ESET Secure Authentication On-Premの最近の変更ログ
- Fixed: RADIUS Proxy-State attribute and Message-Authenticator overwriting in response
- Fixed: Unable to upgrade ESA via ESET PROTECT On-prem
- Fixed: Attribute for radius client cannot be saved
- Fixed: Upgrade fails on newer builds of Windows Servers in uninstall phase of prev. version
- Fixed: Installation/upgrade fails on newer builds of Windows Servers
- Fixed: Missing attributes when user from selected realm
- Fixed: Fail to start ESA service when OTP SMS Product Instance is broken on EDF
- Fixed: Wrong parse of postgrestql version for linux
- Fixed: Missing AD Attributes when User from Trusted Domain
- Fixed: SharePoint Claims
- Fixed: Change consuming users in expired license
- Fixed: AD custom action is being called when not needed which results in misleading information in installation logs
- Fixed: DB password in installation logs
- Fixed: Installer naming inconsistency
- Added: Copyright 2024
- Improved: Self-Enrollment QR code has been improved as some customers have experienced issue with scanning of the QR code.
- Fixed: Grace period with licensing.
- Fixed: Kazakhstan phone number is now being identified correctly.
- Fixed: License reactivation related to migration scenarios has been fixed.
- Fixed: OWA attachments download problems have been fixed.
- Fixed: Installation failed on WIN11 22H2.
- Fixed: Identity Provider installation fails during upgrade.
- Fixed: Installation of some ESA components in AD mode on WIN11 22H2 finished with rollback.
- Fixed: Port availability prerequisite fails.
- Fixed: Do not use PowerShell in Elasticsearch setup.
- Fixed: AD FS managed service account incorrectly cut to 15 characters.
- Fixed: Implement parallel DNS requests.
- Fixed: FIDO - allowCredentials - inconsistency between core and Windows Login.
- Fixed: Reporting Engine component which is based on a 3rd party component Elasticsearch that might have been partially affected by the vulnerability of log4j.
- Added: Support for RDP Web Client (HTML5)
- Added: Grouping of Exchange OWA/ECP
- Improved: Description of certified hash
- Improved: FIDO PIN is no longer visible (as plain text) in windows logins
- Changed: RADIUS challenge wording to easily readable format
- Fixed: Reported Error 500 issue
- Fixed: Issue when MSCHAPV2 authentication failed
- Fixed: Issue with SMTP authentication
- Fixed: Issue with 2FA in Exchange 2010 in special cases
- Fixed: Issue when ESA RADIUS does not respond when setting "name from distinguished name" for memberOf
- Fixed: Invalid domain name obtained if DNS suffix is set
- Fixed: RADIUS - Checking of group membership
- Fixed: Various other bug fixes
- Added: offline license activation warning
- Improved: users can use FQDN or NetBIOS domain name by authentication
- Fixed: issues with data export in AD mode
- Fixed: issues leading to Error 500 in OWA
- Fixed: issue when exchange users without mailbox could login without 2FA
- Fixed: Windows Login component no longer shows outdated information about logins left
- Fixed: issues when other than English language used in Windows related to FIDO
- Fixed: issue when VPN server stopped communicating with RADIUS component
- Fixed: issue with self-enrollment when using FIDO
- Fixed: issue when logging to OWA
- Fixed: issue with first factor validation in RADIUS
- Fixed: various other improvements and bug fixes
- Added: ASP.NET Membership Database users support in SharePoint
- Improved: Elasticsearch connectivity
- Improved: RADIUS support for custom attributes containing multiple values e.g. memberOf
- Improved: MacOS authentication using PAM and related documentation
- Improved: RADIUS PAP password now supports UTF-8
- Improved: Windows login FIDO authentication
- Improved: ESET MSP Administrator now explicitly mentioned
- Improved: Dozens of other performance, usability and security improvements
- Fixed: AD FS problems when AD language is different than ENU
- Fixed: E-mail notifications now use server local time
- Fixed: Web console error 500 when WMI is not accessible
- Fixed: Windows login authentication failure when domain controller is unavailable
- Added: Mobile app screenshoting protection
- Added: Hard tokens - support for base32 secret
- Changed: Update to End User License Agreement
- Improved: Authentication when using RADIUS
- Improved: Support for FIDO keys in Windows Logins
- Improved: Security of custom delivery options
- Improved: TLS compatibility and support
- Improved: Strict character limitations for account name, email, display name were increased
- Improved: Dozens of other performance, usability and security improvements
- Fixed: Multi actions in ESA web console sometimes change also not selected items
- Fixed: Various updates and fixes to Identity connector
- Fixed: Occasional connectivity loss to Elastic search engine (reports)
- Fixed: Domain controller issues after restart
- Fixed: Users deduplication
- Fixed: Problem with invalid phone number when using custom delivery option
- Fixed: SMTP connection fails if server does not support any authentication
- Fixed: Password change in Windows logins
- Fixed: "Show password" icon missing in Windows Logins
- Fixed: Issues with encrypted hard tokens importing
- Added: Major performance improvements (Authentication requests)
- Added: Support for external databases (MSSQL, PostgreSQL) in standalone mode
- Added: Ability to have multiple ESA servers in standalone mode (HA)
- Added: New integration options with new ESA Identity Connector component
- Added: Support for native biometric in mobile operating systems (e.g. Touch ID) in addition to PIN code in mobile apps (iOS, Android)
- Added: Notification center
- Added: FIDO support in Windows Logins
- Added: Additional approval when logging in from new location
- Added: Ability to export database data
- Added: Invitation capabilities now support external IP address
- Added: Customizable attributes for user (email and display name)
- Added: Custom VPN attributes
- Added: New filtering options and improvements
- Added: Sorting in tables
- Added: Rows counts
- Added: New script when working with RADIUS clients
- Added: Remote Desktop Gateway RADIUS integration manual
- Added: Support for Elasticsearch v 7.x
- Added: Support for iOS 13
- Added: Support for Android 10
- Added: Support for Windows 10 (November 2019 Update)
- Added: New API methods added in documentation
- Added: Ability to COPY/PASTE OTP in mobile apps
- Improved: Major mobile apps (iOS, Android) UI refresh
- Improved: Invitations capabilities now support external IP address
- Improved: Documentation focused on making ESA server accessible from public internet
- Improved: Dependence on mobile number deprecated
- Improved: OTP via email
- Improved: More usable Master Recovery Key
- Improved: "Allow non 2FA" setting added to dashboard
- Improved: Completely reworked UI including new wizard
- Improved: Dashboard user status icons can be now used to drill down to filter specific problems
- Improved: Dozens of other performance, usability and security improvements
- Improved: AD FS - add support for server farm with common database
- Improved: Windows 10, build 1709 and later does not require 2FA by user first logon when automatic login enabled and 2FA for unlock not set
- Fixed: Windows Login credential provider activates itself on the RDP client when not needed
- Fixed: User duplication due to multiple Domain controllers or multiple ESA servers in some cases
- Fixed: Under some circumstances user is logged out of the console in 2 minutes
- Fixed: Under some circumstances offline login in Windows logon breaks after auto-sychronization
- Fixed: The "Settings" window of ESA app is not opened after opening an incorrect provisioning link in "SMS" when app's PIN is created
- Fixed: Remote Web Access on Windows Small Business Server 2011 does not work
- Fixed: Android - The "New Login Request" dialog doesn't appear if open the ESA app before PUSH approving from notification
- Fixed: Some connections still do not respect proxy settings
- Fixed: RDP - ESA registers any user name if password not provided
- Fixed: Uninstall does not work if permissions for ESA.config are missing
- Fixed: Android - ESA application doesn't launch on Meizu M3s (5.1)
- Fixed: Phone number message - accept spaces
- Fixed: Windows Login - Internal Server error when too many OTPs sent to offline cache
- Fixed: Android app icon is not shown in list of installed apps and in app details
- Fixed: Active directory locked state not correctly retrieved from Active Directory
- Fixed: Multiple other smaller feature and security improvements
- Improved: Update from Android 11 (API 30) to Android 12 (API 31).
- Fixed: Push on Android 12 not working and sometimes caused the crash of ESA app.
- IMPROVED: Security when handling web console credentials
- IMPROVED: Extended time out in RDP connection
- IMPROVED: Performance improved when enumerating components
- FIXED: Product activation via proxy
- FIXED: Proxy settings is not applied when install core with proxy settings via MSI
- FIXED: Potential XSS attack in Web Console
- FIXED: When syncing realms - invalid domain GUID obtained for child domain
- FIXED: Elasticsearch Java prequisite check
- FIXED: Elasticsearch with OpenJDK 11
- FIXED: Failed to extract credentials error shown when accessing shares
- FIXED: Other internal improvements and bug fixes
- Fixed: After upgrading, license usage is duplicated under some circumstances
- Fixed: “Network error 500” is displayed in Web Console under some circumstances
- Fixed: Offline OTPs authentication does not work in Windows Logins
- Fixed: Users are logged out from Web Console after 2 minutes
- Fixed: Realms for domain users duplicated
- Fixed: Reporting engine installation is corrupted due to 2GB memory limit
- Fixed: Reporting engine fails to install when special characters are used
- Fixed: API - Authentication methods without realm do not work
- Fixed: Push authentication does not work after self-enrollment and mobile number change
- Fixed: Reactivation fails when reactivating from User+SMS site to User-only site
- Fixed: Reactivation from offline file to online does not move the user consume
- Fixed: Offline behavior for windows login can`t be changed from MMC
- Fixed: Not possible to upgrade ESA core if installed together with reporting engine via MSI
- Added: Integration with the ESET core licensing model for new options to activate the product using License Key or ESET Business Account and offline files. See product documentation for more details.
- Added: Support for self-enrollment of users
- Added: Web console Reports feature that allows you to view and perform tasks on all options from the Audit log
- Added: FIDO support including FIDO2 and FIDO U2F
- Added: Support for Time-based tokens (TOTP) in ESA mobile apps (Android, iOS)
- Added: QR code scanning (support for self-enrollment) in ESA mobile apps (Android, iOS)
- Added: Support for third-party tokens (all OATH compliant HOTP/TOTP)
- Added: RADIUS IPv6 support
- Added: Ability to change the service account name
- Added: Dynamic IP pre-requisite
- Added: Support for Windows Server 2019, Windows Server 2019 Essentials, Windows 10 (Redstone 5), Microsoft Exchange 2019, Microsoft SharePoint 2019, Microsoft Remote Desktop Web Access +Windows Server 2019, Microsoft Remote Web Access +Windows Server 2019 Essentials
- Changed: Default SMS offering for onboarding cannot be used for SMS OTP and vice versa and SMS onboarding count will not be displayed in the product
- Changed: SMS for user provisioning, included in the bundle, are limited only for user provisioning purposes
- Changed: MSI GUI discontinued
- Changed: Minimum support version for Android OS is now version 4.1 through version 9
- Changed: Minimum support version for iOS is now version 9 through version 12
- Changed: Compatibility update. See product documentation for more information Changed: Specifying components via ADDLOCAL when upgrading causes installation to fail
- Improved: Whitelisting “Per Feature” for specific ESA components
- Improved: General web console improvements focused on performance, security and usability
- Improved: Ability to edit mobile phone number in AD mode directly from the web console
- Improved: Improved support for Active Directory Sites and Services
- Improved: Hardware tokens setting is enabled automatically by default
- Improved: OU management
- Improved: Number of offline local logins is adjustable
- Improved: Push authentication behavior in connection with Cisco VPN
- Fixed: Counter not displaying correctly for Hard Token imports
- Fixed: Multiple cores sometimes cause issues with Push authentication
- Fixed: Locking during RDP session displays blank screen on Windows 2019 and latest Windows 10
- Fixed: Hard tokens synchronization issue causing authentication failures
- Fixed: Enrollment issues on iOS (two clicks to SMS)
- Fixed: A push authentication is not received correctly on a mobile device when a specific realm is selected in RADIUS
- Fixed: Installation fails with error "The password does not meet the password policy requirements."
- Fixed: Error when opening MMC with many RDP/Windows login components registered
- Fixed: Domain authentication does not work when accessing the Web Console from another computer using hostname or FQDN
- Fixed: Network request failed in the Web Console with Hard Token when date is not imported from version 2.6
- Fixed: Inconsistent server state for Web Console and MMC for multiple ESA Core servers
- Fixed: Mounting SharePoint folders (Map Network Drive) does not work when current user has 2FA enabled
- Fixed: YubiKey hardware token supports changed keyboard layouts
- Fixed: Various other bug fixes
- Added: Support for time-based hardware tokens (PSKC)
- Fixed: List of users does not reload when the login session expires
- Fixed: Web console does not display correct user lists when switching to another web console section
- Fixed: Upgrade using MSI fails in standalone mode
- Fixed: Remote Desktop Web Access component is not visible in the web console when installed together with core
- Fixed: Second factor is requested while accessing "Options" tab in Exchange 2013
- Fixed: MMC error displays when large amount of RDP/Windows login components are registered
- Fixed: Creation of authentication server service account sometimes fails due to insufficient password complexity
- Fixed: RADIUS-specific realm does not send realm name in push message
- Fixed: Issues with long expiration dates when importing hard tokens
- Added: Whitelist IP per feature
- Added: Switch off Two-Factor Authentication (2FA) for Web Console
- Improved: Load time for users in the Web Console
- Fixed: Imported hard tokens with missing expiration dates cause network request failure
- Fixed: Different keyboard layouts cause issues with YubiKey
- Fixed: Users with Two-Factor Authentication (2FA) unable to mount SharePoint folders (map network drive)
- Fixed: Various bugs and improvements
- Added: Support for stand-alone deployment mode and ability to install the ESA server without a need to have Active Directory Domain in place
- Added: New web console for central management
- Added: Support for users other than domain users
- Added: New options to add additional users (for example, manual import, automatic sync, etc.)
- Added: Support for multiple domains
- Added: Reworked API to include new capabilities
- Added: Ability to have multiple users with the same mobile number (or one mobile app) in one domain
- Added: Ability to remove accounts (or tokens) directly from the mobile app UI
- Added: Push Authentication for Windows 10 mobile
- Added: Ability to change server port during setup
- Added: Support for encrypted PSKC file format
- Changed: Updated legal terms and sensitive information handling due to EU General Data Protection Regulation
- Changed: Reworked and redesigned mobile enrollment
- Changed: UI unification and redesign across major mobile apps
- Improved: Faster offline mode detection
- Fixed: Inability to download MS Office document with SharePoint integration
Version (as compared to version
- Added: Push Authentication for iOS
- Added: Push Authentication for iOS with Apple Watch support
- Added: Ability to manually add custom company logo into IIS filters (e.g. OWA)
- Added: Ability to generate alternative codes (Master recovery key) for all integration options
- Added: Ability to check for newest version of the application from MMC console with option to download newest installer
- Added: Support for proxy server
- Added: Ability to set RADIUS port during installation
- Added: Uninstaller able to remove all program and user data including product configuration
- Added: Ability to manually remove old clients from the MMC console
- Added: Automatic removal of uninstalled clients from MMC console
- Added: Ability to copy provisioning link
- Added: iOS 10 support
- Added: Ability to create applicaiton shortcut after installation
- Added: New languages in iOS app: Dutch, Italian, Czech, Turkish, Polish, Arabic, Portuguese, Japanese, Chinese Simplified, Chinese Traditional
- Added: New languages in Windows phone app: English, German, Hungarian, French, Russian, Spanish, Slovak, Dutch, Italian, Czech, Turkish, Polish, Arabic, Portuguese, Japanese, Chinese Simplified, Chinese Traditional
- Added: Windows Server 2016 support including ADFS, Microsoft Remote Desktop Web Access
- Added: Windows Server 2016 Essentials including ADFS, Microsoft Remote Desktop Web Access, Microsoft Remote Web Access
- Added: Support for Sharepoint 2016
- Added: Suppor for Microsoft Exchange 2016
- Added: Microsoft Dynamics CRM 2016
- Added: Microsoft SharePoint Foundation 2013
- Added: Microsoft SharePoint Foundation 2010
- Added: Windows 10 Anniversary (Redstone 1) support
- Added: Support for additional RADIUS Attributes (Filter-Id)
- Added: End User License Agreement for iOS
- Improvement: Domain Administrator account is asked only if neccessary by installation of RADIUS, RDP, Windows login and MMC
- Improvement: Notify administrator if restrictive policy is set
- Improvement: Checking needed prerequisites more robust
- Improvement: Minor updates to Windows phone app
- Improvement: Various UI improvements in the iOS app
- Updated: Minimum supported version for iOS is now 6 (currently provisioned apps installed on devices running lower versions will remain functional but will not be eligible for latest update)
- Updated: Copyright & Company name in all applications (Google Play, iOS and Windows)
- Fixed: RDP whitelisting limitation
- Fixed: OWA timeout issue
- Fixed: RDP OTP dialog timeout
- Fixed: Language unification in installer
- Fixed: Some Vasco Digipass hard token import issues
- Fixed: Various bug fixes and internal improvements in all applications (Google Play, iOS and Windows)