The following attributes are available in the Beyond Identity Policy Engine:
- Location-based - includes Continents and Countries and is based on the source IP Address of the authenticating device. Leverage these attributes to permit, restrict, or monitor location-based transactions.
- Egress IP Address Match Within Subnet - leverage this attribute to enforce or monitor that source IP addresses of both devices in an add device transaction are within a specific range of IP addresses of each other.
Impossible Travel - leverage this attribute if a single user performs two authentications from locations not reasonable to travel between. We leverage the latitude/longitude of an authentication and compare it to the subsequent authentication. If the distance exceeds the speed of air travel (500 m/h), we flag it as Travel. The attribute is an 'is it' or 'isn't it' fast travel attribute in that there is no ability to alter travel speed on the user's end. When flagging authentication for fast Travel, you can write the rules to monitor or allow/deny.
- Add device transaction events now include egress IP address information.
- Upon saving policies with a Crowdstrike integration attribute configured, the policy engine now validates the configuration of the Crowdstrike integration and connectivity to the Crowdstrike cloud.
New Windows Desktop Login installations using the MSI method no longer require a reboot. For previously installed versions, v2.76.0 or earlier, you can safely bypass the Windows reboot by executing the following msiexec command when upgrading to v2.77.0:
msiexec.exe [install_options] <path_to_package> /norestart
Future Windows Desktop Login software versions will not require the
msiexec /norestart option.
When a host [source] is accessing a Windows system [destination] through Microsoft Remote Desktop Protocol (RDP), the Windows Desktop Login will not allow enrollment on the destination machine. Disallowing enrollment from the RDP session ensures the security and integrity of the destination machine.