Major Upgrades To Device Management

We're back with another release, but this one is focused on all things devices! We also cover what's coming next at the end, so make sure to keep an eye out for our next releases :)

We’ve made some major upgrades for device management, including Device Groups, a Script Running PowerShell Package Manager, Maintenance Windows, Archiving of Stale Devices, Deletion of Duplicate Devices, AutoFix Support (and Organisation Exclusions), and Remote Desktop. This is a big release from us so please do skim through to find out how to try out these new features, and as always, keep the feedback coming!

We’ve also included step-by-step video guides to make things clearer for you – but don’t hesitate to reach out if you have any questions.

The main thing you’ll see here is that managing your estate is getting much more efficient by way of more precise actions.

Please note that all the below features (minus Delete Duplicate Devices and Tenancy-Level AutoFix with Organisation Exclusions) are currently in Experimental Features, so they must be manually enabled:

• Navigate to Settings in the main sidebar
• Select Experimental Features
• Toggle to enable
  
  

Experimental Features are essentially features that are in pre-release state, and we give you the ability to enable/disable them as you see fit.

Device Groups (Experimental Feature)

You now have access to Device Groups, which is supported across three key areas of the platform, including Package Manager, AutoHeal, and Maintenance Windows.

You’ll be able to target specific sets of devices, giving you a lot more control over how and when remediation, software deployments, and maintenance activities are carried out. If you’re managing a mixed estate, you’ll know that the one-size-fits-all approach can be a pain.

For our MSPs, being able to define groups within each organisation and tailor your patching, remediation, and maintenance schedules will give you much more precision and flexibility, making managing diverse estates considerably more straightforward.

Device Groups function using a Logic-Based Filtering Engine. Instead of manually picking devices, users define a set of rules based on device attributes (such as OS type, vulnerability count, or device name):

• AND Logic: All conditions must be met for a device to be included in the group (e.g., Device is a "Workstation" AND "Critical CVEs > 5")
  
  
• OR Logic: A device is included if it matches any of the specified conditions (e.g., Device is a "Server" OR "High CVEs > 10").
  
  

Access:

1. Navigate to Devices (CyberHeal)
2. Click on the Groups tab
   
3. In the Groups section, click the blue + Add a Group button
4. Enter a unique Group Name
5. Set the Organisation filter (required) to define the scope
6. Click New Rule to add specific attributes
7. Use the AND/OR toggle to layer additional rules
8. Review the list of devices populated at the bottom of the screen
9. Click Create.

Watch Charlie’s video tutorials here:

Script Running PowerShell Package Manager
(Experimental Feature)

Our Script Runner is a new way to deploy and execute ad hoc PowerShell scripts across your managed devices, allowing you to run code directly on Windows Endpoints. We’re currently working on some changes for the next agent for extra large scripts too 😊.

You can upload and manage PowerShell script packages in a central library (no need to email scripts around or log into individual machines), execute scripts on demand against any online device or group of devices. We’re also working towards including full execution history in the near future.

Access:

• Go to Device Engagement > Packages.
  
  

Watch Charlie’s video tutorial here:

Maintenance Windows (Experimental Feature)

This has been highly requested for a quite a while now, and we’re pleased to say that we’ve finally released Maintenance Windows as an Experimental Feature!

You can now define maintenance windows just once and then apply them across your tenancy and assign each window to a specific device group so that servers, workstations, and critical systems can each have their own schedule. When multiple windows apply, a priority field will determine the execution order, so your most important schedules always take precedence.

Once a Maintenance Windows is applied to a Device, Cyber Heal, AutoFix, One Click Fix - all remediation actions for that device will be paused until the end of the window.

Finally, you won’t need to worry about an AutoFix rule patching a production server during business hours as we have flexible scheduling available to configure daily, weekly, or monthly recurrence within time-of-day preferences. Note that all times are displayed in UTC for clarity 😊

Access:

1. Navigate to the User Menu in the top right corner
2. Select Tenancy
3. Under the Settings section, click on Maintenance Windows.

 Watch Charlie’s video tutorial here:

Archived Devices (Experimental Feature)

For the longest time customers have been telling us that old devices culturing up their reporting is causing them problems. Now with Archived Devices, you can automatically archive old devices at Tenancy Level after a chosen number of days. This will remove them from all reporting, regardless of the days filter.

For those of you that manage devices across multiple clients, you’ll know that machines can get decommissioned, laptops go missing, test VMs get spun down, but they still sit in your dashboard (eating licenses and skewing your security reports).

Please note that all scan data for archived devices will be lost – once a device comes back online, the agent will need to perform a re-scan, but data will be collected from scratch.

Access

1. Click the User Menu in the top-right corner and select Tenancy
2. Click on the Settings tab
3. Locate the Archive Stale Devices section
4. Set your desired Threshold (the period after which a device is considered "stale")
5. Save your changes to begin the automated archiving process.

Watch Charlie’s video tutorial here:

Delete Duplicate Devices

We’ve shipped another new feature that will keep your device estate clean and tidy by allowing you to manage duplicate devices.

Over time, devices can appear more than once in your portal (because of reimaged machines or test setups that leave behind ghost entries), and these duplicates clutter your dashboard, skew your device counts and make it harder to get a clear view of your security posture.

The new Manage Duplicate Devices button on your Cyber Heal page automatically identifies devices that share the same name, then checks which one is the oldest. You can then bulk-delete the outdated copies -keeping only the most recently scanned version of each device.

Access:

1. Navigate to Device Engagement → Devices (Cyber Heal)
2. Click the "Manage duplicate devices" button in the toolbar
3. Review the list of duplicates, then select the ones you'd like to remove
4. Click "Delete Selected" - a progress bar tracks each deletion in real time.

Tenancy-Level AutoFix (with Organisation Exclusions)

This upgrade allows you to exclude organisations from your existing Tenancy level AutoFix rules for application upgrades (via WinGet), Windows Updates (by ID or category), and CIS benchmark fixes.  This can be done either at creation time or after and is perfect for those of you who might have unique change-control requirements or legacy environments.

This is no longer in Experimental Features and can be found by navigating the platform directly 😊 

• Inclusion Logic: By default, "Apply to all" includes every organisation under your management.
  
  
• Exclusion Logic: Any organisation added to the "Exclude Organisations" list will be bypassed by the AI AutoFix engine for that specific rule, even if they meet the technical criteria for the update.
  
  

Access:

Applying Exclusions During Rule Creation

1. Navigate to a page with a Fix button (e.g., Device Vulnerability or Cyber Benchmarks)
2. Click the Fix button and select Update via AI AutoFix rule
3. In the configuration dialogue, enable the toggle/option Apply to all organisations
4. Click the Exclude Organisations button that appears
5. Select the specific organisations from the dialogue list that should not receive the update.

Managing Exclusions Post-Creation

1. Click on the User Menu in the top right corner of the portal
2. Select AI AutoFix
3. Navigate to the AI AutoFix Rules (Tenancy) section
4. Locate the Excluded Organisations column to see an exclusion count for each rule
5. Click the dropdown arrow on a rule to view the specific names of excluded organisations.

Watch Charlie’s video tutorial here:

Remote Desktop (Experimental Feature)

So after enabling for those of you who requested early access, we’ve decided to make this live! Our new Remote Desktop capability gives you a drop down so you can use your current Remote-Control Tool.

With this, you’ll connect to any online device straight from the portal without needing to look up credentials or switch between consoles. We’re working on adding more options too such as RustDesk, TeamViewer, and DattoRMM.

Access:

1. In the top-right corner, open your User Menu
2. Select Tenancy
3. Inside Tenancy, go to the Settings tab
4. Scroll down to find the Remote Desktop Section
5. Scroll down until you see the Remote Desktop section
6. Click the blue Add Service button on the right side.

Integration Setup

1. From the dropdown/selection menu, choose your provider
2. Enter the required connection details in the settings fields provided
3. Click Test to verify that the credentials and URLs are functioning correctly
4. Click Save.

Accessing Remote Tools

1. Navigate to the Devices (CyberHeal) page
2. Locate the specific device you wish to access
3. Look for the service provider icon on the right side of the device entry
4. If the device is online, click the button to be redirected to your remote session.

Watch Charlie’s video tutorial here:

 What's Coming Soon

• User Profile Level Vulnerabilities Added to AutoFix
• CIDR-based scanning in External Scanner (Custom range & schedule)
• Dark Web Auto Emails – Added Users from 365 to compliment PSA ticket creation
• TOP Desk PSA Integration
• CIS Level 1 Benchmarks Added to AI AutoFix
• Mac & Linux Agent Release
• OS CVEs added to device vulnerability page
• BIOS CVEs
• Windows Store Apps CVEs
• DLL CVEs
• Unquoted Service Paths Visibility
• IP Lockdown (Portal & APIs)
• Account level forced MFA
• Organisation Transfer Between Tenancies
• AI Communicate – AI Interaction with users
• AI App Get – AI Gets your apps and drivers from the internet
• Granular Tenancy-Level Permissions
• CISA Prioritisation in AutoFix
• DORA Compliance Upgrade
• End of Life Software Upgrade

Thank you for your ongoing support and feedback, and if you have any questions, please don’t hesitate to reach out to us at hello@roboshadow.com