BeyondTrust Remote Support 24.1 Available Features

For more information on platform support, please see the Features Compatibility guide.

Features for Support Representatives

Multi-Platform Support

Platform Customer Representative
Windows

Windows 7 SP1
Windows 10 (21H2 and 22H2)
Windows 11 (22H2 and 23H2)
Windows Server 2016 - 2022

ARM-based Windows systems


Windows 10 (21H2 and 22H2)
Windows 11 (22H2 and 23H2)
Windows Server 2016 - 2022
ARM-based Windows systems

macOS

macOS 10.15
macOS 11 (Big Sur) x86 and xApple
macOS 12 (Monterey) x86 and xApple
macOS 13 (Ventura) x86 and xApple

macOS 14 (Sonoma) x86 and xApple

Remote Support clients for macOS can run natively on Apple silicon without relying on Rosetta 2.

macOS 10.15
macOS 11 (Big Sur) x86 and xApple
macOS 12 (Monterey) x86 and xApple
macOS 13 (Ventura) x86 and xApple

macOS 14 (Sonoma) x86 and xApple

Linux

Debian 11 and 12

Fedora 38-39
RHEL 8.8 and 8.9
RHEL 9.2 and 9.3
Ubuntu 20.04 and 22.04 LTS

Amazon Linux 2 (AL2) and 2023 (AL2023)

Chrome OS Devices Chrome OS 56 + Support systems through the web rep console.
Mobile Devices Apple iOS 13.x - 16.x (iPhone, iPad, iPod) Apple iOS 14.x - 16.x (iPhone, iPad, iPod)
Android 7 - 12 Android 7 -12
Virtual Desktop Environments Citrix XenDesktop 7
VMWare Horizon View8
Citrix XenApp 6.5 (Windows Server 2008 R2)
Nutanix
Citrix XenDesktop 7
VMWare Horizon View 8
Citrix XenApp 6.5 (Windows Server 2008 R2)
RS Virtual Appliances vSphere 6.7 - 7.0
AWS - AMI Sharing
Azure
Attended Systems Laptops, Desktops, Mobile Devices
Unattended Systems Laptops, Desktops, Servers, ATMs, Kiosks, POS Systems, Android, Raspberry Pi, etc.
Network Devices Routers, Switches and Devices via SSH/Telnet
Multi-Language Support View BeyondTrust applications and interfaces in English, German, Latin American Spanish, EU Spanish, Finnish, EU French, Italian, Dutch, Polish, Brazilian Portuguese, EU Portuguese, Swedish, Turkish, Japanese, Simplified Chinese, Traditional Chinese, and Russian. BeyondTrust supports international character sets.

Support Toolset

Use advanced troubleshooting tools to interact with remote systems.

Feature Name Description
3D Touch for iOS The BeyondTrust mobile representative console uses iOS 3D Touch Support capabilities offered by the 6s and 6s Plus devices to start sessions faster and more efficiently.

Android Support Client

The Android Support Client has been updated to support view and control on Android-based devices. This feature has been enhanced to allow chat notifications during the session with the end user when the app is in the background.
Annotations While screen sharing, use annotation tools to draw on the remote user's screen. Drawing tools, including a free-form pen and scalable shapes, can aid in training remote users. The Annotations tool is also available during presentations.
Application Sharing Allow customers to restrict screen sharing to specific applications.
Support Button Deploy a Get support button on remote computers and mobile devices. Centrally manage and report on all deployed Support Buttons.
BeyondTrust InSight

During a support session, an iOS or Android customer can stream live video to the representative from their mobile device using BeyondTrust InSight. Sharing remote, live camera footage while an issue is taking place provides the representative with an additional way to assist the customer in finding a resolution to their problem. While viewing the footage, the representative can make video annotations, freezing the frame and allowing the customer to view the camera annotation and take any necessary action while camera sharing.

Canned Scripts

Use pre-written scripts from either the Command Shell interface or the Screen Sharing interface, increasing session effectiveness.

Command Shell Directly access the command shell for system diagnostics, network troubleshooting, or low-bandwidth support, without screen sharing.

Command Shell Display Settings

Command shell settings allow for changing the font, color, and size of the displayed text within the representative console. We have also improved support for Unicode characters within a Command shell.
Console Usability Updates Several enhancements were made to the representative console to improve usability, such as remembering the last security provider used for login, remembering column layouts, and showing the last time an endpoint was rebooted.

Credential Store Search

Users can now search the credential list when injecting credentials into a remote system from within the representative console. As users begin typing a desired account name, the new search functionality filters and presents matching credentials.
Custom Links From within a session, click a button to open your browser to an associated CRM record or help desk ticket.
Custom Special Actions Create representative console special action shortcuts for tasks specific to your environment, streamlining the effort for your team to complete repetitive tasks.
Customer Chat Sounds Chat sounds are now always-on for your end users. Previously, a nudge that shakes the customer’s screen may have been required to get the attention of your end user if they didn’t notice the highlighted chat window. Now, they will always hear a chat sound when the Representative sends a chat message. This new feature is also helpful for organizations that need to comply with ADA (Americans with Disabilities Act) requirements.
Customizable Rep Notifications Granular configuration of which events trigger alerts in the representative console and upload custom audio files.

Dark Mode

Users can select dark mode settings in the desktop console, letting those who prefer to avoid bright screens and reduce eye strain enjoy the updated colors and icons optimized for this theme.
Elevate Customer Client Elevate the customer client to have administrative rights. Special actions can be run in the current user context or in system context.
Embedded Support Button Embed a Support Button within applications deployed throughout your enterprise, giving your customers direct, streamlined access to remote support sessions.

Face ID for iOS

Log in to the mobile representative console using iOS's Face ID capabilities.
Favorite Credentials Used for Injection For users with the Credential Injection feature enabled, the representative console now displays the most likely credential needed for credential injection, based on usage history and account permissions. The recommended credentials will appear at the top of the credential dropdown list, enabling users to get into sessions and elevate permissions faster.
File Transfer Transfer files to and from the remote file system.
iCloud Access for Mobile Apps

During a support session, an iOS customer can share files from the iCloud Drive or any other document storage provider available from their mobile device.

iOS Representative Console

The iOS representative console has undergone a refresh and has improved appearance and functionality.

ITSM Workflow

It is possible to require a ticket as part of a session start, rather than letting the session create the ticket ID once it is sent to an ITSM.

Lossless Video

Remote Support has added the ability to select lossless video as a new option to the other existing video selections. This enhances the remote experience and allows for a true remote view experience for customers needing full details.
Mobile Device Management (MDM) Support for iOS Customer Client The iOS customer client has been improved for deployment through Mobile Device Management solutions, such as Microsoft Intune. The Remote Support site URL can be preconfigured when deployed through a MDM. Representatives no longer need to type the URL when support is needed. In addition, the Remote Support site URL can be set as read-only so that your representatives can only connect to your B Series Appliance.

Mobile Device Management (MDM) Support for the Android Representative Console

The Android representative console has been improved for deployment through Mobile Device Management solutions, such as Microsoft Intune. The Remote Support site URL can be preconfigured when deployed through a MDM. Representatives no longer need to type the URL when access is required. In addition, the Remote Support site URL can be set as read-only so that representatives can only connect to your B Series Appliance.
RDP Multi-Monitor Support View multiple monitors on the remote desktop.

RDP and Shell Jump File Transfer Speed Enhancements

The file transfer speeds of RDP and Shell Jump sessions have been increased, reducing the time necessary to complete system administration and increasing the utilization of available bandwidth.

Microsoft Teams Remote Session Initiation

The Microsoft Teams integration can generate a session invitation link to allow representatives a fast and simple way to initiate a secure screen share from within a Teams chat session.

Microsoft Teams Bot ServiceNow Virtual Agent Integration

End-users can first interact with the Remote Support's Microsoft Teams Bot and chat with the ServiceNow Virtual Agent. And when the knowledge base responses are exhausted, they can effortlessly switch to a representative, all while preserving the chat history for a contextual conversation.
Multi-Session Support Run multiple simultaneous support sessions.
Peer-to-Peer Sessions Establish a direct connection between a support representative and an end-user, enhancing the performance of screen sharing, file transfer, and remote shell.
Public Portal Authentication You can require authentication for users accessing the public portal online. By using SAML (Security Assertion Markup Language), an open standard for exchanging authentication and authorization data between parties, representatives are able to gather information about users requesting support, such as their name, login name, and a recognizable email before starting a session. This not only eliminates the inconvenience of the user having to provide these details when the session starts, but it also gives representatives confidence in the identity of the person for whom they are providing support. By validating authentication, users and admins are able to gather additional data to satisfy internal and external compliance requirements.

Assign Public Portals to Support Teams

You can restrict which internal or external facing web portals or public facing web sites are used by a support team. This functionality creates more granular control and dynamic possibility on how a team interacts with the sites.
Reboot/Auto-Reconnect1 Reboot and automatically reconnect to the remote computer. The end-user can specify login credentials.
Remote Registry Editor Access and edit the remote Windows registry without requiring screen sharing.
Remote Screenshot Capture a screenshot of the remote system.
Representative Console Support remote computers, systems, and mobile devices through an interface designed specifically for support professionals and equipped with troubleshooting tools.
Restrict End-User Interaction2 Disable the end-user's mouse and keyboard input to avoid customer interference. Account permissions determine whether the customer can or cannot see the screen while you are working.

Session End Behavior - Session Policy

Session End Behavior, formerly a Global Setting, has been moved to Session Policies. This move allows for greater flexibility and an improved user experience for Session End Behavior within Secure Remote Access.
Session Notes Enter notes about support interactions. Session notes are accessible to collaborating representatives and appear in session reports.

Smart Card Support

In a support session, use authentication credentials contained on a smart card that physically resides on the representative's system. This feature has been enhanced to support Extended APDU.
SMS Session Start Send a session key via SMS to begin a remote support session with a mobile device.
Special Actions Access common actions such as Registry Editor, Event Viewer, System Restore, etc. Perform actions in User or System context.
Streamlined iOS Screen Sharing It is now easier than ever to start iOS screen sharing sessions with your end users. A new streamlined workflow is available for screen sharing using the updated iOS Customer Client for iOS 12.

System Elevation for Existing Agents

On-demand sessions started through the public portal can now leverage an existing elevated Jump Client, avoiding the need for downloading a support client and providing credentials or approval to elevate the client.
System Generated Email Invites

Leverage the powerful BeyondTrustsupport session invitation email feature by sending email either through the representative's local email account or directly from a central email address. Even representatives without email access or representatives with enterprise email policy restrictions can send session emails.

System Information

View in-depth system information in an easily navigable interface. Interact with services and processes and uninstall software without requiring screen sharing.

Touch ID for iOS Log in to the mobile representative console using iOS's Touch ID capabilities.
View or Control View or control remote computers, servers and mobile devices.
Virtual Pointer Display a pointer on the customer's screen, even in view-only mode.
Wake-on-LAN Remotely support computers, even when they are turned off. Send Wake-on-LAN packets to a Jump Client host to turn on that computer, if the capability is enabled on the computer and its network.

Web and Login Console UI Updates

To improve the user experience within Secure Remote Access, the /login and /console interfaces have been redesigned and updated. These changes align the look and feel of the UI with other products in the BeyondTrust portfolio.

Web Rep Console Authentication Improvements

The web rep console's authentication is separate from the /login interface. This enhancement also prevents users from being logged out of /login while using the /console interface.
Web Rep Console

Support remote systems through a web-based representative console. The web rep console removes the requirement of having to download and install the BeyondTrust representative console client, enabling quicker access.

Web Rep Console – Dark Mode

Dark mode has been extended to the web rep console, allowing those who prefer it to enjoy the updated colors while avoiding bright screens and reducing eye strain.

Web Rep Console – RDP File Transfer

Users can send and receive files in RDP sessions from the web rep console. This functionality was previously limited to the desktop representative console.

Web Rep Console – Rep Invite

Users can invite external users or vendors into their existing session for collaboration from the web rep console. This functionality was previously limited to the desktop representative console.

Web Rep Console – Screenshots

Users can perform remote screen capture during screensharing in the web rep console. This functionality was previously limited to the desktop representative console.

Web Rep Console – System Information

System Information is now available for sessions within the web rep console. This functionality was previously limited to the desktop representative console.

Web Rep Console Translations

The web rep console is now translated into all languages supported by the rest of the product.
Windows 10 Privacy Screen Privacy Screen helps prevent data leak by blanking the physical screen for endpoints that may have a monitor attached. Privacy screen support during a BeyondTrust session has been extended to Windows 10 endpoints. Privacy Screen supports Windows 10 20H1+ including Windows 11, without the need for a secondary driver.

Collaboration

Work with other representatives and experts to resolve support cases.

Feature Name Description
Access Sponsor Request a sponsor to elevate your permissions on the remote system by joining the session to enter credentials on your behalf.
Equilibrium Receive support session assignments based on comparative idle time and session load. Prioritize session routing automatically based on the areas of expertise covered by your representatives. By matching an issue to a skill set, you can prioritize the routing of support sessions to the best equipped representatives instead of merely the next available representative.
Extended Availability Representatives can be in notification mode. If invited to share a session, you will receive an email notification.

HTTP Outbound Event Status

Administrators can view the latest status of existing HTTP outbound recipients and have visibility into the number of events queued for each configured recipient.
Intelligent Collaboration

Resolve issues more effectively by quickly engaging support collaboration with additional representatives based upon both their skill-sets and their availability.

Microsoft Teams Integration

New functionality allows companies to extend their support capabilities within Microsoft Teams. Administrators can now deploy a custom BeyondTrust Remote Support for their organization that enables users to chat with support representatives directly from Microsoft Teams.

Outbound Event to include "Team Chat" API

Administrators can configure the Team Chat functionality to use outbound events to groups like Microsoft Teams chats. Events can be sent to tools capable of receiving messages, therefore improving communication.
Queues Accept support requests from team queues. Your personal queue contains both your active and pending sessions.
Rep Invite Invite anyone, or multiple representatives, internal or external, into a shared session with one-time, limited access.
Rep-to-Rep Screen Sharing Collaborate with other representatives by instantly sharing your screen with a team member.
Session Sharing & Transfer Collaborate with other representatives by sharing a session, or transfer a session to another representative or team.

Session Queue Enhancements

The session queue screen has been updated to add color and icons for visibility improvements.
Support Teams Collaborate with other representatives who share similar skill sets or areas of expertise. Based on issue type or severity, a support request may be routed to a team specialized to handle such problems.

Jump Technology

Access unattended remote desktops, servers, and other systems.

Feature Name Description

Atlas – Jump Client Traffic Node Connectivity

Customers using the Atlas configuration have new functionality that permits Jumps Clients to route through an Atlas traffic node, enabling greater scalability and geospecific connections.

Headless Linux Jump Client & Jumpoint Persistence

The headless Linux Jump Client and Linux Jumpoint now include an optional system template file to enable easier system service creation on various Linux distributions.
Intel® vPro Gain in-depth control of remote systems, using Intel® vPro features such as BIOS access, IDE-R, remote KVM, and remote power options.

Jump Item Reporting

Administrators can leverage a new report type specific to the administration and configuration of Jump Items. For example, reports can be run for historical Jump Item events, such as creation, deletion, copy, move, etc.

Jump Client

Access any Windows, Mac, or Linux system. Centrally manage and report on all deployed Jump Clients. Start Jump Clients minimized or visible in task bar only.

Jump Client Headless Support for Raspberry Pi OS

Enables Raspberry Pi secure access to allow privileged users to connect to more types of unattended systems, perform administrative actions, and secure who has access to manage these devices. May work on any Raspberry Pi device that runs Raspberry Pi OS, but only certified against Pi 3B+ and Pi 4B.

Supported Operating Systems:

  • Raspberry Pi OS Desktop (2020-08-20-raspios-buster-armhf)
  • Raspberry Pi OS Lite (2020-08-20-raspios-buster-armhf-lite)

Jump Client Upgrade Flexibility

Administrators can control when their Jump Clients upgrade after upgrading their site to a newer version. Administrators can also test the upgrades of a few endpoints before rolling out the new version to the rest of their environment.

Copy Jump Items

You can copy Jump Items and assign them to multiple Jump Groups. This allows setting separate policies and group permissions without requiring additional client installations on the endpoint. Users with appropriate permissions can right-click individual or multiple Jump Items to copy them.

Copy Jump Item API

New Configuration APIs have been added related to the Copy Jump Item functionality.
Scripted Jump Automatically initiate a remote support session from an external program by launching a Jump Client on a remote computer.

Group Policy/Jump Group Search

The Group Policy and Jump Group lists in /login provide a search field to make it easier to find the item you're looking for.

Jumpoint

Access unattended Windows and Linux systems on a network, with no pre-installed client. Connect through proxy servers by storing credentials.
Jumpoint Clustering Cluster Jumpoints to provide redundancy and load-balancing.
Jump Shortcuts (Desktop and Mobile)

Use Jump shortcuts for Local and Remote Jump, Shell Jump, RDP, VNC, and vPro to quickly access Jumpoints from the desktop or mobile version of the representative console.

In the mobile representative console, Jump Shortcuts are available only for Remote Jump, Shell Jump, VNC, and RDP.

Jump Zone Proxy Use a Jumpoint as a proxy to access systems on a remote network that do not have a native internet connection.

Linux Jumpoint - Proxy

The Linux Jumpoint now includes proxy support. This functionality is no longer limited to Windows Jumpoints.

Linux Jumpoint – VNC support

The Linux Jumpoint supports VNC Jump Shortcuts. Previously, this functionality was available only with the Windows Jumpoint.
Microsoft Remote Desktop Protocol (RDP) Integration Conduct remote desktop protocol (RDP) sessions through BeyondTrust, with no configuration of endpoints required. Representatives can collaborate in sessions, and sessions can be automatically audited and recorded.
Most Recently Used Jump Items Most Recently Used Jump Items provides an easy way to find your most frequently accessed Jump Items which saves time by not having to search for frequently accessed endpoints.

Session Policies for All Jump Items

Administrators can now assign session policies to all Jump Items, enabling additional granularity for Jump Item policies.
Shell Jump Connect to SSH/telnet-enabled network devices through a deployed Jumpoint.
VNC Integration Connect to VNC servers through BeyondTrust. Users can collaborate in sessions, and sessions can be automatically audited and recorded.

Chat and Messaging

Use advanced troubleshooting tools to interact with remote systems.

Feature Name Description

Chat Bot

A set of APIs is available to handle inbound chat handoff and chat history from a bot. These APIs allow for an integration between the solutions so that end user experience can transition easily from one solution to another without needing to re-explain their issue.

Chat Bot Rep Elevation Request

The chat bot API supports session elevation. It improves bot-to-representative hand-off for faster support and provides more granular options for session initiation. There is a new outbound event to let the chat bot know when the customer has transitioned to the full client, so that it knows when it can end its interaction with the customer.

Click-to-Chat

Start support sessions with web-based chat, requiring no customer download. Sessions can be elevated if deeper support is needed. With the click of a button on the user’s site, customers can immediately connect with their IT or customer service team. This feature has been enhanced to allow for Click-to-Chat session start instead of starting the full client to maintain chat.

Chrome Browser Sharing

We have added the ability to allow for view-only screen sharing through click-to-chat sessions without a client download. This not only allows for greater support on the Chromebook but also applies to all Chrome browser click-to-chat sessions, which gives a better support experience and increased support. This feature helps with the transition of not needing to download a client for basic co-browse use cases.
Customer Client Chat with customers during both support and training sessions.
Canned Messages Access a library of chat responses to common questions.
Nudge Customer Client Send audible and visual alerts through the customer client when end-user interaction is needed.
Real-Time Chat Translations

Integrate with your GeoFluent account to have chat messages between a customer and a representative translated in real time.

Rep Avatar Display a representative photo in the customer client during a session, as well as in the /login interface.

Session Chat Translation Selection

If you have enabled the Real-Time Chat Translation integration from GeoFluent, or use Amazon Web Services, you can now choose to enable the Display Session Chat Language Dropdown setting on your public sites. This allows your public portal users to select their preferred chat language from a list of Amazon Translate languages or your supported GeoFluent languages before starting a support session.
Spell Check Catch misspellings and view suggested corrections.
URL/File Push Push a URL through the chat interface to launch a browser on the remote computer. Pushing a file through the chat interface prompts the customer to accept the download.
Team Chat Chat with all representatives on a team or with an individual.

Features for Support Managers

Support Portal

Define and automate customer interaction.

Feature Name Description
Administrative Interface (/login) Redesign and Update The /login UI has been re-branded and redesigned to improve user experience. In an effort to streamline user workflow, changes in visual elements, layouts, and basic functionality contribute to a lighter, faster, and easier to use interface. The new design also allows for a more direct path to the most used features.
Agreements/Messages Customize messages for each portal. Options include: Customer Legal Agreement, Customer Greeting, On Hold Message, Orphaned Session Message, and Redirect URL.
Support Button Customize BeyondTrust’s single-click "Get support" icon.
Click-to-Chat Brand BeyondTrust's no-download, web-based chat option.
Connection Options Define how sessions begin for each portal: Representative List, Presentation List, Session Keys, Issue Submission, Click-to-Chat.
Customer Client Customize the branding and behavior of the BeyondTrust customer client, which is used by customers in remote sessions.
Custom Issue Submission From /login, create custom issue submissions to include in the issue submission form on your public portal.
Custom Watermark

Customize the in-session watermark using any image you like to personalize the support experience and to increase your customers' trust in the support you provide.

Exit Surveys Monitor customer satisfaction, and require representative comments on support sessions.
HTML Template Edit the HTML of the public site, uploading linked files to the file store.
Apple iOS Configuration Profiles Offer public or private, administrator-configured profiles to Apple iOS device users.
Customer Downloads Provide links for the customer to download the chat transcript and a video of the screen sharing session.
Customer Notices Post important notifications to the top of your support portal, additionally pushing these messages to all active customer clients.
Embedded Support Button

Embed a Support Button within applications deployed throughout your enterprise, giving your customers direct, streamlined access to remote support sessions.

Feedback to Customers in Queue Provide real-time status updates to waiting customers, informing them of their position in queue and the estimated wait time.
Multi-Language Support View BeyondTrust applications and interfaces in English, German, Latin American Spanish, EU Spanish, Finnish, EU French, Italian, Dutch, Polish, Brazilian Portuguese, EU Portuguese, Swedish, Turkish, Japanese, Simplified Chinese, Traditional Chinese, and Russian. BeyondTrust supports international character sets.
Post-Session Redirect Define a URL to automatically open when a customer exits a session.

Search Functionality in /login

Users can search for specific sections and settings throughout the administrative interface. This new functionality allows easier discovery and access to various information and configuration that would have previously been more difficult to find. This functionality is available everywhere in the /login interface.
Support Workflow

Use the representative survey to create detailed workflows, allowing representatives to complete the survey and follow up on steps provided by the administrator while the session is live.

User Management

Centrally manage users and groups.

Feature Name Description
Access Sponsor Allow a lower tier representative to gain elevated privileges by requesting a sponsor to join the session to enter credentials on their behalf.
Administrative Dashboard Oversee team support activity, monitor representatives' sessions or desktops, and join, take over, or transfer sessions owned by someone else. See which team members are available to take sessions, are idle, are busy, or have session assignment disabled.
API Accounts Granularly define the accounts used for API access to the specific roles they serve. OAuth 2.0 is used for authenticating API accounts.

Configurable Login Banner

Configure a banner to display before users can log in to either the /login interface or the /appliance interface. If the banner is enabled, then users attempting to access either /login or /appliance must agree to the rules and restrictions you specify before being allowed to log in.

This feature has been enhanced. The Login Agreement can now be presented as part of the representative console as a granular setting. Administrators can choose where this agreement is displayed, and the same message is presented when launching the representative console or accessing the web administration interface.

Delegated Password Administration Delegate the task of resetting local users' passwords to privileged users, without also granting full administrator permissions.
Group Policies Define BeyondTrust user account permissions for entire groups of users. Group policies integrate easily with external directory stores to assign permissions based on your existing structures.

FIDO2 Login

Support and manage login to the administrative interface and consoles using registered passwordless authenticators.
Inactive Session Timeout Remove an idle representative from a support session after a specified time of inactivity.
License Monitoring Receive email alerts on license usage and run reports on peak license utilization.
License Pools

License pools provide expanded flexibility to license management. Configure pools to reflect the structure of your support organization and ensure that each pool has the exact licenses to which it is entitled.

Message Broadcast Send a pop-up message to all users logged into the representative console.
Multi-Factor Authentication

Gain the security of multi-factor authentication for your local and LDAP user accounts by enabling time-based, one-time passwords. When logging into BeyondTrust, users must provide a one-time password generated by a separate device or app.

Multiple /appliance User Accounts

Create multiple user accounts for the /appliance interface. Set rules regarding account lockouts and password requirements.

Representative Console Device Verification Enforce the networks on which your representative consoles may be used, or require two factor authentication to log in to the representative console.
Rep Invite Create profiles so that representatives can invite anyone - internal or external - into a shared session with one-time, limited access.
Rep Login Schedule

Exert control over access to the representative console, restricting when representatives can be logged into the representative console.

Rep Status Codes

Remote Support Teams can now create rep status codes for their team to use when doing projects or during sessions to better service their success metrics. These rep status codes are customizable to the teams' needs and allow for integration to other tools using the Command API. Managers can now obtain better visualization of their workload and staffing needs by utilizing custom codes beyond out-of-the box selections like Busy or Away.

Rep Team Chat History

Representative console team chat history is now preserved. Representatives can pick up on the conversations between other team members, or leave and return the console without having to worry about missing key portions of the chat. The administrator can configure the maximum time that this information is replayed in the representative console.
Restrict Rep Access to Customer Client To strengthen security, prevent representatives from interacting with the customer client while screen sharing.
Separate Display Names for Reps Protect representatives' privacy by allowing them to set two display names — one for internal use and one for external use.
Session Permission Policies Customize support session security permissions to fit specific support scenarios, not just specific representatives. You can change the permissions allowed in a support session based on the support portal the customer came through or even the specific endpoint being supported. Session permission policies provide flexibility in building the security model for each specific support scenario.
Support Teams Create support teams based on skill set or experience level.
Team Collaboration Define how multiple teams may interact.
Templates Copy an existing security provider, session policy, or group policy to create a new object with similar settings. You also can export a session policy or group policy and import those permissions into a policy on another site.
User Accounts Create an unlimited number of named rep accounts.
User Account Details Reporting Export account information about your representatives for auditing purposes.
User Account - Group Policy Association This association can now be done while creating the local user account.
User Collaboration Define support session sharing and transfer options.

Routing Automation

Automate routing of support requests, and balance support load.

Feature Name Description
Automatic Session Distribution Quickly and effectively route support sessions to the most appropriately skilled representative.
Equilibrium Receive support session assignments based on comparative idle time and session load. Prioritize session routing automatically based on the areas of expertise covered by your representatives. Alert representatives of sessions with high wait times or route overdue sessions to overflow queues.
Intelligent Collaboration

Resolve issues more effectively by quickly engaging support collaboration with additional representatives based upon both their skill-sets and their availability.

Issue Submission

Implement issue submission on your public site to direct support requests to the team designated to handle the selected issue. Issue submission can include mandatory fields, to ensure representatives get all required information.
Persistent Queue Allow queues to be available for customer sessions to start even when no representatives are available. This provides additional flexibility for custom session routing management.
Queues Assign issues to support teams so that customers facing a particular type of problem will be routed to the correct team queue.

Support Toolset

Equip your support representatives on a user, team, or site basis.

Feature Name Description
Canned Messages Store responses to common questions to help representatives be more efficient and consistent while chatting with customers.
Canned Scripts and Custom Special Actions Create command shell scripts and custom special actions for representatives to run during sessions, increasing efficiency by automating common processes.
Centralized Representative Console Settings Define the representative console settings for your entire help desk. Enforce settings to ensure a consistent support experience.
Jump Technology

Create Jump Item Roles to easily assign distinct sets of Jump Item permissions to users.

Collect Jump Items into Jump Groups, granting members varying levels of access to those items.
Set expiration dates for Jumpoints.
Create Jump Policies to enforce when Jump Items can be accessed.
Jump Clients unable to connect to the B Series Appliance are automatically marked as lost, allowing an administrator to diagnose the reason for the lost connection. Both the lost date and the date at which a Jump Item is deleted can be configured.

After a software update, Jump Clients update automatically. Representatives can see which Jump Clients have completed upgrade and can access them right away. While a Jump Client is awaiting upgrade, representatives can still modify properties without having to wait for the upgrade to complete.

   
Post Session Lock Set the customer client to automatically lock or log out the remote Windows computer when an elevated support session ends.
Representative Permissions Restrict or enable toolset components (ex., View or Control, File Transfer, System Information, Reboot, etc.)

Reports

Report on all session activity; customize, filter, and export reports.

Feature Name Description
Jump Group Details added to Reports Jump Group details are now part of session reports in the Reporting sections of Remote Support. Now admins and Support Team leaders have the ability to gather additional data to satisfy internal and external compliance requirements.
Reporting Permissions Manage each user’s reporting privileges.

Reporting Permissions by Jump Group

Jump groups contain specific endpoints a user or group can access, as well as the specific methods to access the endpoints with associated policies for those sessions. Jump Group Reporting enables users to view access sessions associated with this grouping by selecting it as a filter.

Report Sort Order Changed

Items listed on the Reporting pages are ordered from newest to oldest.
Support Session Reports View details of each support session, including a complete chat transcript, permissions requested, and files transferred.
Session Recording Videos Record annotated videos of support sessions, show my screen sessions, command shell sessions, and presentations.
Support Summary Reports See an overview of support activity over time, categorized by representative, team, or public site.
Exit Survey Reports Monitor customer and representative surveys.

Team Reports

View details of activity within a team, including login and logout times, team chats, and files shared. Can be filtered by representatives.
License Usage Reports Run reports to view peak usage of BeyondTrust licenses.

GDPR Pseudonymization Support

Allow your organization to meet its GDPR initiatives with pseudonymization support in BeyondTrust. BeyondTrust administrators can respond to Right to Erasure requests by searching for specific criteria supplied by the requester. Once reviewed, the results can be anonymized with an automatically generated term or a custom replacement.

Session Anonymization Improvement

Administrators using the anonymization functionality can run additional anonymization jobs on the same session reports in case a detail was missed in the initial effort. This helps administrators honor a user's right to erasure requests more quickly.

Syslog Access in Reports

Users can download the available syslog files directly from the /login interface. To download the syslog files, the user must have the new permission Allowed to View Syslog Reports. This setting is available in both the User and Group Policy pages of the /login interface.

Features for System Administrators

Mass Deployment

Install BeyondTrust applications on multiple systems simultaneously.

Feature Name Description
Extractable Representative Console and Jump Clients Download a mass-deployable representative console and Jump Clients installer to distribute to representatives and systems prior to or in parallel with upgrading the B Series Appliance.

Mass Deployment Installers

  • Create mass deployable installer packages for representative consoles and Jump Clients (Windows and Mac).
  • Create MSI packages for Session Recording Viewers and Support Buttons (Windows only).
  • Create generic installers not tied to a specific jump client, allowing easy use of automated or ephemeral deployments.
  • Installation failures on Linux systems due to missing libraries include a list of the missing libraries.
  • Define which Jump Clients can be access by multiple users from different Jump Groups.

Mass Import of Jump Shortcuts

Import and configure large numbers of Jump shortcuts.

Identity Management

Define BeyondTrust accounts using existing data on directory servers.

Feature Name Description

Vault Account Rotation Azure AD Domain Services

Administrators can now leverage the Vault functionality to rotate account credentials managed by Azure Active Directory Domain Services. This new functionality is an addition to the existing ability to discover credentials managed by Azure AD Domain Services.

AWS Encryption key support (Cloud)

AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules. The vault encryption key can be stored in AWS.
LDAP/Active Directory Use LDAP/Active Directory to manage BeyondTrust users.
RADIUS [Multifactor] Use RADIUS for two factor authentication.
Kerberos [Single Sign-on] Use Kerberos for single sign-on.

SAML [Single Sign-on]

Use SAML with an Identity Provider to authenticate BeyondTrust users. SAML authentication works with desktop, Android, and iOS. By using SAML, representatives can log directly into /console from a SAML IdP. Admins have the ability to set what the behavior is for either launching the /login or the /console interfaces after using an IdP.

SAML Security Provider API

The Configuration API has been extended to enable updates to the available group names within a SAML Provider. This facilitates automating the onboarding of new user groups.

Authentication Option for /Appliance

By using SAML, administrators can log directly into /appliance from a SAML IdP. Previously, we only had local authentication for /appliance. This enhancement gives users the ability to use non-local accounts to authenticate to the B Series Appliance interface to increase security and usability. Admins and users don’t have to remember or manage the local accounts so they can use more modern authentication methods.

External Endpoint Search – Password Safe Integration

Remote Support users can use this new integration to search for and remotely access Password Safe-Managed RDP and Shell Jump systems that are accessible with a Jumpoint.

Outbound Proxy Support

Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests. Proxy servers can provide a high level of privacy and security for the user’s network. You now have the ability to use a proxy to send outbound connections to a single destination instead of needing to open communication to other applications directly. This feature allows admins to control the data flow for the information they are sending off the B Series Appliance.

Password Safe Integration – External Jump Group – Multiple Jumpoints

The External Jump Groups integration with BeyondTrust Password Safe provides users with a simple workflow to extend access capabilities to systems managed by BeyondTrust Password Safe via RDP and SSH. Administrators can now define multiple Jumpoints for flexible access to managed systems within Password Safe. It also includes reporting enhancements related to credential injection events.
Password Managers

Use a password manager such as 1Password to log in to the iOS representative console.

TLS 1.3 Protocol

Transportation Layer Security protocol 1.3 is used to ensure secure communication between browsers and web servers. Symmetric cryptography is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret negotiated at the beginning of the session.

BeyondTrust Vault

Use the built-in BeyondTrust Vault credential manager to store and inject credentials into support sessions. Add privileged credentials to Vault manually, or try the built-in Discovery tool to automatically find and protect AD and local credentials.

The Vault feature has been enhanced to include a Vault Accounts tab in the Representative Console. The Vault Accounts section enables users to check in and out Vault accounts that the administrator has defined. This enables users to leverage Vault accounts for session activity or locally on their own device, improving user experience and productivity by enabling access to Jump Items and Vault accounts from one location.

Vault – Associate Credentials to Endpoint

Customers need a better way for local account and specific account to only be associated to that endpoint. To do that, you can add a credential to a discovered endpoint. This feature allows for a better experience when selecting a system to Jump(TM) to and have the needed credential at the top of the list.
Vault – Domain Filtering in Vault Discovery Users can traverse Organizational Units (OUs) within the targeted Active Directory Domain when using the Vault Discovery functionality. Vault Discovery allows administrators to discover credentials in the specified network. Administrators can then import credentials into Vault, enabling users to inject and use the discovered credentials within Remote Support sessions.

Jump Client Discovery & Rotation

Jump Clients can perform discovery and rotation of local credentials (Windows only). This functionality allows administrators to manage machines individually and set who has access to those machines without the need to set up a local or shared account on the remote system. This feature is to complement the use of Jumpoints in the network for domain-based rotation but also allow for more singular control over smaller groups of machines.

Vault – Account Policies

Vault account policies can be assigned to Vault accounts or Vault account groups, providing administrators with additional granularity regarding Vault account settings. Vault account policies can define whether the account is included in scheduled password rotation, the account’s maximum password age, automatic rotation after check-in, and whether the account is available for simultaneous checkout.

Vault – Auto Update Stale Data

New discovery jobs automatically detect and update stale read-only attributes on accounts or endpoints that have been onboarded into Vault.

Vault – Configurable Columns

Vault administrators can customize and configure the columns which are shown on the Vault Accounts page.

Vault – Configurable Password Length

Vault administrators can define the password length requirements for Windows local, domain, and Azure AD accounts currently managed by Vault. Administrators can define these requirements by navigating to the /login > Vault > Options page.

Vault – Jump Item Association

Administrators can limit the credentials available for injection in a Jump session by associating Vault accounts and Vault account groups with Jump Items. Associations can be direct or dynamic with the help of match criteria based on Jump Item properties.
Vault – Local User Account Automatic Rotation The Remote Support Vault has been enhanced to include automatic credential rotation. This helps to mitigate the potential for password re-use threats related to stolen credentials. Administrators can configure automatic rotation of local user account credentials in the Vault tab.
Vault – New User Permissions It is now possible to define which Vault users can inject credentials while in a session and which Vault users can view credentials when checked out in /login. Previously, these permissions were grouped together, but now administrators have more control when it comes to user permissions.

Vault – Personal Account Increase

The maximum limit of Personal Accounts per user increased from 25 to 50.

Vault – Search Discovery Results

The Vault Discovery Results page in /login provides a search field to make it easier to find the endpoint, account, or service you're looking for. The discovery results also include two additional endpoint columns: Distinguished Name and Operating System name.

Vault – Scheduled Discovery

The Vault administrator can define a preset day and time to automatically run Vault domain discovery jobs. This feature can provide continuous visibility for administrators regarding domain accounts, endpoints, and local accounts associated with discovery jobs. Accounts and endpoints found in the new discovery job can then be imported into Vault for management.

Vault – Scheduled Rotation

The Remote Support Vault has been enhanced to include a simple and efficient method to rotate user-selected groups of credentials or all Vault credentials at one time, making it simpler for our customers to manage large numbers of credentials with Vault and removing time-consuming individual manual rotation.

Vault Account Groups

Vault Administrators can organize Vault accounts into account groups, providing a better management experience for Vault admins. Admins can assign account groups to group policies, rather than only individual Vault accounts, and Vault accounts can be assigned to an account group during the import process.

Vault Personal Accounts

All Remote Support users can create private generic accounts in their own private Vault. This functionality allows users to manage their own Vault accounts privately for use during support sessions.

Vault Scalability

Vault can import, rotate, and manage up to 60,000 accounts.
Let's Encrypt Let's Encrypt is a service provided by the Internet Security Research Group (ISRG). It is a free, automated, and open cert bificate authority (CA). In /appliance, you can request and automatically renew SSL/TLS certificates used by your B Series Appliance. Let's Encrypt is configured in the SSL/TLS Configuration section in /appliance for on-premises deployments and the Appliance tab for Cloud deployments.

Backup and Redundancy

Monitor and back up the BeyondTrust Appliance B Series.

Feature Name Description
Automatic Installation of Critical Updates

Set up your BeyondTrust Appliance B Series to automatically install critical updates.

B Series Appliance Failover Define and automate redundancy and failover options.

BeyondTrust Appliance B Series Migration tool

Customers now have the ability to move configurations from one appliance to another from within the solution. This functionality can be set up under the new section called /login > Management > Software > Site Migration, and supports migrations from version 19.2.4 to current release.
Backup Integration Client Schedule automatic retrieval and storage of software backups.
BeyondTrust Atlas Cluster Technology Use one BeyondTrust site across multiple B Series Appliances to enhance responsiveness across wide geographic deployments.
Data at Rest Encryption

Choose to encrypt session data stored on your B Series Appliance. This feature is available on Cloud Appliances, RS Virtual Appliances, and physical B Series Appliance.

NIC Teaming

Combine your system's physical network interface controllers (NICs) into a single logical interface, adding an additional layer of fault tolerance for your B Series Appliance.

Integration

Integrate BeyondTrust with external systems.

Feature Name Description
API Integrate with external systems and set API permissions. Authenticate API accounts using OAuth 2.0.

Configuration APIs

This set of APIs enables Remote Support admins to automate and orchestrate administrative tasks within /login and the Representative Console. Specific methods exposed via an API enable a programmatic way to create, list, update, and delete certain configuration items in Remote Support. For example, Remote Support admins can use the API to create local user accounts, or delete Jump Clients that have been offline for a specified number of days. Other enabled use cases include tasks for managing Jump Groups, Jump Items, Vendor Groups and Users, Group Policies, Vault Accounts, Vault Account Groups, and Personal Vault Accounts.

The Group Policy Configuration APIs (GET, POST, and PATCH) have been enhanced to allow administrators to read and set the access permission settings.

The Configuration API documentation can be found under /login > Management > API Configuration.

App Switcher

If you have the BeyondTrust Identity Security Insights application, you can seamlessly switch between Remote Support and Identity Security Insights, and any other BeyondTrust applications, with a single click.
Custom Fields Create custom API fields to gather information about your customer, enabling you to more deeply integrate BeyondTrust into your support center. You can also make fields and their values visible in the representative console.
Custom Links Configure custom links to include a variable for a session's external key, pointing the URL to an associated CRM record or help desk ticket. A representative can access this link from within a session.
Embedded Remote App Support for Android and iOS Embed BeyondTrust remote support technology in your iOS and Android applications to support your mobile applications remotely.
Integration Client Transfer session logs, session recordings, and software backups from the B Series Appliance to an external system. Supported systems are Windows-based file systems and Microsoft SQL server. Schedule data transfers to take place automatically.

Microsoft Teams Integration v2

BeyondTrust is expanding on the current integration capabilities from Microsoft Teams. These updates include further customization of their instances within Teams, allowing branding, multiple teams support, and a custom greeting per team.
Real-Time Reporting API

Gain more efficient, comprehensive reporting through Real-time Dashboard and Representative Activity Reporting. Develop deep, real-time reporting to quickly analyze support center activity in your organization. Report on support representative activity regardless of whether they are in a support session or not, with metrics such as time available, busy, in concurrent sessions, etc.

SNMP Monitoring Monitor the B Series Appliance using Simple Network Management Protocol (SNMP).
Syslog Integration Send log messages to an external syslog server.

Additional Integration Options

Additional integration options are available to BeyondTrust customers, as well. Some integrations must be purchased separately from the BeyondTrust software. Contact BeyondTrust Sales for details.

Integration Option Requirements

Service Desk/Systems Management Integrations

Automate your integration of BeyondTrust with various service desk and systems management tools by requesting pre-packaged integration adapters, drastically reducing integration time.

BeyondTrust-Maintained Integrations
Autotask
BMC Remedy
BMC Remedyforce
Generic SIEM
Ivanti HEAT
Jira Cloud
Microfocus / HP Service Manager
Microsoft Dynamics 365
Salesforce
ServiceNow
Splunk
Delinea Secret Server
Zendesk

CRM/Ticketing Integration

Use the BeyondTrust API to create a simple integration between your CRM or ticketing system and BeyondTrust, allowing support reps to access a CRM record or help desk ticket directly from the BeyondTrustrepresentative console.

BeyondTrust API 1.18.0+

For a list of which API versions correspond with which BeyondTrust software versions, see www.beyondtrust.com/docs/remote-support/how-to/integrations/api/api-version-reference.htm

3rd Party Professional Integration Services

Because BeyondTrust’s API and Integration Client conform to industry protocols, it is possible for customers to contract with a third-party professional services provider to outsource integration needs.

Contact BeyondTrust Sales for References.

BeyondTrust Professional Services

Contract with BeyondTrust for custom integration needs.

Contact BeyondTrust Sales.