A common question that is seen among the IT Operations and Security teams is – "How am I doing with the security vulnerabilities in my environment?" or put differently, "what is the trend of vulnerable applications and/or devices in my environment? Is it going upwards or downwards? Am I getting better at addressing software vulnerabilities?" We have heard interest in being able to answer questions like these customers, who were very keen in having a capability to build their own trend reports beyond the reports available in SVM. To help address this need, we have made some improvements to the APIs that gather such data and are leveraging these using the tool described as part of the SVM Client Toolkit. This new tool was released as part of our June 2021 update of SVM. Upon installing the new version of SVM Client Toolkit, a shortcut will be created on the desktop which allows you to pull data from SVM and store it on your local SQL server. It provides an option to establish a connection to a local SQL Server and to SVM. These steps are shown in an attached video, but the steps are pretty straight forward: When connecting to a SQL Server for the first time, select the option to create a database. The tool will create a database on the SQL Server with the required schema to store data from SVM. Upon successful connection to SQL Server and creating a database, click ‘Sync Data’ to collect SVM data for this point in time The first time you do so, the sync may take few minutes, depending on how many hosts and applications you may have in your environment. You may then choose to schedule future data syncs. To support this, the tool supports a command line switch that may be leveraged along with the Windows Task Sequencer to automatically run all the future data syncs at your desired frequency. We also provide four Power BI templates for trend reporting as a strong starting point, which you may choose to customize to your specific needs. With PowerBI Desktop installed, you may import the provided templates and change the database connection to your local database where you synced SVM data. The four provided Power BI templates represent the following sample trend reports: Applications by Criticality: Displays the trend representing the unique number of applications by their criticality (Extreme Critical, Highly Critical, Moderately Critical, Less Critical and Not Critical) . Applications by Status: Displays the trend representing the  unique number of applications by their status (Secure, Insecure and End of Life). Devices by Criticality: Displays the trend representing the unique number of devices by their criticality. If a vulnerable application is found on a device, then the device will be categorized under that application’s criticality level, for example if an Extremely Critical application is found on a device, then that device will be categorized as Extremely Critical. Devices by System Score: Displays the trend representing unique devices by their system score. System Score represents the percentage of secure vs insecure applications on a device. In this report we have color-coded the values to show red is for system score less than 80%, yellow for system score between 80% and 95%, and green for system score above 95%. Each report has a line graph on the left showing the trend and a detailed tabular report on the right. For instance: in the Applications by Criticality report, the line graph on the left shows the trend of of unique applications by their criticality across years, months, weeks, and days and the detailed report on the right shows a table with the list of all the applications. Therefore, by way of example, if Adobe AIR 3.x appears as an Extremely Critical application 4 times each in Q1, Q2 and Q4 and 5 times in Q3 for the year 2020, this would be a total of 17 occurrences for the year 2020. In the line graph Adobe AIR 3.x will be counted only once (unique) for year 2020. Similarly, it will be counted only once for each of the four quarters at the quarter level. The detailed report in the table shows all the 17 occurrences along with the quarter, week, and day on which this app was found in a scan. If you’d like to work with such data outside of PowerBI, the tabular report can be exported into an excel document if you wish you see each occurrence of an application and build your own report there.  Attached here is a video demonstrates how to use the new tool to connect to SVM and a SQL Server and pull data from SVM into SQL Server database. The video also shows how to import the in-built Power BI templates and generate a trend report. This is a starting point, and one that we intend to enhance with your feedback. Based on your input, we can extend our APIs to collect additional data and this tool to make use of them. Please leverage our Ideas portal to make specific requests for data and when possible state the purpose of the report and how you intend to action it.  ... View more

While this is a cloud prem update, it effects our on-prem customers as well because we have also updated the SVM Toolkit installer to provide a new Historical Reporting capability and to further improve our Intune integration.   Historical Trend Reporting We are now shipping a utility within the SVM Toolkit that can collect data from your SVM account into a local SQL database. Such will allow you to store as much historical data as you wish, for as long as you wish. To help capitalize on this data, we are also providing PowerBI templates to help explore this data so you can better analyze longer term details of your vulnerability status. We intend to improve upon this with your feedback, so please come to the community Forums or Ideas to share your thoughts!   After installing the SVM Toolkit, you’ll find the provided PowerBI templates at "C:\Program Files\Flexera Software\Client Toolkit\Client Data\Report Templates\Power BI\" Click here to read an article which provides more details along with a video on how to take advantage of this new offering.   Intune Integration Improvements We have enhanced our Intune integration to allow group assignment within the SVM Patch Daemon.     More Updates to this newly released version of SVM cloud include, As previously announced, we are correcting a problem with the EOL status reported when assessing older Microsoft products. We are working to prioritize an update for SVM on-prem to address this as well. Some customers were experiencing problems with report generation. This has been resolved and we are now proactively monitoring for report failures to respond more quickly in the future. Additional back-end improvements are underway in an effort to further improve performance of smart group processing. We now support Azure AD as a single sign on provider (documentation) Other bugs and fixes (see release notes for details) ... View more

We are correcting an issue which could result in increased EOL statuses of older Microsoft products. For some Microsoft products the EOL status was not being properly processed because needed Microsoft updates are determined differently as compared to third party software and so must be specially addressed. For example, Office 2010 and Internet Explorer 8 have reached end of life but was not being flagged as EOL. This will be corrected in our next release of SVM currently scheduled for June 30 th 2021. ... View more

We had a minor update to SVM published on April 21st which included the following changes: Intune Enhancements Agent deployment via Intune Addressed multiple bugs In some cases, patches may be applied even when the application was not present on the device, or an earlier version of the application was not present In some cases, when a targeted endpoint contained a newer version than the published version, the downgraded version was mistakenly being installed When the option to always install was selected for a patch, it would not always be applied to the target device as expected In some cases, SPS and VPM packages would not install to update as expected SSO Integration with Azure Support for IDP initiated Azure login now available (article) Support for Service Provider initiated Azure Login (if a user directly comes to SVM we are able to direct them to Azure) is forthcoming ... View more

I’ve very excited to announce the general availability of AdminStudio 2021. We are doubling down on our investment in the game-changing Package Feed Module, we are further evolving our MSIX support and we are introducing more options to help integrate AdminStudio into your packaging and patching processes. This is a BIG release!   The AdminStudio Backlog AdminStudio now features a backlog view to manage packaging requests by priority value. Match backlog items to existing packages in your catalog or to the package feed module for rapid processing (or automated processing via subscription). To better integrate AdminStudio with your package request process, we have provided a REST API to support adding packaging requests directly to the new AdminStudio backlog.   Package Feed Module Enhancements We’ve also added custom installation wizards for about a thousand of the Windows Installer packages in the Package Feed Module. Save time by choosing easy to understand, application specific options when importing packages from the Package Feed Module and a customization transform file will be generated accordingly. We are also now including icon files and uninstall commands for most listings.   MSIX Editor Improvements We’ve made a few updates to the MSIX Editor, including the ability to import registry (.REG) files, some UX improvements and an option to sign packages using a certificate store (as opposed to supplying a certificate file).   MSIX App Attach Support With our new MSIX App Attach support, you can now easily create the needed VHD (or VHDX) image files to make leveraging MSIX packages easier for those managing Windows Virtual Desktop (WVD) environments.   AdminStudio REST API A documented REST API is now provided to support integration with other solutions and processes (in addition to our existing PowerShell Cmdlet support) including the new Package Backlog feature.    We’ve also added support for the most recent Microsoft updates including support for Windows Server 2019 and the latest released builds and updates to ConfigMan and its application model. Click here for full release notes ... View more

AdminStudio 2021 introduces a backlog view to manage packaging requests by priority value. Match backlog items to existing packages in your catalog or to the package feed module for rapid processing (or automated processing via subscription). Plus, in order to better integrate AdminStudio with your package request process, we have provided a REST API to support adding packaging requests directly to the new AdminStudio backlog (in addition to our PowerShell cmdlet) and existing CSV import option. For a quick look at the backlog and a demonstration of the ways it can be populated, see the video below. ... View more

Just last week, App Attach was released to General Availability, and AdminStudio 2021 is now here providing a new feature for App Attach to make it easier to take advantage of this powerful new benefit for those managing Windows Virtual Desktop (WVD) environments. AdminStudio can now easily create the VHD or VHDX images necessary to leverage App Attach from MSIX packages in your Application Catalog. When you right-click on an MSIX package in AdminStudio's Application Catalog, you’ll see a new option to “Create MSIX App Attach” in the context menu. To do so, you’ll need to have signed the MSIX package (which is an existing MSIX requirement). When preparing an MSIX package for App Attach, the below configurable options are presented: Name (automatically populated) Image Type (VHD is set by default. While VHDX does offer more modern features, such as support for larger sizes and disk resizing, they are not of consequence for purposes of supporting App Attach) Image Size (calculated at four times that of the MSIX package with a 20mb minimum) Output Directory (by default, that of your existing MSIX package) You may accept the defaults or make changes as desired. Note: to use this feature, you must have enabled Hyper-V Services on the local machine where you wish to do so, this can be done in Windows Features as shown below.   We are anxious to evolve this initial support for App Attach as we believe it to be a significant value of MSIX we want to make easier. Please come with your suggestions to our Ideas area and tell us what you think we should do to help even more! ... View more