type
Device Manufacturer
An Extension is effectively a child Policy that remains associated with its parent. The Extension automatically inherits the settings and targeting criteria from its parent; however, you can adjust the Targeting Criteria to refine your device selections and you can add, change, and remove Profiles while leaving any relevant Profiles from the parent intact.
Designation of Profiles as Cumulative and Non-cumulative - prior to this release, all profiles were non-cumulative, meaning any given profile could only be applied once to any given device through its Policy. This release introduces the concept of Cumulative Profiles to ensure that certain types of Profiles can be assigned multiple times within a given Policy.
Cumulative Profiles - are specific types of Profiles that can be applied to a device more than once because their settings are considered safe for layering – meaning, their settings do not exactly conflict if applied more than once. Examples of cumulative Profile types can be found in Monitoring Profiles.
Non-cumulative Profiles - are specific types of Profiles that can only be applied to a device once because their settings within the Profile are considered problematic for layering – meaning, their settings directly conflict if applied more than once. Examples of non-cumulative Profile types can be found in Device Configuration Profiles.
If you try to add an additional non-cumulative Profile of the same type within the same Policy, the UI will automatically replace the current non-cumulative Profile with the newly selected Profile. You will be able to instantly view this result within the Policy editor, and quickly adjust it if needed.
Introduction of Effective Settings - Effective Settings provide the visibility of the Policies, their Profiles, and the actual settings that have been assigned and applied at all levels of your environment. This includes Organizations, Sites, Groups, and most importantly devices.
UI / UX Enhancements to Several Product Pages
Policies Page – Updated to accommodate the new features of Policies
Profiles Page – Updated to include a new Folder “All Profiles” that includes paging and enhanced filtering when working with all your Profiles
Organizations, Sites, Groups – Policies have been migrated to a new “Policies” tab
Device Card – Introducing a new “Policies” entry within the Overview section
Introduction of the Basic Profiles and Policies Package
This release includes various preconfigured Profiles based on common configurations. A Basic set of Policies have also been included and contain a subset of the preconfigured Profiles, along with Extensions that provide settings adjustments for different Windows platforms.
The Policies will automatically be applied for new customers. However, for existing customers moving to this new release, the Policies will be added but will not be assigned to any Context – to make use of the new Policies, simply edit the root Policy and assign a Context.
Patch Management
Approval Workflows
With this release we introduce the “Patch Status” page with the list of patches identified within each Patch Policy.
The page allows a technician to review patches individually and either approve or reject installation. The list can be filtered by the Patch Category. Tabs are used to show only Pending, Approved, Rejected, or All Patches.
The following information is shown for each patch:
Patch name with identifier and release date.
Link to Microsoft Support article.
List of applicable operating systems (Microsoft products).
Security-related CVSS score.
Reboot behavior.
Patch category.
End-user Reboot Prompts
This release makes the patching reboot on end devices more predictable by displaying reboot prompts in advance. An end user can either postpone the reboot or execute it right away.
A technician specifies a reboot deadline and the time up to 23 hours before the deadline to start showing prompts.
UI / UX Enhancements
Multi-Selection and Bulk Actions
This release adds multi-selection and bulk action capabilities to the Advanced Search page.
There are a number of selection options available including the ability to perform single selection, multiple selections, page selections, and select all.
Select a device by clicking its checkbox:
Press the SHIFT key after making the first selection to select multiple devices on the same page:
Click the “Select Page” checkbox in the header of the selection column to select all the devices on the current page only:
Click the “Select All Items” button under the Search input to select all devices across all pages:
NOTE: Consider the following when using this option:
Final device selection is determined at the time that a bulk action is executed.For example, if you choose “Select All Items” and in the time between this selection and performing a Bulk Action a new device has been added to the table, that new device will also be included for Bulk Action execution. This same behavior exists for devices that may have been removed.
Devices can be explicitly excluded from the “Select All Items” option by using the following deselect options:
Clicking the checkbox again to remove the selection
Clicking the “Select Page” checkbox in the header of the selection column to remove the selections for the current page
Press the SHIFT key to deselect multiple devices (on the same page) at once
Using the “Deselect Page”
To exit or clear “Select All Items” use the “Clear All Selections” option from the dropdown menu
These options can also be accessed using the selection options menu:
The following Bulk Actions are available in this release:
Run Script
Run Workflow
Move Devices
Delete Devices
NOTE: Additional Bulk Actions are planned for future releases.
Bulk Actions can be accessed from the “Actions” menu which will be enabled when at least one device has been selected on the Advanced Search page:
In this example, the User has selected the Run Workflow Bulk Action and is required to select a Workflow to continue:
The User must confirm that they want to run the Bulk Action. Please note that certain selected devices may not be eligible for execution of a bulk action and will be skipped during execution:
The progress and results of the Bulk Action can be viewed by clicking the Bulk Action History button:
Please note that Device-level history will be added to the Bulk Action History in a future release.
In this release, Device-level results can be viewed from the Audit Log by selecting the new “Bulk Action” category:
Automation
Replace Workflow Action in Editor
Workflow Actions can now be replaced with any other action in the editor. This makes it easier to quickly edit a translated VSA 9 Agent Procedure where some Workflow Actions may be marked red, not currently supported. It also improves the general Workflow editing experience, swapping any current Action with a few simple clicks.
Improved Workflow Action description
We want to build the most intuitive, graphically appealing and flexible automation engine available. In this release we have updated all available Workflow Actions with new informational messages explaining how each Action work, expected outcomes, required inputs and currently available Device support.
Remote Control
Automatic Reconnect for Windows
Automatic Reconnect has been enhanced with some minor UI changes and major functional improvements, which include automatically reconnecting in the following scenarios:
Dropped connections
Restarting a device
Signing off a user account
Switching user accounts
Any event that involves a loss of connection, other than graceful exiting of the application or invalidation of the session token
MacOS Improvements
This release adds new functionality to macOS Remote Control, bringing macOS in parity with Windows for the following features:
Blackout End User’s Screen – this feature allows a technician to black out the end user’s screen and block end user inputs such as keyboard and mouse.
File Transfer Support in Remote Control sessions (Copy/Paste) - this feature allows a technician to transfer files between source and destination macOS devices and includes cross-platform support when using Windows and macOS as either combination of source or destination devices.
MDM
MDM devices license
With this release we introduce a new category of licensed devices, called «Mobile Endpoints». This category refers to MDM enrolled devices, such as iPhones, iPads.
Please, keep in mind that macOS device will consume an «Endpoint» license, regardless of enrollment type (MDM or agent).
Update Device Info
This release introduces an automatic update of asset information for MDM-enrolled devices, including the version of Operating System. The information is updated once per day.
Advanced Reporting
“Patch Policy Compliance” template
The new “Patch Policy Compliance” report template complements the existing ”Missing Patches” report. This new report template shows the number of confirmed updates as it relates to the selected Patch Policy.k
Performance improvements
This release also contains Advanced Reporting performance improvements that will significantly speed up the processing of large datasets, like “RMM - Applications”.
Content
Built in Profiles and Policies
No matter if you are an MSP managing many different clients or an MME managing one or more sites or offices, the need for a granular Policy assignment on Device types is a key. To enable your success utilizing the powerful VSA 10 Policy features released in 10.6 we deliver an extensive set of Monitoring and Device Configuration Profiles out of the box and a suggested set of basic Policies. Read more about the specific Policies and Profiles here.
V10.5.1
October 31, 2023
The release of VSA 10.5.1 includes several enhancements to improve the daily management of your IT ecosystem. This release includes improved variable support in automation, availability data for offline Linux and MacOS devices, an expansion of the Upgrade Wizard’s capabilities, and 8 new network device management templates.
Key Feature Enhancements
Automation
Variable support in Workflow Actions
This release is a major milestone in our efforts translating Agent Procedures to Workflows. In our previous 10.5 release we introduced environment variables support as part of the Workflow Actions where a file path is used. We continue this work with supporting variables in several commonly used Workflow Actions, enabling you to create even more powerful and dynamic automation. The variables are available by entering “#” followed by variable name in the drop-down list in any of the following Workflow Actions below:
Change Custom Field Value – As input value.
Send Email - As recipient, subject and body. Please note only one recipient is available as variable input, but multiple recipients can also be added manually.
Execute File - As part of the file path and command syntax.
Execute Shell Command - As part of the shell command syntax.
Execute PowerShell Command - As part of the Powershell command syntax.
Send Message - As part of the message to be sent.
Write Workflow Log - As part of the log to be written.
Write File - As part of the file path.
Get Device Value, Filesystem - As part of the file path.
We will continue adding additional variable support on more Workflow Actions coming releases.
Picture: A “ktemp” variable translated from Agent Procedures in the file path when downloading a file from Managed Files.
Picture: The Workflow Action “Execute File” using a environment file path variable in combination with a custom constant string Workflow variable containing all required command line switches.
Pictured: A file size variable created with “Get Device Value, File Size” used in the “Send Message“ Workflow Action.
Upgrade Wizard Updates
Agent Procedure to Workflow Actions Translator Update
The Agent Procedures to Workflow translator in the Upgrade Wizard now translates the supported variables above. The translator is also available XML file-based Agent Procedure export files in “Automation, Workflows, Actions, Create From VSA 9 Agent Procedure”.
BMS Integration Enhancements
The upgrade Wizard now detects any existing BMS integration configured in VSA 9, complete with URL, Company Name, Region and API user name. This simplifies the upgrade process as the only requirement in the Wizard will be to re-enter the dedicated API user password.
Audit
Application List for Linux and BSD
The Audit process for Linux and BSD has been improved and now includes the list of applications for VSA 10 Agents installed on these Operating Systems.
Availability of Data for Offline Agents
In addition to the enhancements made to Linux and BSD Agent Audit data, the Asset Info and Applications data for Linux, BSD, and macOS Agents are now available even when the Agents are offline.
UI / UX
Pagination
This release adds Pagination to the Advanced Search page which allows complete visibility of all enrolled and agented devices and provides the following navigation benefits:
The number of items displayed on each Page can be adjusted.
Navigate directly to a specific page.
Navigate directly to the Previous Page or the Next Page.
Navigate directly to the First Page or the Last Page.
Content
A new set of SNMP Profiles have been Added to further simplify monitoring of common network devices.
Switch: Cisco Catalyst
Server: Dell iDRAC (now all versions in one template)
AP: UniFi Generic
Firewall: Fortinet FortiGate
Firewall: SonicWall Generic
AP: Cisco Generic
Switch: Dell Generic
Router: MikroTik Generic
V10.5
September 28, 2023
The release of VSA 10.5 offers many new enhancements to make building and managing automated workflows easier, a major new integration with Datto Networking products, and many enhancements to reporting. VSA 10.5 includes the much-anticipated release of the integration with Datto Networking products to support quickly and easily analyzing and remediating network issues. Additionally, this release increases the configurability of remote control sessions to allow for more granular management of both the IT professionals’ and the end user’s remote control experience.
VSA 10.5 supports our mission of automating more so that IT professionals stress less with a major update to the VSA 10 API, several new standard automation functions including WebHooks, and the new capability to leverage automated workflows for non-device-based actions. Finally this release offers 6 new report templates, improvements to the mobile app, and increased control of mobile devices via the device card.
Key Feature Enhancements
Discover and Manage Datto Networking Devices
The Datto Networking integration with VSA 10 allows you to see and manage your endpoints and network infrastructure side by side.
When an issue that starts from the endpoint requires troubleshooting and interfacing with the network, you can seamlessly view information about the infrastructure device of interest. If you need to act, you can issue a set of quick actions directly from your VSA 10 dashboard, or, for more advanced configuration, jump straight into your Datto Network Manager dashboard for that device.
Supported Devices:
Access Points (also contains information about connected devices)
Switches (also contains information about connected devices)
Routers
Not including DNA devices
Managed Power
Discover Datto Networks and retrieve detailed asset information from the Datto switches, routers, access points, and managed power devices.
To access and use the new integration:
Log into VSA 10 Web App
Navigate to Integrations > Datto Networking > Switch to Portals tab
Switch to Networks tab > Choose one of your Networks and map it to the right organization
Switch to Devices tab > You can filter devices by different parameters
Hover over on device > Enroll Device > Choose Agent Group
Retrieve detailed asset information:
Execute commands like remotely resetting an Access point:
or resetting a Switch port:
Use contextual deep links to access the management dashboards of Datto Networks and its devices.
Enroll Datto Networking devices to unlock management functions that can be performed directly the VSA 10 UI to enable support technicians to resolve client networking issues faster. Enrolling a Datto Network Device will consume an Endpoint license.
The integration enables more effective troubleshooting and reduces the number of clicks (time) and context-switching from a single panel.
Local IP Information for Agents
This release introduces auditing of Local IP information for all “active” network interfaces. Supporting both IPv4 and IPv6, information is made available in the Device Card, Advanced Search, and the Top Bar Universal Search (aka Quick Search).
This data is audited as “System Fields” which means the data is updated much more frequently than standard Audit data. System Fields update much closer to real time.
Device Card
A new “Local IP addresses” entry has been added to the Device Card Overview section and will display the name of the network interface along with the IP address. If multiple entries are found, the entry will provide the number of additional entries.
When hovering over the entry, a tooltip will display all interface names and their associated IP addresses.
By clicking the entry, more details will be available for each network interface including data such as Subnet Mask, Default Gateway, DHCP Enabled (yes / no), and DNS Servers.
Advanced Search
The new “Local IP address” field has been added as a new column in Advanced Search and functions like the Device Card with hover-over tooltip information.
The field is also available for Filtering.
Universal Quick Search
IP addresses have been added to the Top Bar Quick Search as searchable criteria to make it easier to quickly find devices based on IP information when working throughout the product.
Remote Control Profile Settings
There are several NEW Remote Desktop settings available in the Device Configuration: Remote Desktop Profile. These settings introduce some new Remote Control behavior and allow for more granular controls over the Remote session, and the technician and end user’s experience.
Allow end users to confirm new Remote Desktop sessions and either accept or reject them (disabled by default).
Enable end user notifications for starting and ending Remote Desktop sessions (enabled by default). These notifications are NEW and operate separately from the existing pop-up dialog.
Control the behavior of the existing Remote Desktop pop-up dialog, allowing technicians to enable or disable the entire dialog, and to optionally hide session information and the end user’s ability to disconnect the session.
Enable automatic desktop locking when Remote Desktop sessions end.
Advanced Reporting
Additional granularity
Granularity was added to the dataset level, allowing filtering reports by Organization, Site, Group, Device name, and other parameters.
New dataset “RMM - Internal IPs”
The new dataset “RMM - Internal IPs” extends the “Local IP Information for Agents” feature. It allows customers to use information like Local IP, DNS address in Advanced Reporting.
New report templates
New templates were added:
“Network devices”
“Remote control sessions”
“Tabular Assets List with custom fields”
“Patch Policies”
“Patch Schedules”
The release includes improvements increasing datasets performance.
Deprecated reports
Several templates are marked as “- deprecated” and will be removed in future releases.
Please use:
“Windows Missing Patches” instead of “Windows Pending Critical & Important Patches”
“Operating Systems Versions” instead of “Linux OS versions - deprecated” and “Mac OS versions - deprecated”
”CPU models” instead of “Servers CPU models - deprecated”
“Devices with a low amount of RAM” instead of “Servers with a low amount of RAM – deprecated”
API v3 Enhancements
Continuing in our API expansion effort, several changes and improvements have been made for this release.
API v3 documentation is available from each instance at YourServerURL/API.
NOTE: To access API v3, you must first create a Third-party token
API v3 Changes
Devices
The previous “Systems” API endpoints and URL references have been renamed to “Devices”
“Device” data now includes information about Custom Fields
API v3 – NEW Endpoints
Devices
Get Device Custom Fields – this new endpoint returns Custom Field information for a given Device
Organizations
Get All Organizations – returns a list of Organizations
Get a Specific Organization – returns the Organization details
Get Organization Custom Fields – returns the Organization Custom Fields
Sites
Get All Sites – returns a list of Sites
Get a Specific Site – returns the Site details
Get Site Custom Fields – returns the Site Custom Fields
Groups
Get All Groups – returns a list of Groups
Get a Specific Group – returns the Group details
Get Group Custom Fields – returns the Group Custom Fields
Get a Group Package – returns the Name and Download URL for Group install package
Notification Webhooks – Using Notification Webhooks allows a third-party to subscribe to certain Device Notifications. Notification Webhooks are directly associated with the API Token used to create them. If an API Token is revoked, any Notification Webhooks associated with it will cease to function.
Get All Notification Webhooks – returns a list of Notification Webhooks
Get a Specific Notification Webhook – returns the Notification Webhook details
Create a Notification Webhook – creates a Notification Webhook
Update a Notification Webhook – updates a Notification Webhook
Re-generate a Notification Webhook – re-generates a Notification Webhook secret key
Delete a Specific Notification Webhook – deletes a specific Notification Webhook
Mobile Application
New fields have been added to the Computer Information to indicate if a device is managed by MDM or by an Agent:
Patch Policy Dashboard Widgets
We introduced new widgets for better patching visibility.
Patch Status
Patch Status widget divides devices into two categories: fully patched devices and devices with missing critical or important updates. Hidden updates are not considered.
Patch Policy Compliance
Patch Policy Compliance widget assesses device patching status based on approved patches via Global and Patch Policy OS Rules.
To easily view the patching schedule, the widget also displays the upcoming deployment and reboot schedules.
Microsoft Security Patching Rules
With this release it is possible to build patching rules automation based on the Microsoft security classification (MSRC). It means that Security updates category has expanded into 5 categories:
Security updates – Critical
Security updates – Important
Security updates – Moderate
Security updates – Low
Security updates – Unspecified
Patching Rules Actions Rename
To make patching automation more predictable we renamed Global Rules and OS Rules actions.
«Approve and Install» wasn’t changed.
«Don’t install and Hide» was renamed to «Reject and Hide».
«Don’t install» was renamed to «Skip and Review».
Silent Agent Deployment
With this release VSA agent will be silently installed during the MDM enrollment of macOS computer. Additionally, we added an explicit command to proceed with this silent installation from the Device card.
MDM Commands on Device card
With this release, we have added a dedicated section for “MDM commands” on the Device card of MDM-enrolled macOS computers. This is in addition to the agent-based commands.
Networks
Enhanced the Topology Map to expose additional NMAP scan data points in the device pane:
NIC vendor is now displayed alongside MAC address.
Device Type
Note: this is based on NMAP classification and does not automatically populate the device type in VSA, which uses different classifications.
OS Match
When enrolling a discovered device from the Topology Map, a warning will be displayed if the MAC address matches one or more existing enrolled devices.
Other Enhancements
Agent Enhancements
The BSD Agent is now supported on 64-bit ARM architecture.
MacOS Agents now support automatic version updates.
NOTE: Each existing macOS Agent will need to be updated to the latest version before automatic updates will work.
Linux, BSD, and macOS Agents are now included in search results when using the Top Bar’s Universal Search (aka Quick Search).
Remote Control Enhancements
This release includes several performance improvements for Remote Desktop sessions
The product will attempt to detect low bandwidth connections and automatically adjust connection parameters such as framerate, quality, wallpaper, and animations for better usability.
The Remote Desktop Relay algorithm has been updated to optimize the selection of Relay Servers.
Ransomware Detection
Updated Ransomware detection engine to version 1.2.1. This includes enhanced detection for new strains of ransomware, changed behaviors, and various other improvements to the speed and accuracy of detections.
Automation
New Deviceless Context for Workflow Automation
We are now introducing the deviceless Context for Ad-hoc and Scheduled Workflows, executing strictly from the VSA 10 server, without the need for any specific Scope, Org or Device. This is our first step expanding the Automation capabilities beyond just being Device centric, targeting any external Cloud services.
The current list of supported deviceless Workflow Actions is:
Conditions
End Workflow
Send Email
API Call (new in 10.5)
Workflow Log
Please note that only Custom Fields variables can be exposed in the above deviceless Actions.
Introducing the API Call Workflow Action
API Call executes strictly from the server and can be used in any of the Contexts, including the new deviceless Context above. API Calls can be used to send a custom payloads to a URL’s, commonly called Webhook Endpoints. In this first version the authentication must be embedded as part of the URL and all the available variables can be used in the payload, making it extremely customizable to execute automation such as:
Azure Runbooks to pause/resume a virtual machine
Send custom Teams or Slack messages
Update a CMDB database with newly discovered Devices
Alert a 3rd party Service Desk or Monitoring system with detailed trigger information
The API Call Workflow Action contains 3 fields and one toggle.
The web URL with embedded authentication hosting the Webhook Endpoint. Once the URL is added and the Workflow is saved the field will be masked.
Content type allowing to specify the payload format:
Application/XML
Text/XML
Application/JSON
Application/X-WWW-FORM-URLENCODED
Text/HTML
Payload content complete with variable support.
Timeout API Call after X seconds. The default value is 3 with a maximum of 10 seconds
Picture: The API Call Workflow Action sending a custom payload to a Teams Channel Webhook endpoint
Clone Workflows
You can now clone any existing Workflow, making it easy and fast to use existing Workflows as preferred templates and best practices or when you just want to make minor changes on existing ones, keeping the original.
Advance Workflow search and filtering
The ability to search and filter has been added to make it easy navigating a growing list of Workflows. Search for name and description. Filter by Scope, Trigger type, Last executed and Last changed, among others. You can also expand the column list to make it easy to sort any list of Workflows to your specific needs.
Extended KB articles with practical examples covering Workflow features
We regularly publish new KB articles in the VSA 10 help section covering key Workflow features complete with practical examples. Access the KB articles section “Automation - Scripts, Tasks and Workflows“ from the help icon at the top right corner. Latest additions:
Working Directory
Get Device Value
API Call
Bug Fixes
Integration
Fixed an issue in Automation Workflows where Create PSA Ticket and Update PSA Ticket was not enabled for BMS and Vorex.
V10.4
August 04, 2023
The release of VSA 10.4 offers many new enhancements to empower you to automate more and manage your IT ecosystem more efficiently. VSA 10.4 supports significantly more automation use cases and allows for much easier and robust PowerShell usage in the Automation Builder. Additionally, this release offers two improvements to patch history logging and reporting including 2 additional standard report templates. Finally, the release 10.4 now supports mass Mac and iPhone device enrollment by crowdsourcing the initial enrollment to end users via email request. This enrollment process also connects their Apple account with the device allowing for more robust user management in VSA.
Please read on to dive deeper on the exciting new enhancements or watch our short 10.4 Release Summary Video:
Key Feature Enhancements
Automation
New Workflows Actions and Conditions
The Workflows are now capable of delivering even more extensive automation without the requirement for advanced scripting skills. Common automation actions like running PowerShell and Command line one-liners, edit the Registry and download, extract and delete Zip files are now part of the ever-growing set of Workflow actions. We also introduce the Workflow Action “Get Variable” giving users the capability to query devices for specific apps and services running, registry keys and values present, user logged in or active among others. The queried values can then be used as variables in Workflow Conditions.
New Actions list
Execute PowerShell Command: Execute any PowerShell one-liner with the option to create a named output variable for use in Conditions.
Delete File: Delete named file in a path. Working folder is default path is not specified.
Delete From Registry: Delete a named Registry Key or specific Value
Set in Registry
Unzip File: Unzip named file in a path. Working folder is default path is not specified.
Get Variable, Services and Applications section
Is Process Running: Evaluate if one or multiple named Processes are running and returns a True/False response as variable for use in Workflow Conditions.
Is Service Running: Evaluate if one or multiple named Services are running and returns a True/False response as variable for use in Workflow Conditions.
Is User logged in: Evaluate if any or named user(s) are logged in against the console and returns a True/False response as variable for use in Workflow Conditions.
Is User Active:
Evaluate if any or named user(s) are active against the console and returns a
True/False response as variable for use in Workflow Conditions.
Get Variable, Registry section
Registry Key Exists:
Registry Value Exists:
Get Variable, Services and Applications section
File Exists: Evaluate if file exists or not.
File Timestamp: Evaluate the file created
File Contains: Set conditions based on file content.
File Version: Set file size conditions.
File Size: Set file size conditions.
Get Variable, General section
General:
Constant Value:
Get CPU Architecture:
Updated Action list
Execute Shell Command: Added the option to create a named output variable for use in Workflow Conditions.
Execute File: Added the option to create a named output variable for use in Workflow Conditions.
Picture: Executing a PowerShell one-liner to variable.
Upgrade Wizard
The upgrade Wizard now translates Agent Procedures to Workflows during the upgrade process. All previously existing and newly added Actions and Conditions in the list above are supported, producing Workflows by interpreting the Agent Procedure content. Any Action or Condition not yet supported will be colored in red and rendering the Workflow as unactive, unable to be activated. The Workflow can, however, be edited or modified.
Patching
Patch History
With this release VSA now identifies and stores the list of installed OS patches. To display the list, we use Windows Update -> Installed Patches page within a Device Card.
Please note that VSA utilizes the Windows Update Search method to retrieve the list of installed patches. However, it is important to be aware of certain limitations associated with this method, which may lead to inconsistency in the list of installed updates. In next versions, we will continue working to enhance the method of getting an effective list of installed patches.
After this update, VSA will store the list of updates in the database. This means that both pending and installed updates will be available for offline devices as well.
Reporting
Two NEW report templates accompany the enhancement to Patching and are available within the “Advanced Reporting” module:
Missing patches
Installed patches
MDM
Email device enrollment
In previous releases we added MDM capabilities to enroll and manage Apple devices. With this release we expanded this with user invitations. You can now send invites to existing users or create new ones instantly using the MDM enrollment page. Simply specify the organization and users you want to invite. Every user will receive an individual email with enrollment instructions.
You can manage users’ information in the Client Portal > End User Accounts page.
The device card now displays the user it is assigned to. In upcoming updates, we will add an interface that allows for changing the assigned user.
Other enhancements
Device Card
A NEW “Assigned User” field has been added to the device card and is available in both the Web and Mobile applications.
The field will be shown for the following Device Types
Windows Agents
macOS Agents
Linux Agents
iOS devices
iPadOS devices
The field will automatically display the user associated with a device. This association list can be viewed and modified for a given End User Account in “Client Portal / End User Accounts”
API Standardization Using REST and OData Best Practices
Endpoint response properties have been updated to standardize on the PascalCase naming convention
Endpoints that return lists have been updated to use OData and now support paging, filtering, and sorting
Mobile Applications
The iOS and Android mobile applications have been enhanced to include support for MDM devices.
Linux Agents
Linux agents now support Service monitoring when using “Monitored Services” profiles
V10.3
June 29, 2023
The release of VSA 10.3 offers many new enhancements and integrations that will support securing and managing your IT ecosystem more efficiently. VSA 10.3 now offers the ability to centrally store and developer files to documents such as custom app installers, printer drivers, or even a welcome letter. Release 10.3 includes several major enhancements to the Patch Management module including Risk Based Patching with CVE/CVSS Rules, robust Windows Update configuration, and macOS patching. Additionally, there are 6 new SNMP management templates and 6 new reporting templates to continue delivering on our promise of consistent new content to make your job easier.
Please read on to understand the exciting new enhancements that release 10.3 brings to continue to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Remote Control
This release includes two NEW features to improve the Remote-Control experience:
“Native” 1-Click Access – Native 1-Click is a NEW option to our existing 1-Click capabilities. The feature allows a technician to establish a Private Remote Desktop Session with a target Windows Agent while the Windows log in process is simultaneously and automatically performed in the background using a preconfigured local administrative user account, all with a single click.
One of the key benefits of this feature is to enable a technician to establish a remote administrative session without the requirement to first create a user account on the target device, and without the requirement of knowing the credentials of an existing local user account.
The use of this feature can be restricted with a Teams Permission setting.
NOTE: “Allow 1-Click Access” is enabled by default for all User-defined Teams but can be explicitly disabled for each Team.
To further understand this feature, the following outlines the steps that occur when using Native 1-Click:
A local administrative user account with a randomized password is automatically created on the target Windows Agent. If the user already exists, from a previous 1-Click session for example, the account will be enabled and a random password will be applied. The name of the local account can be customized in Configuration / Settings / Remote Control Settings.
A Private Remote Desktop Session is launched and the credentials from the previous step are used to automatically log in.
Upon termination of the session, the local user account is disabled.
The use of 1-Click is logged and can be tracked in Server Admin / Audit Log.
Blackout End User’s Screen – This new capability is useful for working with sensitive information and devices during Remote Control sessions. It allows the technician to optionally block a local user (aka end user) from viewing the technician’s screen activity while the Remote Control session is active.
In addition to blocking the local display, the local inputs (ie. Keyboard and mouse) will be disabled to prevent a local user from inadvertently interfering with the technician’s remote activity.
Managed Storage Support (Managed Files)
VSA 10 now includes the ability to centrally and securely store and distribute files to devices. Upload files to VSA 10 from the UI and use the “Write File” Workflow Action for common automation tasks such as custom applications installers, fonts configuration files distribution and printer drivers. Files are encrypted at rest and in transit, decrypted by the device.
Upload and store files on VSA 10:
Use Workflow Action “Write File” to download files to devices:
Patch Management
CVE/CVSS Rules
With this release, it is now possible to configure Patch Policy automation rules using vulnerability codes (CVEs) or vulnerability severity scores (CVSS). This simplifies the risk-based patching configuration.
Windows Update Configuration
To help you stay compliant with Patch Policy, VSA now offers the ability to fine-tune the Windows Update service. With this feature, you can prevent end users from making modifications to patching configuration and also have control over automatic updates. You can also defer quality or feature updates, and configure active working hours.
Additionally, Patch Policy now supports driver updates, although please note that this option is turned off by default.
macOS Updates Configuration
With this release, you can now configure updates for macOS computers. It is possible to control
automatic updates of the operating system, internal software, and AppStore applications. Additionally, you can specify a deferred period for major and minor operating system updates.
These settings are supported only for computers enrolled through MDM.
Mobile Application - Launch Ad-hoc Workflows
This release includes a feature to run ad-hoc Workflows from the Mobile Application for active Workflows that contain Ad-hoc or Scheduled Triggers.
The key benefit of this feature is to allow a technician to quickly execute ad-hoc Workflows directly from their Mobile device without having to access the Web Application.
To access the new feature, tap Workflows on a System:
New BSD Agent
This release includes a NEW Agent, which supports installation on BSD platforms such as pfSense, FreeBSD, and OpenBSD.
The BSD Agent is based on the VSA 10 Linux Agent and will support the same functionality. It will also be included in search and other query results when using pre-defined “Linux” filters.
KaseyaOne “K1” SSO v2
VSA 10 has been updated with a new version of KaseyaOne Single Sign-on.
The new version includes several important updates:
Introduction of a new SSO flow based on the OIDC standard – This change greatly simplifies the configuration and account mapping process by reducing the previous four-step configuration and mapping process from version 1, into one step in version 2. Refer to the new configuration steps below.
Introduction of a new requirement for mapping VSA 10 and K1 user accounts – Version 2 now requires a VSA 10 user account email address to match a corresponding K1 user account email address. The mapping, or association, of the VSA 10 user accounts with the K1 user accounts will occur automatically using the email address.
Migration of existing VSA 10 and K1 account mappings from v1 to v2 – For each VSA 10 user account that was previously mapped to a K1 account, it will either be migrated to v2 automatically, or the mapping will be removed.An existing mapping will be removed if the email address of the VSA 10 user account does not match the email address of the K1 user account it was associated with. To re-establish a mapping, update the email address of the VSA 10 account and the K1 account to match.
General usability improvements – Once KaseyaOne Log In has been enabled for a VSA 10 instance, all VSA 10 users with a corresponding KaseyaOne account will be able to Log In with their KaseyaOne account from the VSA 10 Login screen and from the VSA 10 K1 App Launcher icon on the right side of the Top Bar
Content
Additional SNMP Templates
6 New SNMP templates are available:
Switch: CISCO Catalyst: General
Firewall: Fortinet: General
Server: DELL iDRAC (all versions in one generic template)
Firewall: SonicWall: General
UPS: APC Generic
AP: UniFi Generic
Additional Report Templates and filters
6 new report templates are available in Advanced reporting:
Antivirus Protection Summary
Antivirus Protection
TOP problem devices
Unsupported Windows OS versions
Hardware compliance
Device performance
Additional filters were added to templates – Agent Group, Device Name etc.
V10.2
May 09, 2023
The VSA 10.2 Release is major step towards the Unified RMM vision of managing any device, any endpoint, any anything the same way. The 10.2 Release empowers you to discover, map, and manage Virtual Desktop Infrastructure as easily as you would manage any other endpoint. Additionally, this release included major enhancements to the VSA 10 API to support deeper and more secure integrations with third party applications. Based on client feedback, the EAP of Release 10.2 also includes a major change to Advanced Search to increase information density. Finally, this release includes several new SNMP profiles to easily manage HP iLO networking devices.
Please see below to dive deeper on the many new enhancements of release 10.2 that continue our mission to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Virtualization Discovery, Topology, and Management
VSA 10 now includes the ability to configure Hyper-V and VMware Connectors, allowing you to discover, view, and manage hosts and virtual machines.
By connecting directly to the hypervisor, VSA offers a single, consolidated view of your entire virtual infrastructure across multiple platforms.
You will need to create a new Integrations / Connector for each Hyper-V and VMware hypervisor you wish to manage.
Note: For Hyper-V, you must first install an agent directly on the host and then select the same host as the Hyper-V Connector probe.
Once a Connector has been added, we will expose the hypervisor and its child entities on the Topology Map and the new Systems / Active Connectors page. You can view version information, status, events, and other information from these product areas.
If you enroll the hypervisor’s “Host”, you will unlock the management features of both hosts and virtual machines, such as powering on/off, restarting, suspending, and working with snapshots.
Note: Enrollment of a host will consume a single device license.
VSA 10 APIs and Token-based Access Control
VSA 10 now includes a set of API Endpoints that are only accessible by using a secure token. The API documentation and sample data can be found by accessing https://<your_server_URL>/api Token-based API access allows technicians to grant explicitly controlled authorization tokens for a more secure API-only access entity that is distinctly separate from user accounts, while also consolidating the management of API access controls.
There are two methods of API access authorization that can be granted:
Trusted Applications – This allows a simple OAuth-based authorization process to be used to enable VSA 10 integration from an implicitly trusted product – for example, products that are part of Kaseya’s IT Complete product suite.
Note: Although the VSA 10 Trusted Application infrastructure is now ready, integrated products will be working with our team to convert their existing VSA 10 integration and legacy API calls to the new Token-based APIs.
We will be working with internal product teams over the coming months to coordinate such changes. Once the changes are in place, there will no longer be a need to hard-code a VSA 10 username and password into the integration configurations for such Trusted Applications. Instead, a simple OAuth process will be initiated from the integrated product and used to establish the implicit trust with VSA 10.
Third-Party Tokens – This allows the creation of a unique API Token that requires explicit trust configurations for controlling when, what, and from where the Token is authorized for use with respect to the API. Once the token is generated, the Token ID and Token Secret would be used to gain access to the API and its use would be restricted based on any authorization controls defined.
To increase security, you can define start and expiration dates, whitelist IP addresses for access restrictions, and control granular access to specific Organizations and individual API endpoints.
You can also revoke an existing token to immediately prohibit further use. By revoking an existing token, you will have 30 days until it is automatically deleted. To reinstate the token, simply regenerate the token secret prior to end of the 30-day period.
Note: Third-party tokens should not be used to establish integration with VSA 10 from other Kaseya products that currently support integration. Such products use a different VSA 10 API today and will be changed to use Trusted Application tokens in the future.
Content: Additional SNMP Profiles
New SNMP profiles to support the management of HP iLO devices
Other Improvements
Onboarding Checklist Update
This release includes new additions to the Onboarding Setup Checklist so that new users can learn how
to get the most out of VSA 10.
New Default Columns for the Advanced Search / All Systems View
We expanded the data columns that are displayed in the Advanced Search / All Systems view to enhance
your productivity and streamline your search experience.
Upgrade Wizard - API Time-Out Fix
A bug has been fixed where API connection timeout could occur when querying large amounts of Orgs in
the upgrade process.
SNMP Content: Network Device Profile Fixes
The built-in SNMP Template library is constantly improving with added devices and fixes. Refer to the
“created at” date in the Description field for each device template for the latest version.
V10.1
April 18, 2023
The VSA 10.1 Release offers many new innovations and integrations to better support your IT operations. This release includes the first version of our long-awaited Mobile Device Management capabilities supporting enrollment and basic management of Apple iPhone and iPad devices. Release 10.1 also features many major enhancements to patching capabilities including macOS patching, category and release-date automations, and more robust patch history logging. This release also includes integrations with and a suite of scripts to support automating and managing Datto Workplace and Datto File Protect. Finally, the Release of V10.1 offers several new reporting templates and 9 new monitoring profiles for common networking devices.
Please see below to dive deeper on the many new enhancements of release 10.1 that continue our mission to empower you to manage your IT ecosystem faster and easier.
Key Feature Enhancements
Datto Workplace and File Protection Deployment Templates
Datto Workplace and File Protection deployment script templates are now available enabling easy deployment of each application and can be used ad-hoc or in combination with Tasks and Workflows.
You can find each of the scripts in Automation / Scripts / VSAX Starter Pack.
OS & Software Patch Management
This release includes two new Operating System Rules criteria:
Patch Category.
It is possible to install or reject a given patch based on its category. The following categories are supported: Security Update, Critical Update, Update Rollup, Service Pack, Tools, Feature Pack, Update, Definition Update.
Release date.
It is possible to install or reject a given patch based on the number of days since its release.
With this release we made Patch History statuses clearer and more consistent. Depending on the result of patch execution the statuses may be as follows:
Errors
OS updates were installed
OS updates were skipped
Software updates were installed
Restarted
The error popup now displays additional information, including the error code and message.
MDM: Apple Integration
This release includes MDM integration with Apple Services, which is required for comprehensive centralized management of iOS and macOS devices. Refer to Apple’s documentation for more information about how devices work with APNs.
In subsequent releases, we will continue adding new device-level management capabilities but as part of the changes in this release, you can now:
Create APNs (Apple Push Notification service) connectors - To start Apple device management with MDM, an APNs connector needs to be created per organization.Navigate to the “Integrations”-> “Connectors” page, Apple MDM tab, and click “Create Connector”.
Follow the steps on the screen to create the connector and it will appear in the list.
Perform Device enrollment - There is a new Device Enrollment page under the Systems navigation menu where Apple devices can be enrolled. Choose the Organization, Site, and Agent Group, the method of enrollment and follow the onscreen instructions.
Enrollment methods
QR Code enrollment – This method of enrollment is typically used for personal iOS and iPadOS devices (aka BYOD devices).
Link enrollment – This method of enrollment is required for macOS devices but can also be used for iOS and iPadOS.
USB enrollment – This method is typically used on business or corporate-owned devices and enables additional management capabilities. Only iOS and iPadOS devices are supported for this enrollment type.
Warning: USB enrollment is intended for new iOS and iPadOS devices only and will FACTORY RESET the device.
QR Code or Link enrollment:
USB enrollment:
Once enrolled, the device will have an MDM profile and can be managed by VSA 10.
Please note that enrolled devices may take up to 15 minutes to appear in VSA. If an enrolled device does not appear after an hour, please contact support.
Device cards
USB-enrolled devices (iOS and iPadOS only):
QR Code or Link-enrolled devices:
iOS and iPadOS devices:
macOS devices:
Following is an example of asset information for MDM devices:
All MDM-enrolled devices will automatically receive an ”EMM” Tag for easy filtering.
Advanced Reporting
This release includes new report templates that provide summary information regarding Ransomware Detection and Datto BCDR, like Protected vs Supported, Protected vs Detected etc.
There are also new templates for Device Summary, OS Summary, and Devices with low free space on the system drive.
In addition, a variety of minor improvements and fixes to the existing templates were made.
Kaseya One Application Launcher
This release includes the Kaseya One App Launcher which allows Users authenticating with their Kaseya One account to easily access their Kaseya Apps from the Application Launcher.
When a User authenticates using the Login with IT Complete option, the Kaseya One “K1” icon in the far right of the header is replaced with the Application Launcher waffle icon:
VSA 9 Agent Procedures to VSA 10 Automation Workflows Translation Tool
This release will introduce the first version of the translation tool for converting VSA 9 Agent Procedures to VSA 10 Automation Workflows. The tool will give VSA 9 users moving to 10 a better understanding of how any Agent Procedures will be represented as Workflows. To import and evaluate existing Agent Procedures from VSA 9, do the following:
Export one or multiple Agent Procedures as XML
In VSA 9, right click on any specific Agent Procedure or folder containing multiple Agent Procedures and choose export. Save the file to the suggested XML format.
Import Agent Procedure in VSA 10
In VSA 10, in the Automation / Workflows tab, a new button is introduced called “Import VSA 9 Agent Procedure”. When importing any Agent Procedure XML file, the translator tool will parse the file content and present the Agent Procedures to be imported in a list where you can select and continue. There will also be information about the current compatibility score 1- 5 for each Agent Procedure where 5 is the highest. This information gives an overview and understanding on what specific Agent Procedures features currently is available in Workflow Actions & Conditions.
Create Automation Workflows based on Agent Procedures
Any selected Agent Procedure within the imported XML file will generate a Workflow to be reviewed. The tool can be used to evaluate the currently supported Actions & Conditions translated from the Agent Procedures. The tool will also show any Action or Condition not yet supported by coloring it red and rendering the Workflow as inactive, unable to be activated. The Workflow can however be edited modified.
New set of SNMP Profiles for popular devices
New SNMP Profiles have been added to this release to make it simple to enroll and assign monitoring on 9 popular devices including:
Firewall: Check Point Generic
Firewall: Juniper Generic
Firewall: Palo Alto Generic
Firewall: Sophos/Cyberoam
Firewall: WatchGuard Generic
Router: Cisco Generic
Server: Dell iDRAC FW v1-6
Server: Dell iDRAC FW v7+
Switch: HP ProCurve
Additional Platform Improvements
Remote Control - Implemented a new algorithm for improved handling of invalid display objects to optimize session traffic for low bandwidth connections. Enhanced logging to support more performance and connection data.
MacOS Agent – Added .PKG support for the generic macOS Agent deployment package. This package is accessible via the Onboarding / Downloads page.
BMS Integration (some issues related to resetting the integration from VSA 10 depend on fixes from BMS, which are expected in BMS release 5.20.0)
Fixed a BMS Integration issue preventing VSA 10 Remote Control connections from being launched within BMS.
Fixed a BMS Integration issue where tickets failed to sync after resetting the integration from VSA 10 Integrations page.
Fixed a BMS Integration issue where the previous token was still being used after generating a new token.
VSA 9 Upgrade Wizard
Fixed an issue where the VSA 9 upgrade wizard was importing invalid users.
Fixed an issue where users imported from VSA 9 could not be edited or deleted.
Fixed an issue where the VSA 9 upgrade wizard gets connected when replayed but failed to work as expected.
Other Platform Fixes
Fixed an issue where notifications for performance counters failed to appear in Systems > All Systems > System from precondition > System Details > Notifications.
Fixed an issue where an Agent’s Network Interface audit would fail.
Fixed an issue where an Automation Workflow fails to initialize due to its Notification Parameters.
Fixed a Datto BCDR Integration issue where the system was sending an incorrect value for the secret key on server validation after the key was modified.
Fixed an issue where a Workflow’s Execute File action was not supporting 32-bit apps when executing them from the working folder.
V10.0
February 01, 2023
The VSA 10.0 Release offers many new innovations and integrations to better support your IT operations. This release includes major enhancements to automated workflows, upgrades to remote control to support concurrent multi-monitor setups, several updates to Software Management and the launch of the much-anticipated Advanced Reporting Module (previously known as BI Center).
VSA 10 includes many improvements to Mac and iOS management including audit support and more endpoint information as well as the first release of our Mobile Device Management module which supports enrollment, discovery, and asset management of iPhones. Release 10.0 also empowers you to automate more with a fully rebuilt and further enhanced integration with both the Datto BCDR suite of appliances and the Kaseya PSA/Service Desks including Autotask, BMS, and Vorex.
New Features
Advanced Reporting
With this release, we are glad to present the Advanced Reporting module (previously known as the BI Center) that empowers you to visualize data fast, make smarter decisions and easily report on the true value of IT. The starter pack includes 16 report templates in Executive, Audit and Compliance categories.
The live preview shows a limited number of pages immediately and allows to search and filter data.
Advanced Report Designer
The new intuitive designer is perfect for ad hoc or pixel-perfect reports with graphical content. Basic and advanced reporting modes are available for technical and non-technical users. Built-in expressions allow users to perform many types of calculations using a set of pre-defined functions. The drag and drop interface empowers you to create high-value reports quickly and easily.
Industry Standard Export Formats
Reports can easily be exported to Excel, html, pdf, csv, bmp, json and other formats.
Enhancements
Remote Control
Concurrent Multi-Monitor Support — In addition to the ability to work with multiple monitors individually, Remote Control now supports simultaneous viewing and control of all monitors, exactly as they are configured on the target device.
We also added thumbnails of monitors to make it easier to connect to individual monitors or all monitors at once.
Software Management
We have introduced a new option within Patch Policy to schedule a reboot when the patch process requires one. The addition of this functionality allows you more flexible control over the reboot process. You can now choose to either suppress, start immediately or specify when the reboot will occur.
The following changes to Patch Management are also included:
Software installation scripts now fully support Windows 11.
A paid version of Adobe Acrobat is now included with the 3pp Software Catalog. Both Pro and Standard versions are now supported.
We added Firefox ESR, the enterprise version of the Firefox browser, to the software catalog.
Policies
Pending Reboot Notification added to Endpoint Policies — You can now send a notification when a device requires a reboot.
Platform & Security Improvements
Password Complexity — With this release, you get improved security for managing user passwords by arming you with the ability to configure complexity requirements. Configured in Server Admin / Security and once enforced, if a user logs into the web application and their password does not meet the configured requirements, they will be prompted to change their password.
Note that for added security, some of the attributes, such as minimum password length, have pre-defined minimum values as determined by our internal security team.
Mobile Application
Support for Block User Input for iOS — We added the ability to block end-user input (keyboard and mouse) when using Remote Control within the iOS mobile application.
Approve 2FA from Apple Watch — Users who have the iOS mobile application and an Apple Watch can now approve or decline their 2FA login requests directly from their Apple Watch.
Content Packaging
We are introducing auto-provisioned and self-updating Content Package capabilities with this release. It enables vendors and third-party integrators to distribute compelling content to further enhance the VSA X platform and ease of use. The first available package is delivered by Kaseya and adds “Extended Audit For Serves and Computers” as a core component of the VSA X Audit capabilities.
25 custom fields for extended Audit and Reporting
30 Scripts
10 additional scopes
Integrations
Discover and Manage Datto BCDR Devices
We have rebuilt and enhanced the Datto BCDR integration in this release providing the ability to discover and manage BCDR appliances with the following benefits:
Discover Datto BCDR Appliances
Deploy Datto Continuity Agents to VSA X devices
Remote Control into Datto BCDR Appliances
View and Manage Datto BCDR Appliances
Please note manage is achieved via deep links into the Datto Native BCDR appliance
December 01, 2022
The December release of VSA X features two major innovations to improve both the security posture of your IT ecosystem and supercharge the productivity of your team. The first innovation is Ransomware Detection, an optional licensed add-on that will protect your users, data, and network from ransomware. The second innovation is a significant improvement to our integrations with both Autotask PSA and ConnectWise Manage PSA to include the ability to build automated workflows based on ticket-based triggers.
Ransomware Detection
SMBs faced 31,000 ransomware attacks per day last year. Our community is under attack and we here at Kaseya knew we needed to do something about it. The new Ransomware Detection module for VSA X protects businesses against ransomware attacks and ensures control and ownership remain undisrupted.
VSA X will monitor the status of endpoints and generate alerts or tickets for any detected ransomware-style behavior such as file encryption/deletion, deletion of backups or even the presence of ransomware notes.
VSA X can then trigger automated workflows to isolate any infected machines and disconnect the endpoint from the network to prevent damage. Users can then leverage their favorite BCDR solution to restore the infected machine and make the network whole.
Additionally, the VSA X mobile app empowers you to isolate or revert isolation of an endpoint with just a click of a button from anywhere.
This new module is free until December 31, 2022 and will be $0.50/endpoint/month in 2023. Give you account manager a shout if you have any questions.
Two Way Ticketing with PSA
This release brings incredible updates to the PSA integrations for both Autotask PSA and ConnectWise Manage. This upgrade to the integration supports two-way tickets and also the ability to add/update/close tickets during Automated Workflows. Additionally you can now use ticket-based triggers for automated workflows.
The dreaded my printer isn’t working ticket can now be entirely, and easily, auto-remediated easily through the Automation Workflow Builder.
A brief overview of the changes include:
Bi-directional change management between RMM notifications and PSA tickets
When a notification changes in the RMM, if it was already associated with a PSA ticket, the ticket will be updated automatically with information about the change.
New improvements to Automation Workflows allow more comprehensive management of changes.
Map RMM devices and PSA configuration items
Devices can be optionally mapped to existing PSA configuration items, or the mapping can be configured to create a new PSA configuration item that will automatically be associated (mapped) with the RMM device.
Mapped devices will automatically be linked to PSA tickets that are associated with RMM notifications for the given device.
NEW PSA ticket management capabilities to the Automation Workflow Builder for customized process automation
Trigger
PSA Ticket has closed – will trigger when a PSA Ticket that is associated with an RMM object (device or notification) has closed in the PSA.
Conditions
Ticket has been created – provides true/false validation logic to determine if a PSA Ticket was already created for the selected Trigger type.
Ticket has been opened for the same alert within “x” hours – this is useful when a new RMM notification is triggered but you want to validate whether there is still an open PSA ticket for a previous RMM notification of the same type, within a configurable timeframe. Using this option allows you to build workflows that update previously opened PSA tickets.
Actions – the actions will show PSA vendor-specific attributes (ie. Queue, Priority, Status, etc) when a PSA integration is active. When no integration is active, the vendor-specific attributes will not be available within these actions.
Create Ticket – Allows creation of a new PSA ticket.
Update Ticket – Allows updating of an existing PSA ticket.
We have updated the notification pages to provide a contextual deep link for easy navigation to the associated PSA Ticket
