It's been about 2 months since our last update, and we're working towards getting these out much more often and consistently to keep you all updated and in the loop - we don't want you missing out on anything.
Surely I'm not the only one feeling like this year has been flying by! We're a quarter of the way in and the team has continued shipping consistently behind the scenes over the past month.
This update covers what’s recently gone live across the platform, along with some of the areas we’ve been focusing on as we keep building things out. There's a lot in the works that won't make it onto this list publicly just yet, so if you do want some more insider details, feel free to message Terry directly :)
As always, the goal hasn’t changed. We’re trying to make cyber security easier to manage, reduce the amount of noise you have to deal with day-to-day, and give you tools that actually help you get things done rather than just report on them. This is also why we've been focusing on AI, and I must say, we're definitely getting ahead of the game there. Automation (done right) saves you an incredible amount of time, effort, and overhead.
There’s quite a bit in here, so I’ll leave you to explore the detail where needed, but below is a summary of what’s now live. This time we've also included some short demo clips throughout the update to make things as clear as possible for you. We hope this helps, we'd love to hear your feedback to help us optimise these updates for you.
As always, feel free to email us directly for any feedback or questions at terry.lewis@roboshadow.com or hello@roboshadow.com . We thrive off your responses - negative or positive, it genuinely makes a world of a difference to us, and helps us pour into the right places to give you the best experience possible.
Quick Summary of What's Now Live
Scroll down to find out more on what's out in Beta, as well as a peek into what's coming soon!
This has been one of the more commonly requested features - It's taken a while as we wanted to perfect this, but we're pleased to say it’s now live and ready to use.
You can now automate the generation and delivery of Vulnerability Assessment reports without needing to manually run them each time. The setup is split into two parts: defining when a report runs, and defining what goes into it. Once that’s done, leave it to the platform to handle the rest.
You've got full control over how these reports are structured and delivered. You can define the exact day and time they run, tailor the content depending on the audience, and choose who receives them using either Azure or organisation-linked email lists. Things like branding, customer logos, confidentiality flags, and watermarks are all built in, so the reports are ready to send without needing any manual rework.
The aim here is really to remove the repetitive admin work around reporting, while still keeping everything consistent, professional, and easy to manage. You can set things up once and rely on it running in the background.
Getting Started / Navigation
Step 1: Creating a Schedule
Before scheduling a report, you must define its frequency:
Click the Schedules button in the top right corner.
Click Create New Schedule.
Enter a Name (to help you identify this timing profile later).
Select the Frequency (e.g., Monthly, Weekly).
Set your Preferred Day of the Month and Preferred Hours.
Click Save. You can create as many unique schedules as needed.
Step 2: Configuring the Report
From the main Scheduled Reporting page, click Schedule a Report.
Alongside scheduled reporting, we’ve also introduced scheduled AI prompts for the vCSO.
Instead of manually asking the platform for summaries or insights, you can now define prompts that run automatically at set intervals. The AI processes your request against your data and sends the output directly to the people you choose.
You've got a good amount of control over how these run. You can define how often prompts trigger (anything from daily through to yearly), set specific time windows, and target specific organisations within your portal for localised reporting.
This will be useful for things like monthly summaries, tracking high-priority vulnerabilities, or just keeping a regular pulse on what’s changing across environments without needing to check in manually. It's essentially a way of turning the vCSO into something that works in the background for you, rather than needing that active query.
It’s still early days for how people will use this, so we’re keen to see what kinds of prompts you end up automating.
Getting Started / Navigation
To automate a prompt, follow these steps:
Step 1: Create the Timing (Schedules)
Navigate to Reports > Vulnerability Assessment Report.
Click on the Scheduled Reports option.
Select the Schedules tab and click New Schedule.
Configure the following:
- Name: A unique identifier for the schedule.
- Frequency: Choose Daily, Weekly, Monthly, Quarterly, or Yearly.
- Day of Month/Week: Specify the exact day for the trigger.
- Preferred From/To Hour: Set a window (e.g., 11:00 to 12:00) during which the report will be generated and sent.
Click Save.
Step 2: Create the AI Prompt Task
Switch to the Schedule a Report tab.
Select vCSO AI Prompt Report from the report types.
Configure the AI parameters:
- Access Level: Select Read Only or Write access.
- Organisation: Choose the specific organisation the AI should analyse.
- Name: Give the prompt task a name for future reference in the vCSO chat.
- Prompt Text: Enter the specific instructions or questions you want the AI to answer (e.g., "Summarise all high-priority vulnerabilities found this month").
Click Next and select the Schedule you created in Step 1.
Configure Email Notifications by selecting recipients from your Azure AD or organisation email list.
Click Save
We’ve added a Failure Report into the remediation workflow to give better visibility into what isn’t working.
Up until now, you could see what had been fixed, but it wasn’t always clear where things had failed or why. This change surfaces failed upgrades and remediation actions in a more structured way, so you can quickly identify where attention is needed.
You can filter between all, successful, and failed actions to manage your pipeline, drill into specific devices and applications, and see exactly what was attempted. For vulnerability-related fixes, you can also view the associated CVEs, which helps give a bit more context around what was being remediated in the first place.
There's also the option to export this data into CSV if you need to share it externally or work through it offline, and with visual breakdowns of remediations over time, you'll start to get a clearer picture of where failures are trending across environments.
It should make troubleshooting patching issues much more straightforward, especially in environments where there are external factors at play.
This is currently in beta as we continue refining the reporting layer. Again, we'd love to get your feedback, particularly around how you'd like to use this in practice.
Getting Started / Navigation
To access the Failure Report, follow these steps:
Log in to the RoboShadow platform.
In the main navigation menu, locate and click on Reports.
Select Remediation Report (Beta) from the dropdown.
Scroll down to the Remediation Details section.
Use the status filters to select Failed to view unsuccessful actions.
You can now manage branding at tenancy level and apply it across all organisations.
Uploading a single logo and automatically pushing it down to every organisation under your tenancy removes the need to configure branding individually for each one manually, which we know can be a big pain point for a lot of people.
Once set, this becomes the primary visual identity across your environment. It shows throughout the platform interface and also feeds directly into reporting, so anything you generate and send externally carries consistent branding without any extra effort.
If you want to override things at an individual level you still can, but for most people this should simplify things quite a bit, especially when managing multiple organisations.
Getting Started / Navigation
Follow these steps to access the settings and upload your logo:
Access Tenancy Settings: Click on the User Menu (located in the top right corner of the screen).
Navigate to Tenancy: Select Tenancy from the dropdown menu.
Open Settings: On the Tenancy page, select the Settings tab.
Upload Logo:
- Locate the Tenancy Logo section.
- Click the blue Upload a Logo button in the top right of the section.
- Select your desired image file from logo dropdown.
Apply to Organisations (Optional): If you wish to apply this logo across your entire structure, check the Apply to All Organisations box.
Save/Confirm: Finalise your selection to update the branding.
Audit logs are now available, giving you a full trail of activity across your tenancy.
You can see who did what, when it happened, and the details behind each action. This will be extremely useful for general oversight, as well as when you need to investigate something specific or maintain a record for compliance purposes.
Each log captures the action itself, the user responsible, and the underlying detail behind the event, so you're not just seeing that something changed, but what actually changed. It gives you a clearer view of how the platform is being used across your organisation.
Additionally, there’s built-in search and filtering, so you can quickly narrow things down by user or activity, along with the option to export logs if you need to share them externally or keep longer-term records.
Getting Started / Navigation
To access the Audit Logs, follow these steps:
Log in to your account.
Click on the User Menu located in the top right-hand corner of the screen.
Select Tenancy from the dropdown menu.
Navigate to the Audit Logs tab or section within the Tenancy page.
We’ve expanded the API to give you access to a much broader set of data.
This now covers a much wider range of areas across the platform, including endpoint security, asset and hardware data, applications, users, vulnerabilities, and remediation status. The aim is to make it easier to pull RoboShadow data into your own systems without needing to rely on manual exports.
Whether you're building internal dashboards, feeding data into other tools, or creating your own reporting workflows, this should give you a lot more flexibility in how you work with the data. You're not limited to a single view in the platform anymore, you can shape it around how your team operates.
The API is REST-based, uses Bearer token authentication, and is supported by Swagger documentation, so you can explore endpoints, understand the response structure, and test things before implementing them into your own environment.
The expanded API now supports a wide array of data categories, allowing you to pull information regarding:
Getting Started / Navigation
To access your credentials and explore the available endpoints, follow these steps:
You can now choose which LLM model is used when generating AI Pentest reports.
The current options are OpenAI or a private AWS Bedrock instance, depending on your requirements around performance, architecture, or data handling.
This gives a bit more control over how your reports are generated, particularly if you have specific preferences around where data is processed or how it's handled. For some, this will simply be a case of choosing what works best technically, but for others it can be about aligning with internal policies or infrastructure decisions.
On the surface it's a small change, but it certainly opens things up a bit more in terms of flexibility, especially as we continue to build out more AI-driven features.
Getting Started / Navigation
To access the model selection options for your AI Pentest, follow these steps:
You now have the ability to acknowledge CIS benchmark items within Microsoft 365.
Some recommendations can't be remediated immediately, or are intentionally bypassed to due your specific business requirements. This gives you a way to formally recognise those cases without losing track of them.
When you acknowledge a benchmark, you are required to document the reasoning behind that decision, so there's always context around why something hasn't been actioned. Those items are then moved out of the main active list into a dedicated section, where they can still be reviewed, edited, or brought back into scope if needed.
It'll keep the main dashboard focused on what actually needs action, while still maintaining a clear and traceable record of accepted risks across your environment.
Getting Started / Navigation
To access and use the Acknowledgment feature, follow these steps:
The item has now been moved from the primary view to the Acknowledged Benchmark section at the bottom of the page.
OS CVES in
We now allow you to view CVEs that affect the operating system. Previously, this was only covered within the OS Updates report, as we prioritised ensuring all patches were installed. This change brings us to parity with Qualys.
Unquoted Service Paths
Previously, we didn’t report on unquoted service paths, but these are now visible on the device vulnerabilities page. This will highlight any services on your devices that could be exploited by placing a malicious file in the service’s binary path.
CISA Kev Prioritization Column
On the CVE tab of the Device Vulnerability report, we now include an “Is Exploitable” column to help you better prioritise the patching of CVEs.
Dark Web Auto Emails - Added Users
When new users are added to Microsoft 365, they are automatically scanned against dark web sources to identify any potential exposure.
Dark Web PSA Ticket Logging
When new breaches are detected during automated dark web scans, they’re automatically logged into your PSA system for visibility and action.
Full CIS level 1 Benchmarks Available
CIS Level 1 benchmarks are now available (including fixes) and no longer behind a feature flag. We now allow you to take action and fix reported items.
AI Communicate
AI Communicate will email users and allow you to configure a suitable time for vulnerability patching.
Top Desk PSA Integration
TOPdesk will be supported as a third-party PSA integration, enabling all vulnerabilities to be logged directly into the platform.
Device Groups
You will be able to organise devices into groups. This brings RoboShadow in line with typical RMM functionality.
Script Running (PowerShell package manager)
Will give you the ability to execute ad hoc PowerShell scripts on user devices, allowing you to run code directly on Windows endpoints.
AI Apt Get
AI Apt Get allows you to use AI to find applications that are not included in the WinGet database.
Tenancy-Level Permissions (Granular)
Currently, access is limited to full access or read-only. This will introduce more granular permissions, allowing more precise actions at the tenancy level.
IP Lock down (Portal and APIs)
You’ll be able to restrict access to the RoboShadow portal and APIs to specific, trusted IP addresses.
Remote Control Application Integrations
Gives users one-click access to link with tools such as ScreenConnect, ConnectSecure, Splashtop, and more.
Auto Fix Organisation Removal
Tenancy-level AutoFix will let you run fixes across the whole tenancy while excluding specific organisations where needed.
Organisation Transfer Between Tenancies
Transfer organisations between tenancies, making it easier for MSPs to move clients from one MSP to another.
As always, we’ll keep iterating on all of this. A lot of these features are shaped directly by feedback, so please do keep it coming.
If you have any questions, suggestions, or just want to share how you’re using things, feel free to reach out to us at hello@roboshadow.com or contact me directly at terry.lewis@roboshadow.com.
We read everything, and it makes a difference to how the product evolves.