Skip to content

v2026.2

Latest
Latest

Choose a tag to compare

View all tags
@np5 np5 released this 25 Feb 13:25
· 12 commits to main since this release
v2026.2
4ca1e31
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new?

OIDC API token issuer

It is now possible to exchange an OIDC ID token for a short-lived Zentral API token. This can be used to authenticate from GitHub workflows or GitLab pipelines for example. No need to store (and rotate) a Zentral API token in your repository configuration anymore. Just add an OIDC API token issuer to the Zentral service account.

HTTP action CEL transformation

We have added an optional CEL transformation to our HTTP event action (webhook). The event data can now be transformed (filtered, pruned, reshaped, …) before being posted to an API endpoint. This should remove the need for a custom AWS lambda or GCP cloud function in most of the cases.

Device Lock PIN

The latest MDM device lock PIN is now encrypted and stored in the device record. It is automatically cleared once the device contacts the MDM after being unlocked. There is a special permission that is required to reveal the PIN. An event is generated each time the PIN is revealed, with metadata about the user or service account that authenticated to reveal the PIN.

Other notable changes

The copy-to-clipboard functionality for secrets (FileVault PRK, Recovery Lock, …) has been reworked and standardized.

The MDM can now distribute provisioning profiles. The provisioning profile artifacts have been also added to our official Terraform Provider for Zentral.

The machine tag name length limit has been removed.

The API for enrolled devices has been updated. The email or short name of the principal MDM device user can be now used to filter the results. Each enrolled device object in the responses also includes realm user information if the last enrollment session was authenticated.

Bug fixes, upgrade

The missing Windows 11 versions have been added to the inventory.

The MDM API endpoints for the artifacts are paginated now. You need to update your integrations and use the latest version of the Terraform provider.

The legacy inventory clients for Filewave, Sal & Watchman have been removed.

Before you upgrade, do not forget to read the CHANGELOG and verify the backward incompatibilities. If you encounter any problem during the upgrade, contact us via email or in the #Zentral macadmins Slack channel.

Assets 2
Loading