BT PM App & BT ePO Extension 24.2 Release Notes

March 26, 2024

This release notes document covers updates to Endpoint Privilege Management ePO Extension and BeyondTrust Endpoint Privilege Management App (BT PM App).

For more information about the app, see:

Requirements:

  • BT PM App can only be installed on Windows machines.
  • ePO must be upgraded to use BT PM App 24.2.

New Features and Enhancements:

BeyondTrust Privilege Management ePO Extension 23.10 (Signed)

  • Trellix signed BT ePO extension.
  • Add a new remote command to report the policy status to the BT App.

BeyondTrust Privilege Management App 24.2

  • Added search feature to Policy Editor that facilitates ease-of-use searching when trying to find specific details about policy configuration. Search results finds all matches in the policy and indicates the exact location of the matches. Click the linked text to navigate to the element you want to manage. The search results includes these areas of the policy:
    • Windows and macOS Application Groups
    • Applications (including application matchers)
    • Workstyles properties: Application Rules, Account Filters, Computer Filters.
  • Added truncation to the Advanced Agent Settings page and replaced the input text box with a modal to view and edit multi-string values to improve the user experience and provide better readability of the values.
  • Updated Applications Rule UI and On-Demand Rule UI with drilldown links for the Custom Token and Messages properties. This make is easier to change the settings for those properties. Select the link to go directly to the configuration page without having to navigate to the Custom Token or Messages areas in the EPM UI.
  • Updated Azure Active Directory references to Microsoft Entra ID.
  • Added Status to the Policies page, ensuring policies that shouldn’t be editable are not.
  • Added ability to open multiple instances of the PM Electron App to enable opening and editing more than one policy at the same time.
  • Added a local AD connector feature. Configure the connector to query the local Active Directory to add users and groups when configuring policy.
  • The Policies logon page is displayed automatically when you log off the ePO server.
  • Upload an updated rule script file to an existing rule script. This will significantly reduce the number of clicks compared to the previous process of deleting, re-creating and re-assigning rule scripts to Workstyles.
  • Download a previously uploaded settings.JSON file for any Rule Script added to a policy.
  • Added the menu item to disable and enable Windows On-Demand application rules. You can pause rule processing in your production environment if you want to change the rule properties and then test those changes.
  • In Messages, added drag-and-drop facility to easily change the order of the User Reason drop-down.
  • In Policy Editor Messages, can now rename Windows and Mac Message Name and Message Description after the message has been created.
  • Added the Policy Assistant feature (beta versions). Use the Policy Assistant to learn more about your policy configuration. The assistant detects if there are errors in configuration and provides remediation details. The Policy Assistant is located in the Utilities section of the Policy Editor.
  • Copy Windows and Mac Messages and Application Groups within a policy and from one policy to another.
  • Improved the usability of navigating Workstyles by reducing the number of menu items and consolidating related configuration areas into individual selectable tabs:
    • Rules tab: Access the Application Rules, On-Demand Rules, Content Rules, and General Rules.
    • Enhanced Security tab: Access the TAP and Microsoft block rules.
    • Filters tab: Access the Account and Computer filters, and WMI queries.

Issues Resolved:

  • Resolved an issue with the Identity Provider Settings Authority URI textbox artificially truncating values at 100 characters. The textbox character limit has been increased to 200.
  • Resolved an issue to ensure Windows Store Pkg Name matching criteria no longer resets to default on save of a Windows Store Package application type.
  • Resolved an issue with the Save button not activating when changing filter properties, specifically deleting a filter or using the Set As Not Equal property. Applies to all filters: Windows and macOS account and computer filters, and WMI filters.
  • Resolved an issue in macOS workstyles that was not allowing numeric account and group names. The macOS workstyle filters and Messages (Designated Users messages) now permit numeric naming conventions.
  • Resolved an issue with viewing Windows and macOS Messages > Designated User/Groups information when viewing the policy in read-only mode. In read-only mode, you can now select the View Designated Users/Groups link to see the AD accounts the messages apply to.
  • Fixed issue with policies that have approval flow configured can be saved/sent for approval. An updated extension needed.
  • Resolved an issue with the Reporting cache not clearing after updating the database configuration.
  • Resolved an issue so any previously stored PMR configuration settings are stored after upgrading.
  • Resolved an issue with Policy Editor not logging out of ePO after running a command (for example, opening or saving a policy).
  • Resolved an issue with the session no longer timing out when editing policy.
  • Fixed issue with the Paste button so the tooltip no longer appears on hover after the button is activated.
  • Resolved an issue with breadcrumbs not displayed correctly when editing and adding a Content definition for a Content Group.
  • Added a scrollbar when configuring Manage Images in macOS Messages.
  • Resolved an issue with body text wrapping in URM Message Previews.
  • Added a scrollbar to the Multi-String input field in Advanced Agent Settings. Now you can scroll to see all the menu items available.
  • Resolved an issue with adding a wildcard value (*) for CLSID application matching criteria.
  • Added validation for the mandatory Name field in Advanced Agent Settings. Now, when the field is blank you are prompted with appropriate messaging.
  • Resolved an issue with the Reference Hyperlink in macOS messages not correctly displaying in the Message Preview.
  • Added validation for required fields (Header and Body options) in ActiveX configuration. Now, when the fields are blank, you are prompted with appropriate messaging.
  • Fixed issue so the Policy Save button is now enabled when a configuration (i.e. a Workstyle, Application Rule, Application) has been updated to Enabled or Disabled.

Known Issues:

None.

EPM Components

  • BT ePO extension 23.10.12
  • BeyondTrust Privilege Management App 24.2.14
    • Web Policy Editor 24.2.392
    • PMR UI: 24.2.112
    • Event Collector 24.2.16
  • PM Reporting Database 23.9.13

Compatibility

Supported Versions

  • Endpoint Privilege Management Windows Client 23.9 (recommended), 21.2 (minimum)
  • Endpoint Privilege Management Mac Client 23.9 (recommended), 21.2 (minimum)
  • Endpoint Privilege Management Reporting 24.2.112 (recommended), 21.2 (minimum)
  • The following browsers are compatible with the ePO extension:
    • Safari v10 and higher
    • Chrome (latest version)
    • Firefox (latest version)