1E 23.7 (SaaS)

Add Set-1ESurveyManagementGroup cmdlet.

Work around API issues with importing surveys so that the Import-1ESurvey cmdlet correctly sets the management group assignments and enabled status of a survey when imported.

Escape any URL parameters so that instruction set names and other entities passed as part of a URL that contain special chars are handled correctly.

Add Get-1ELicenseInfo cmdlet.

When exporting any entity that is represented as XML, attribute values are now properly escaped so that e.g embedded quotes map etc.

The Get-1EGroupMember cmdlet did not translate the group name to base 64 before calling the API.

The Add-1EJwtPrincipalMapping cmdlet now checks that the principal exists on the RBAC subsystem or is a member of a group on RBAC.

Add new cmdlets Add-1EConsumer, Remove-1EConsumer, Update-1EConsumer, Update-1EEventSubscription.

Add -Path parameter to Add-1EEventSource to support JSON directly from a file.

Add functionality to Get-1EBearerToken to support obtaining bearer tokens interactively.

Add new Invoke-1EIdentityProviderAPI cmdlet to allow identity provider APIs to be directly called for test purposes.

Adds cmdlets to get and set platform settings.

When an expression tree is created for either scope or management group expressions, operators are coerced to lower-case. This is to resolve an API validation issue with the SLA subsystem where operators are not case-normalised, causing subsequent UI misinterpretation of the expression operators. Note that the consumer scope APIs accept operators in either case correctly.

The update-1eslamanagementgroup cmdlet now accepts a JSON expression tree directly as well as parsing a human-readable expression. This is to mitigate an issue where currently an expression containing multiple AND or OR terms is not flattened out into a single management group rule. Although the rule functions correctly, it appears as a nested set of AND or OR terms in the UI, which can be confusing.

Rules and policies containing names which would cause XML serialisation issues have the characters in these names mapped to a hyphen ( - ) during export.

Added Get-1EAnnouncementResponse cmdlet.

Platform migration support cmdlets have been added to the PS Toolkit.

The Remove-1ESLAManagementGroup cmdlet can now recursively remove parent/child MG hierarchies if the -Force flag is used and enumerate what these would be if the -WhatIf flag is specified.

The New-1ESLAManagementGroup cmdlet now accepts a rule in internal JSON expression tree format as well as human-readable format, facilitating the copying or export/import of management groups and rules.

The New-1ESLAManagementGroup cmdlet resolves a breaking change in the API model that caused management group creation to fail on recent 23.x releases of the platform.

The Get-1ESLAManagementGroup cmdlet now accepts an -IncludeChildren flag which will enumerate all descendants, (if any) of the management group specified.

The Get-1EBearerToken cmdlet now allows a custom scope to be requested, for applications such as obtaining a bearer token that can access the Azure Key Vault.

The Get-1EBearerToken cmdlet now supports retrieving a bearer token using a managed identity as well as a shared secret or JWT signing certificate.

The Set-1EServer cmdlet now supports a shared secret and vault appid parameter to allow certificates for non-interactive authentication to be retrieved without using managed identities.

The Set-1EServer cmdlet now supports an X509 certificate object as a direct parameter, to allow callers who can get a certificate by whatever means, to then authenticate with it.

The Get-1ECertificateFromKeyVault cmdlet now supports the use of a shared secret to retrieve certificates from the vault as well as a managed identity.

Added Get-1EPermissionForPrincipal cmdlet.

Added New-1ESecurableType cmdlet.

Added Remove-1ESecurableType cmdlet.

Added New-1EOperationForSecurableType cmdlet.

Added Remove-1EOperationForSecurableType cmdlet.

Added Get-1ECertificateFromStore cmdlet.

An issue where a created JWT can have non-integral issue and expiry time members, causing authentication failure under PowerShell Core in some scenarios, has been corrected.

The Get-1ESurvey cmdlet did not correctly retrieve surveys by name and did not throw when an invalid survey name was provided. This has been corrected.

The Import-1ESurvey cmdlet now accepts a JSON survey string as an input parameter as well as a file path.

The buffer size for websockets has been increased to resolve scenarios where users with a huge number of groups caused interactive authentication to fail due to token truncation

The get-1eresultascsv cmdlet using -raw as the input now uses stream processing and does not consume large amounts of memory; it will convert 4G of raw data in about an hour.

Interactive authentication now supports multi-tenant authentication but remains backward-compatible with all releases.

The remove-1epolicyrule cmdlet did not operate correctly. This has been corrected.

Resolve an issue where platform releases 23.x caused an error to reported regarding incorrect platform version for some cmdlets. Note: version 1.2.6 was not released externally.

Changed the model for the Set-1ESLADirectManagementGroup cmdlet to address breaking change made in recent versions of the platform. No documentation or behavioural changes.

Removed quotes around the 'exp' and 'iat' properties of a created JWT. While these JWTs are accepted by most identity providers, PingFederate rejects them with quotes. They should be integer values, unquoted. This is compliant with the appropriate standard and accepted by all IdPs.

Added -UseBasicParsing to all uses of invoke-webrequest. Previously, only some invocations had this parameter added. This avoids an error when run on systems that have never had Internet Explorer installed.

Modified the get-1eeventsource cmdlet to accept an optional Id parameter.

Modified the add-1eeventsubscription cmdlet to accept an optional SourceId parameter.

Added new cmdlets add-1eeventsource, remove-1eeventsource and update-1eeventsource.

Changed the status check for retrieving instruction results so that an instruction which has been cancelled (and is in the 'cancelling' state) can still have results retrieved.

Added convert-1eprincipal cmdlet

Added -PrincipalName parameter to update-1eprincipal cmdlet

The get-1einstructioninset cmdlet now requests that all instructions, including server-side instructions, are retrieved. Previously, due to an API change, these instructions would not have been returned.

Files and cmdlet prefixes have been changed to reflect company rebranding and product renaming.

A failure during non-interactive authentication is now reported as a thrown exception.

DENY permission exists, but has never been supported. The Toolkit has been fixed so that it no longer allows DENY permission.

Fix issue with get-tachyontriggertemplate -asxml where agent parameters are empty.

Add support for Datadog integration.

Add get-tachyonrulehistory cmdlet.

Add -metadataendpoint parameter to get-tachyonjwt cmdlet.

Add get-tachyonsignedjwt cmdlet.

Add get-tachyonconnector cmdlet.

Add get-tachyonconnectortype cmdlet.

Add update-tachyonconnector cmdlet.

Add -ReceivedOnly param to get-tachyonresultsacsvfile.

Change behaviour of received data logic so that if an instruction transitions to complete, then the final received count is taken as the total data set, even if statistics say more devices were targeted than responded. This prevents retry timeouts trying to return data from instructions that were launched from the UI, where the scope is dynamic and the statistics may never match up. Instructions launched from the toolkit use targeted FQDNs and are less likely to exhibit this issue.

Add Move-TachyonInstruction cmdlet.

Support for OAuth interactive sign in.

Add support for full rule modification in update-tachyonrule. It is now possible to update all rule components (or add or remove them), changing parameters if necessary.

Add support for shared secret in get-tachyonbearertoken to support Ping identity provider.

Fix issue in PowerShell Core where get-content -raw returns incorrect length for binary files, causing dynamic file copy to fail and new-tachyonresource to compute an incorrect length for binary resources.

Support repeated trigger template Ids in add-tachyonrule.

Get-PolicyRuleDeviceStatus - add -RuleId parameter to filter device compliance by rule.

Documentation – Using the Tachyon PowerShell Toolkit on non-Windows platforms.

Add support for Accessing Certificates from the Azure Key Vault and Managing certificates with the Azure Credential Vault.

Add support for certificate retrieval from keystore in Linux.

Fix issue with JWT creation under PowerShell Core.

Add functionality to create rules for Guaranteed State and update existing rules (partial functionality).

Fix issue with certificate KID base 64 url encoding.

Fix issue with raw HTTP requests when using override NTLM credentials.

Fix variable misspelling that could cause Tachyon version not to be set when connecting.

Add -name and -force params to get-tachyonprincipal and remove-tachyonprincipal.

Support SID for legacy systems when adding principal; correct Okta scope issues.

Add get-jwkfromcertificate cmdlet

No functional changes.

Resolved an issue where values in scope expressions that contained reserved operators such as 'India' which contains the reserved operator 'in' were not parsed correctly, causing an error to be returned when these values were used in comparisons.

No functional changes.

The Export-TachyonFragment cmdlet could return an error when invoked. It now correctly defaults the file extension on exported fragments to XML when no extension is provided.

The Export-TachyonPolicy cmdlet did not include override parameter values for fragments in the exported policy.

The Invoke-TachyonDynamic cmdlet, when used with the -Files option to copy files, did not correctly handle filenames with embedded spaces

No functional changes.

Cmdlets referencing Coverage tags now refer to Device tags (due to change in Tachyon 8.0).

Cmdlets referencing Scheduled tasks now refer to Schedules.

Add -Credential parameter to set-tachyonserver cmdlet to allow alternate credentials to be supplied when connecting using Windows authentication.

Add support for exporting Guaranteed State policies and their components in XML format and to create an integrated product pack ZIP file from a policy and its components.

Fix encoding issue when exporting fragments that contain non-ASCII unicode characaters.

Rename search-tachyonserver cmdlet to search-tachyoninstruction.

Version 1.0.1 was an internal release only and was not distributed.

Fix incorrect version prereq checking for Invoke-TachyonWMIQuery cmdlet.

Add check for proxy connection access denied error.

Add support for scheduled tasks and conditional action scripts.

Add Get-TachyonInstructionResultFqdn cmdlet.

Add -Offload parameter to invoke-tachyoninstruction cmdlet.

Add support for SLA management groups.

Add support for Experience surveys.

Add support for Tachyon Proxy client certificate authentication.

Add support for new v8 management group API to associate role/principal pairs with MGs

Reinstate add/remove role and add/remove permissions cmdlets now that MGs have been refactored.

Add support for the Tachyon Proxy Server (proxy for Consumer Authentication).

Add -Force parameter to invoke-tachyondynamic and new-tachyonresource cmdlets, to allow the remote device PowerShell execution policy to be overridden.

Added -Csv parameter to Invoke-TachyonInstruction cmdlet.

Added WMI cmdlet.

Added -Id and -Name parameters to Get-TachyonInstruction cmdlet.

Changed all online help examples to ensure that the Tachyon prefix was correctly included in cmdlet name.

Added credential management cmdlets.