Search

Page tree
Skip to end of metadata
Go to start of metadata

Date:   

Installation: via the interworks.cloud installer

You will need also to update the service managers for "Acronis Backup", "Acronis Files" and "Panda Antivirus" to 1.9.0 edition because of the new automation we included in this release for the cloud applications settings. The update is available from our installer.

Microsoft New Security Requirements - Consent Process has been Activated


Microsoft has introduced a new security framework to give CSP Partners and Control Panel Vendors (CPVs) a more secure application model through multi-tenant application authentication capability.


With the improvement we included in 3.24.0 release, we have fully complied our application with Microsoft requirements. What we have changed is that you will no longer need to setup in your BSS the credentials of your global CSP admin user. We have registered interworks.cloud platform as a Vendor application in Microsoft systems and you will be asked to give to our application the consent to call Microsoft APIs on your behalf.


You should have completed the consent process until 3rd of February 2019. From 4th of February, Microsoft will enforce the new security model and you will no longer be able to provision any Microsoft services from our platform if you haven't given your consent to our platform. Our platform will support both functionalities until 3rd of February, meaning that if you haven't given your consent we will continue using the credentials of your global admin user for authentication purposes.

For running the consent process, check please Give you consent to interworks.cloud platform.

Automatic Update of Cloud Apps Settings in Tenant Reseller


From this release, the cloud application settings for services that are inherited from the parent organization are now updated automatically in child level (i.e. in tenant resellers or country tenants). This means that if you are a CSP and you change for example your "Web App ID", you will no longer need to go and update it in each tenant, it will be done automatically from our system.

In the child organization, the administrator will be able to see and change only settings that are available for him. The rest settings will be hidden from the tenant administrator.

This feature has been implemented for the service manager MS Cloud Services, Azure Pack, Panda Antivirus, Acronis Cloud Backup, Acronis Files, interworks.cloud OSS and Citrix CPSM. For the rest service manager an update will follow in one of the next releases.  

For more details, check please Syncing Tenant BSS with Underlying Provisioning Platforms.

Acronis Cloud Backup - Support for Local Storage Quota


From this release you can set quotas for the local storage your customers are using for their backups.  We upgraded our Acronis Cloud Backup service manage and we exposed a new product characteristic called "Local Storage (GB)" for setting for your Acronis plans the local storage quota you wish.

Using this new property you can bill your customers for the local storage they are using since we lock in Acronis portal the local storage that is is available for customer's backups. 

For more details, check please Defining Acronis Products & Add-ons.

If you are having an on-premise deployment of our platform, you need to upgrade also the Acronis Service Manager using our installer.

Locking Mechanism for BSS & Storefront Users


In this release we introduced the user locking mechanism for users that have multiple failed login attempts. A BSS or a Storefront user will be locked and he will not able to login in BSS or Storefront portal if he exceeds the number of failed login attempts your administrator has defined.  

The maximum login attempts can be defined by your administrator in the new "Security Settings" section we included in the "Organization Profile" page.  

If a user is locked can be unlocked only by the BSS administrator from the "unlock users" tool.

For more details, check please BSS & Storefront Users Lock

Code Security Improvements


In this release we included various improvements that strengthen our platform against malicious attacks. 

  1. Any excel functions defined in the excel file will be disabled before the upload of the file in our translation tool.
  2. Remove of Logo enumeration in our image handler in Storefront for preventing phishing campaigns with XSS (Social Engineering).
  3. Prevent Cross-site Scripting (XSS) for Contacts and Document description fields in BSS.
  4. Prevent XSS on Translation Manager in BSS.
  5. Prevent XSS on Landing Page Manager in BSS.
  6. Prevent Storefront user enumeration by displaying the same error message for both invalid usernames or passwords.
  7. Addition of "Enable editor Anti-XSS filtering" option in "Organization Profile" settings for preventing cross-site scripting in the description editors we have in all edit pages. 

Resolved Issues


Key

Summary

EXL-5936The user can defined a domain prefix for his Microsoft account with invalid characters
EXL-6194

MCA pop-up returns error for for agreement date if the BSS user has different date format from organization's default format.

On this page


  • No labels

4 Comments

  1. Milena Kalatha the release notes for 3.24.0 prepei na fygei shmera. bale note oti to EU enhmerwnete shmera stis 23:00 kai to US ayrio 02:00 EST cc Pelagia Papoulidou

    1. 'completed the consent process until 3rd of February 2019. From 4th of February' The date has been moved by Microsoft!