Heimdal Assistance and Support Help Center home page

Articles in this section

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.

Heimdal Production (PROD) Dashboard version 4.8.3

Last updated
  1. Implementation of “Targeted machine type” drop-down list in the Group Policy (Endpoint Settings) configuration
  2. Implementation of a new Device Info -> “Monitored Devices” view & “Device Status Change” email alert and Integrations notification
  3. Heimdal Threat-hunting and Action Center- LAD improvements.
  4. Operating System Updates (Windows OS) – “Automatically install upgrades” check box
  5. PEDM – Implementation of Microsoft 2FA confirmation for elevation requests

We would like to inform you that an updated version of the Heimdal Production dashboard, version 4.8.3, is now live.

Starting Friday, July 11th 2025, the Heimdal Prod. Agent will be available for download in the dashboard's "Guide" section under the "Download and Install" tab. It will be deployed on a roll-out basis over the course of the coming weeks.

 

Here are the main features and improvements rolling in with the new 4.8.3 Prod..:

 

Heimdal Dashboard

● Implementation of “Targeted machine type” drop-down list in the Group Policy (Endpoint Settings) configuration

A new option has been added to Endpoint Settings that allows group policies (GPs) to be applied specifically to servers, endpoints, or to both (“All”) machine types. 

This enhancement offers improved control over device targeting and helps optimize performance, particularly on Terminal Servers which are characterized by frequent and/ or simultaneous user logins.

The “Targeted machine type” drop-down list can be found in the Endpoint Settings -> General Management tab. 

Picture1.png
 Together with the versatile enhancement, we’ve also introduced a new tick box (“Terminal server enhancement”), also found in the “General Management” tab, Agent Settings area, alterable only of the aforementioned “Targeted machine type” is set to “All” or “Servers”. If enabled, the GP won’t be refreshed at the time of a new user login and the GP check will be performed as per the setting applied in the “Policy check interval” slider.

Picture2.png

In order to make Heimdal dashboard users’ lives easier, these enhancements roll along with visual indicators and manual GP assignment filters, which can be found in the dashboard view showcasing all GPs (Endpoint Settings), respectively in the Unified Endpoint Management → Device Info -> Standarview, “Selected GP” column.

 Picture3.png

Picture4.png

● Implementation of a new Device Info -> “Monitored Devices” view & “Device Status Change” email alert and Integrations notification

Starting with the 4.8.3 PROD release, our dashboard users will be able to leverage a new email alert related to device status changes (device coming online or going offline), strengthening the reporting and compliance postures and streamlining the management of the IT estates.

A hostname can be added to device monitoring (a fresh “Monitored devices” view is available in the Device Info space) either from the Device Info -> Standard view, select a machine and apply the “Monitor device” command.

  Picture5.png

or from the dedicated “Monitored Devices” view, by adding a particular hostname to the monitoring flow. This can be achieved by using the dedicated button “Add monitored device”, searching the desired hostname and confirming the choice in the corresponding modal window. Picture6.png

 

Picture7.png

The brand-new “Monitored Devices” view contains a grid having the following structure (columns): Hostname, Username, Current GP, Selected GP, OS, Alive Status, Operational Status and Risk Score.

A newly added monitored device will initially have the offline (red dot) status (info found in the “Alive Status” column), until the GP sync happens and the actual monitoring job kicks in (about 15 seconds post the GP sync the status changes). Once this happens, the status will change to online (green dot). Hovering over the status icon will display the last seen (when the machine was last seen online) of that hostname.

Picture8.png

 

Picture9.png
Users can also opt to stop monitoring devices, by selecting the monitored devices and applying the “Stop monitoring device” command.

Picture10.png
 The device status info has also been added to the Device Info tab, Client Specifics (post clicking a hostname) view.

Picture11.png
The “Monitored Devices” view offers the Heimdal users the possibility of downloading the info from the grid in a .csv file format, sorting the data, searching by hostname or username and filtering information based on the devices operating system, Alive Status and/ or Operational Status.

Picture12.png


 Considering the importance of this information, in some occurrences (e.g.: critical server infrastructure), we have provided the option to further extend the monitoring by receiving email alerts (in case the functionality is enabled) and/ or support tickets being automatically created with the help of our PSA Integrations module.

The dedicated email alert “Device Status Change” (DSC) can be set, as the other alerts, at corp. customer and/ or reseller levels.

Picture13.png
 When the monitored device status changes, the selected recipient will receive an email containing the corresponding info.

Picture14.png

When it comes to our Integrations functionality, dashboard users can set up, as per their choice, the option for support tickets to be automatically generated in their PSAs (ConnectWise PSA, HaloPSA, Autotask) for device status changes.


Picture15.png

ConnectWise PSA


Picture16.png


Halo PSA


Picture17.png

Autotask


Picture18.png

 

●  Bitlocker Management – ability to view Bitlocker keys history

A new button “View history’’ is available in the “Recovery key” column from the Client Specifics (click a hostname) -> UEM -> Bitlocker Management tab. If clicked it will open a modal window displaying the historical recovery keys set for that specific machine, on that specific volume/ drive.

Picture19.png
Note: The “View history” button is subject to the “View_bitlocker_recovery_keys” user claim (ACL) being enabled.

Picture20.png

 

Picture21.png

● Heimdal Integrations – Option to add ticket notes for repetitive (identical) notifications (Heimdal Operations)

In order to avoid “alert fatigue” we’ve implemented the option (check box) to add ticket notes for identical Heimdal Operations. This functionality can be found in the Guide -> Customer Settings -> Integrations tab and is available for all the supported PSAs: ConnectWise, Halo and Autotask.

Picture22.png
If “Create ticket notes for repetitive (identical) notifications” is enabled, whenever an identical notification is generated multiple times within a 24-hour interval, we’ll automatically update the initial/ original ticket using notes. The notes are created only for open tickets. The newly created ticket note has the same content as the ticket details.

Picture23.png
 

● Device Info –> History view

Starting with the 4.8.3 release, a new view, called “History”, is available in the Device Info Heimdal dashboard space. This is a dedicated view which contains the machines that have been online during the selected dashboard timeframe.Picture24.pngHowever, the Device Info -> Standard view will display the machines that have been active during the selected timeframe (an endpoint will be considered active between activation date and last online date; even if that hostname has not been online on certain days, but has an activation date that fits in the selected dashboard timeframe, that hostname will be displayed in the Standard view grid, although the last online date is outside that interval).

Picture25.png

Heimdal Threat-hunting and Action Center

Our Login Anomaly Detection (LAD) module underwent changes, meant to improve its accuracy, as well as to increase ease of use and relevance. 

Previously, using LAD, allowed dashboard users to detect if an Azure AD user has logged in from another country (in regard to the “usual” location). Now, we’re monitoring other factors too and flagging suspicious logins based on these new criteria.

Thus, in the Login Anomaly Detection -> Standard view, we have enriched the intel related to the type of alerts (“Alert Name”) providing besides the already available unusual login alerts, alerts related to:

  • “Impossible travel”: generated when two azure logins are made from different countries within an hour (considering that the calculated time travel between deem the logins as impossible);
  • “Anonymized IP Address”: generated when an anonymized IP Address is detected in Azure logs;
  • “Suspicious Browser”: triggered when an Azure AD login is made from a new Internet browser, other than the “usual” one (a browser will be added as the “default”/ “usual” one within 14 days from the moment of the user creation).

For the above Alert names, the dashboard user can take from the LAD product page grid and/ or the TAC Action Center, the “Acknowledge”, “Logout user” and “Dismiss” actions, except for the “Anonymized IP Address” in the case of which only the “Logout User” and “Dismiss” actions are available. 

Picture26.png
 Filters, for the new “Alert Names” have also been added in the LAD -> Standard view.

Picture27.png
 
Heimdal Patch & Asset Management

● Operating System Updates (Windows OS) – “Automatically install upgrades” check box

This new feature, consisting of a check box found in Endpoint Settings -> Patch & Assets -> Operating System Updates, Install Settings area of the Windows OS GP (default disabled), controls the installation of Windows Updates (WU) upgrades, specifically Feature Updates such as version 20H2, 21H1, 21H2, 22H2, 23H2, 24H2, and major operating system upgrades like Windows 11 or Windows Server 2025. Picture28.pngThe functionality also supports postponement controls like the reboot flow. Users can delay the installation of WU upgrades using the "Allow user to postpone upgrades" option in GP, alongside adjustable sliders for Upgrade Delay and Number of Postpones Allowed.

If the feature is enabled and an OS Upgrade is available for installation, the end user will receive, on the agent side, a pop-up like the one displayed below.

Picture29.png
 In the corresponding product grids, in order to facilitate differentiation, WU upgrades are highlighted with a distinct color (orange), in the “Categories” column.

Picture30.png


Heimdal Privileges & App. Control

● PEDM – Implementation of Microsoft 2FA confirmation for elevation requests

Additional to the existing Heimdal 2FA PEDM elevations end user authentication, to increase security and provide versatility, we have also introduced a Microsoft 2FA authentication method. If enabled, it ensures that only authorized end users can elevate a session or access a specific file. 
Authorization is granted exclusively to the Microsoft account currently used to sign in to Windows. We recommend verifying in the Azure Portal whether users are required to use 2FA.

Picture31.png
 
Note: We recommend verifying in the Azure Portal whether users are required to use Microsoft 2FA.
In the Azure Portal - Users select the Per-user MFA
Picture32.png
and then select all the users on which MFA is to be enforced and press Enable MFA and after Enforce MFA.
Picture33.png

If the Microsoft 2FA option is enabled & all the aforementioned conditions are met, the end user requesting an elevation will be shown the Microsoft pop-up window prompting the user to sign in with their Microsoft credentials. 

Picture34.png
After successfully logging in, the two-factor authentication page will be displayed, where the end user is expected to approve the request using the Microsoft Authenticator app or the official alternative approval means.

Picture35.png
 If the user does not have permission to log in or cancels the authentication, a Heimdal agent pop-up will appear with the following message:

Picture36.png
 In case the end user is trying to login with an account other than the one used for the Windows log in, an “Access Denied” Heimdal agent pop-up will be showcased.

Picture37.png
 If the account does not have the 2FA authentication method enforced in Microsoft Azure, an “Access Denied” Heimdal agent pop-up will appear.

Picture38.png
 Lastly, if the machine from which the end user is requesting the elevation does not have a function Internet connection, we will display the following end user pop-up screen.

Picture39.png
 

● PEDM – Inclusion of “Time to live”, “Accepted requests availability time” countdown in the end user approved elevations pop-up window 

This new PEDM feature, meant to streamline user experience, consists of the addition, in the end user pop-up window, of a countdown timer displaying the remaining time until the approved elevation request expiration.
The timer reflects the “Time to live” set in the Group Policy, under “Accepted Requests Availability Time”. 

Picture40.png

Note: if no specific “Time to live" is configured, the default value of 24 hours will be used.

After a request is approved, the updated notification will appear for both “Run as Administrator”/ file elevation and “Administrator Session”/ session elevation types. 
Additionally, approved request notifications that include an administrator message have been modified as well.

Picture41.pngPicture42.png

Picture43.png


Heimdal Email Protection

● Email Security – IP Range Management for Allowlist & Blocklist

Starting with the 4.8.3 PROD release, as testimony to our continuous effort to improve our dashboard users’ experience, a new functionality has been implemented in the ESEC module, allowing the configuration of IP ranges within both Allowlist and Blocklist settings. This update provides greater flexibility for defining trusted and blocked IP sources when evaluating inbound emails.

When navigation to Network Settings -> Email Protection -> Blocklist, Allowlist & Greylist tab, the dashboard users can now input IP ranges, while prior to this release, only single IP addresses could have been allowed or blocklisted.

Picture44.png

 

Picture45.png
Note: IP ranges must be written using the hyphen - symbol with no spaces before or after. 

With this enhancement, we also allow the upload of IP ranges with the help of the .csv file import functionality.

Heimdal Remote Desktop

● Ability to add Supporters from the Group Policy 

In order to provide more versatility and convenience to our Remote Desktop module, our dashboard users can now add Supporters from the dedicated GP tab too (previously this could have been achieved only from the Remote Desktop product page).

The newly created "Add supporter" button opens the "Add supporters" modal window, from which one or multiple hostnames can be added as supporters to the current GP.

Picture46.png


Picture47.png

Note: The hostname multi selection drop-down list displays all hostnames that are not already supporters; the permission to Allow or Disallow a supporter to remotely connect to a non-Heimdal device can be set only from the Remote Desktop product page.

Other improvements & fixes

● Endpoint Detection, Firewall - Display Event ID 2071 & 2097 rules in the dashboard

Our Firewall module has been enhanced to automatically capture and display local Windows firewall - related rules generated by Event IDs 2071 and 2097. As previously we have been monitoring only Event ID 2004 – related rules, this improvement provides greater visibility into the local firewall configurations of endpoints directly from the Heimdal dashboard.

● Unified Endpoint Management -> Device Info -> Hostname groups – Clickable   hostnames 

Small, yet useful enhancement, we are now providing the option to click the Hostnames part of a Hostname Group (Group Name) and redirect the dashboard user to the Client Specifics view, UEM -> Device Info tab.

Picture48.png
 ● Endpoint Detection, Ransomware Encryption Protection Endpoint – Ability to add “Friendly name” for exclusions performed from the product grid modal window

This handy improvement helps dashboard users achieve the same versatility when excluding process from REP for Endpoint, from the product grid, as they already could have when performing the exclusion from the Endpoints Settings dedicated area.

It consists of the addition, in the “Exclude selected processes” modal window (displayed after selecting a process and hitting the “Exclude” command from the “Select what action to take” drop-down list), of a text field that allows inputting a “Friendly name” the exclusion. The field is mandatory, and the filled-in info will be available in the Endpoint Settings -> Endpoint Detection -> Ransomware Encryption Protection, Exclusions grid. 

Picture49.png
Note: The “Friendly name” filed is mandatory and if no information will be provided, an error message will be displayed.
Picture50.png

● Privileges & App Control, Privilege Elevation and Delegation Management – Separation of the Map users to group functionality   

This enhancement consists of splitting the previously generic “Map users to group” option (Endpoint Settings -> Privileges & App Control -> Privilege Elevation and Delegation Management, Group Settings area) into two separate sections, so that it can be set differently for “Run as Administrator” and “Administrator Session” elevation types.

Enabling the “Map users to group” option from the “Run as Administrator” section and setting a group name, means that the “Run as Administrator” elevation type will only work if the currently logged in user belongs to that defined group. The same will happen with the “Administrator Session” option.

●   Heimdal Agent – enhancement of the user interface

Beginning with the 4.8.3 PROD version, the Heimdal agent UI has been enriched with information. In this train of thought, end users can now see the Last Sync, Last Scan and Last Applied GP name in the Heimdal agent user interface, formatted according to the user's system settings.
The newly added info can be found in the General Settings -> Miscellaneous section.

Picture51.png
 ● Implementation of a wildcard-type Hostname search in the Heimdal dashboard

In order to assist our users in their forensics endeavors and better the user experience, a new search method, based on wildcard, was introduced in the Heimdal dashboard, in all the grids where the Hostname information is present.

The wildcard character * can be used at the beginning or end of the input to match partial values. Currently, this functionality is available only for the Hostname column across all grid components.

Picture52.png

Note: *abc – matches hostnames ending with abc; abc* – matches hostnames starting with abc; *abc* or abc – matches hostnames containing abc.

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.