Dear Heimdal Partner,
We would like to inform you that a new version of the Heimdal Release Candidate (RC) dashboard, version 4.3.0, will be released next Tuesday, July 23rd 2024.
Starting Friday, July 26th 2024, the Heimdal RC Agent will be available for download in the dashboard's "Guide" section under the "Download and Install" tab. It will be deployed on a roll-out basis over the course of the coming weeks.
Here are the main features and improvements rolling in with the new 4.3.0 RC:
Heimdal Dashboard
Alternative mechanism available for Azure Active Directory synchronization
Starting with the 4.3.0 RC release, we are offering customers an alternative Azure Active Directory synchronization mechanism, which considers set user-based access rules/ permissions and is recommended for enterprises that have very strict compliance norms and regulations. This new mechanism allows dashboard users to register, on the Microsoft Azure portal, a “dedicated” application, in which they can granularly define the level of access and use that app. for AAD sync purposes, by providing an extra set of parameters, namely the Client Id and Secret Value of the application, alongside the already required Tenant Id.
To use this alternative sync mechanism, the dashboard user needs to access the Guide section of the Heimdal dashboard -> Customer settings -> Azure AD & SAML setup tab, where the two new input boxes “Client ID” and “Secret Value” have been added.
Note: The two new fields are not mandatory (if left empty, the AAD sync mechanism will work as it works today).
If the new info is filled in, we will use the application for which the Client ID and Secret Value were provided. A dedicated URL, which will redirect the dashboard user to a Knowledge Base article, describing how to register an app. on the Microsoft Azure portal, can be found in the bottom section of the Azure AD & SAML setup page (“Heimdal Azure App. registration guide”).
If the Client ID and/ or Secret Value info are not correct, when trying to search and select an AAD group, the following error will be displayed.
Allow Microsoft (Azure Login) authentication only for dashboard login
Following the same train of thought - increased compliance - we’ve implemented a new functionality in the Guide -> Customer settings -> Azure AD & SAML tab, called “Allow Microsoft authentication only”. If enabled (the checkbox is alterable only if the “Log in to the Heimdal Dashboard using SAML 2.0” feature is enabled), it will restrict dashboard users to logging in only by using the Azure login method.
In case the dashboard users attempt logging in through the conventional “credentials” method, they will get an error message.
Heimdal Threat Prevention Endpoint and Network
DNS over HTTPS (DoH) for DNS Security - Network
This natural addition, post the introduction of the DoH functionality for DNS Security – Endpoint (formerly known as Threat Prevention Endpoint), in the fall of 2022 (3.2.0 Release), allows your organization to be one step ahead of the curve, as DoH represents a game changer and constitutes the essence of DNS protection (a safer yet more private/ stealthier manner for navigating the Internet). The functionality encrypts domain name system traffic by passing all DNS queries through a Hypertext Transfer Protocol Secure encrypted session. It consists of a new check box called “DNS over HTTPS Server” which can be found in Network Settings -> DNS Security area of the Heimdal dashboard. It sits under the “HybridDNS” tickbox, which secures the internal network DNS traffic by providing filtering capabilities on the customer’s own local DNS server, rather than forwarding the DNS queries to Heimdal’s DNS Security – Network resolvers and is alterable (enable/ disable) only if the former is enabled.
When enabled, all DNS queries will be resolved via the set DoH server (when the check box is ticked, a text field, where the DoH server domain or IP should be mentioned, will become available), except the queries related to the server itself.
DoH is here to mitigate the risk of DNS spoofing and man-in-the-middle (MitM) attacks in your IT environment, ensuring, as a default standard, that the session between the browser and the DNS server is encrypted and that nobody can alter the resolution request results and point the end user's browser toward a malicious website.
Heimdal Patch & Asset Management
Pie chart and matrix data clickable for Patch & Assets Windows OS
With the purpose of providing enhanced reporting capabilities in an intuitive and user-friendly manner, we’ve made the Pie charts and Matrixes’ data, from the Windows OS, Stats views, pertaining to the 3rd Party Patch Management and OS Updates sub-modules, clickable. Post switching the toggle to Stats view (in the corresponding Windows OS, Patch & Asset Management views), you will now be able to click on the info displayed in the CVSS/ Severity pie chart graphs and/ or the “By release date” matrixes and, by doing that, you will be redirected to a pre-filtered view (date range and severity/ CVSS) where you can visualize only the 3rd party patches and/ or OS updates that fall under that specific selection.
Heimdal Endpoint Detection
New Device Info notification for Firewall incompatibilities between Windows GPO and Heimdal GP
In order to prevent any cybersecurity mishaps and strengthen even more the security posture of your organization, we’ve introduced a new Device Info (formerly known as Active Clients) notification. This notification informs the dashboard users that their Firewall is not handled by the Heimdal Agent, as it is currently handled by a Local Policy that was configured via Active Directory. Due to how the Windows Firewall functions, when an endpoint is configured via Local Policy, it makes it unable for the Heimdal Agent to perform an isolation action. In order to avoid inconsistencies regarding the status of a machine that was isolated, but due to the old Firewall flow, was displayed in the Heimdal dashboard as isolated, we’ve added a new notification plus a new icon that highlights visually that the outcome of the action might not be the expected one. The new icon will be displayed in the Unified Endpoint Management > Device Info -> Standard and Hardware views, in the Status column of the corresponding tables. When selecting to view the computer issues details, a new notification is also displayed, informing the user that “There are incompatibilities between GPO (Windows) Firewall set-up and Heimdal Firewall (GP) settings!”. This icon and notification appear only if the Heimdal Agent detects that the Firewall on the machine is handled by a Local Policy.
Creation of a “Heimdal RD” profile in the Isolation Allowlist Rules
A new Isolation Allowlist profile option has been added in the Heimdal Firewall Group Policy area (Endpoint Settings -> Endpoint Detection -> Firewall tab, Isolation Allowlist Rules section), allowing the dashboard users to opt for a quick addition of a new profile, Heimdal RD and thus being able to connect, with the Heimdal Remote Desktop product, to isolated machines.
Note: In order for the setting to take effect, the isolation profile needs to be enabled in the GP, PRIOR to the isolation event taking place.
If the Isolation Profile is enabled and a machine isolation is triggered via any of the available methods, a new Firewall rule is added to the Windows Firewall.
Heimdal Email Protection
Option for IT admin to view and edit the End user console Allow and Blocklists
We’ve further enhanced the functionalities related to the End User Console and the way that IT Admins are able to interact with the “personal” Allowlist and Blocklists. In this regard, a new table has been added to the "Allowlist, Blocklist, and Greylist" tab from the Network Settings -> Email Protection -> Email Security tab. This table contains all user-level (personal) rules found in the End User Console and displays both Allowlist and Blocklist rules.
Users having access to the Network Settings will be able to edit or delete rules from this grid (the grid is visible only if the "User Quarantine Report by Email" and "End User Console" checkboxes are ticked, under the Quarantine Settings tab, when editing an existing domain).
When it comes to editing, the only allowed action is switching a rule's type between Allowlist and Blocklist. This operation will also be reflected on the respective tables from the End User Console.
Also, when a rule is deleted from this table, for a particular email account, it will also be deleted from the End User Console of that specific account.
Additionally, under Products -> Email Protection -> Email Security -> Details, Inbound and Outbound grids, Details column, dashboard user now have the option to create Allowlist/ Blocklist rules either at personal or global (domain) levels.
If the user selects the “Personal” option, a new End User Console rule will be created (and also displayed in the new table under the Allowlist, Blacklist and Greylist section in Network Settings).
Other improvements & fixes
Enhancement of "Select GP" dropdown functionality
With the release we’ve added the “Select GP” dropdown list in other product grids: Next-Gen Antivirus & MDM, XTP, Ransomware Encryption Protection Endpoint, PEDM and Application Control.
Windows Edition available in the Device Info -> Clients Specifics -> Device Info tab
This new info has been added to the earlier mentioned tab, as well as in the corresponding API responses and .csv downloadable files.
The Edition info is also present in the hover text displayed when placing the mouse over the “OS” info from the Device Info Standard view.
In order to ensure the correct functioning of the new features, please clear the browser’s cookies and other site data, as well as the cached images and files, prior to accessing the Heimdal dashboard.