Systems Manager Agent Release Notes

Last updated
Save as PDF

Overview

The Systems Manager Agent is used to enroll and manage macOS and Windows devices. Information on the recent changes, feature enhancements, or bug fixes included in each Systems Manager Agent release is included below.

For more information about the Systems Manager Agent, see this Documentation article.

As of June 2024 the following Enrollment Authentication options are no longer supported for Windows Agent Enrollment:

Azure AD
Google
OpenID Connect

Consider one of these alternative option to replace Azure AD, Google, OpenID Connect:

For interactive Web SSO enrollment, SAML can be used. For instance, Microsoft Azure AD/Entra ID and Microsoft ADFS can be configured to enable SAML.
Create an SM network with Meraki authentication for interactive agent enrollment.
Use a bulk enrollment token. This works with SM networks of any authentication type. It is not designed for interactive enrollment and needs to use a command line invocation of << msiexec >> to install.

Version 4.2.2

Windows

[Bug fix] Fixes an issue which prevented the agent from installing properly in some scenarios.

Version 4.2.0

Windows

[Update] Added SAML enrollment authentication.
[Big fix] Software installer reporting improvements.
[Security] Various security enhancements.
[Update] Removed support for Active Directory enrollment authentication (local unencrypted LDAP proxy).
[Update] Removed support for Windows Server.
- For Windows Server 2016-2019: recommended agent version: 3.7.2.
- For Windows Server 2022: recommended agent version: 4.1.1.

Version 4.1.5

macOS

[Bug fix] Resolved ability to fetch agent logs from Dashboard.
[Bug fix] Resolved an issue which prevented agent installer app from enrolling in certain networks with Meraki authentication credentials.

Version 4.1.4

macOS

[Update] Reliable script scheduling: run scripts on devices according to a set schedule, which can be daily, weekly, or monthly.
[Update] Automatic script syncing: changes to a script's schedule (including the addition of new scripts, deletion of old scripts, or updates to existing scripts or their schedules) will now be automatically synced to devices as soon as they are online.
[Update] The UI installer of the agent has been rewritten as a native macOS app, replacing the .pkg.
[Bug fix] Various bug fixes

Version 4.1.1

Windows

[Update] Reliable script scheduling: run scripts on devices according to a set schedule, which can be daily, weekly, or monthly.
[Update] Allows agent to be installed over MDM channel.
[Bug fix] On cancelled installation the logs folder will now be cleaned up.
[Bug fix] Improvements to Connection Log 'disconnected' reporting.

Version 4.0

[Update] Name of agent is now Cisco Meraki Endpoint Agent.
[Update] Removed support for operating systems: Win10 21H1 (and prior) and macOS Mojave 10.14 (and prior).
[Update] OpenSSL Support 3.1.1.
[Security] Various bug fixes and security enhancements.

Windows

[Update] Bulk enrollment support added.

Version 3.8.2

[Update] Updated support for Powershell and Shell scripts. Scripts can now run on devices as they asynchronous come online.
[Update] Updated EULA.
[Security] Support for TLS 1.3.

Version 3.7.2

[Bug fix] Windows devices can now correctly report disk usage information statistics to Dashboard.
[Bug fix] macOS VMs or devices without wireless network interfaces no longer cause the agent to restart repeatedly.

Version 3.7.1

[Update] Wireless MAC address tracked in the wireless connection log.
[Bug fix] Resolved issue preventing activation with Sentry Enrollment on Windows devices.

Version 3.7.0

[Update] Internal changes for development of new agent commands.
[Update] Windows Powershell (.ps1) and macOS shell (.sh) scripting support! Currently in Early Access and organizations need to opt-in. There is a new page in Systems Manager > Scripts to upload scripts and target devices. For more info see the documentation.

Version 3.6.0

[Update] Support for enrollment to Canada cluster.

Version 3.5.2

[Security] Security enhancements for enrollments using TLS client certificates with Dashboard using the Simple Certificate Enrollment Protocol (SCEP).
[Security] Only allow HTTPS connections; drop usage of HTTP.
[Update] Upgrades to third parties libraries.
[Update] Minor bug fixes and improvements.

The field "enrollment date" will be updated in Dashboard upon upgrading from a non SCEP SM Agent (< 3.5.2) to SCEP version (3.5.2+).

macOS

[Update] macOS agent is a Universal app and no longer requires Rosetta2 to run.

Windows

[Update] Dropped support for Windows 8.1. Supported platforms are Windows 10 and higher.

Version 3.1.4

macOS

[Bug fix] Fixes an issue in the installer which caused agent upgrades to fail on Apple Silicon devices running macOS 11.6+.

Version 3.1.3

macOS

[Bug fix] Support for remote desktop on MacOS 12.3 (Monterrey).
[Security] Security fixes and assorted updates to third-party libraries.

Windows

[Security] Security fixes and assorted updates to third-party libraries.

Version 3.1.2

macOS

[Security] Security fixes and assorted updates to third-party libraries.
[Update] Additional VNC logging
[Update] Universal (Apple Silicon/x86) agent uninstaller added.
[Update] Uninstaller now calls agent with cleanup flag; Uninstaller appears on desktop with correct name.

Version 3.1.1

macOS

[Bug fix] Installing agent over MDM now automatically enrolls without needing any user intervention.
[Bug fix] The agent installer will now install Rosetta 2 on Apple Silicon macOS devices, if it is not already installed. This allows Apple Silicon macOS devices to enroll in MDM and then push the agent without requiring user intervention.

Windows

[Bug fix] Agent only enrollments no longer have a delay in initial sync with Dashboard.
[Bug fix] Incorrect LAN IP reported via agent for Windows devices with multiple NICs.
[Security] Various agent file privilege fixes.
[Update] Reduced usage of the shared C:\Windows\Temp directory so there are fewer audit events generated.

Version 3.1.0

macOS

[Update] New enrollment flow requiring network ID or enrollment string
[Update] Command line argument for 'enrollment_code' can be passed via the .pkg installer

Windows

[Update] New enrollment flow requiring network ID or enrollment string
[Update] Command line argument for 'ENROLLMENT_CODE' can be passed via the .msi installer
[Bug Fix] Active Directory enrollment when users password has special characters in password no longer fails
[Bug Fix] Active Directory groups now sync if they have special characters in their names
[Bug Fix] Anti-malware software no longer blocks Screenshot feature
[Bug Fix] Anti-malware software no longer blocks Remote Desktop feature
[Bug Fix] Uninstalling the agent now also stops the associated processes and services from running
[Bug Fix] Errors do not appear in logs if a target device does not have a wireless adapter (ex. Windows Server)

Version 3.0.3

macOS

[Bug Fix] Support for Remote Desktop on macOS 10.13 (High Sierra)

Windows

None

Version 3.0.2

macOS

[Bug Fix] Prompt for permissions when requesting access to Remote Desktop

Windows

[Security] Support updated UltraVNC server
[Security] Executable signed with SHA-256 signature hash

Version 3.0.1

macOS

[Update] Update License Agreement
[Update} Support for Remote Desktop on macOS 10.15 (Catalina)
[Security] Resolved potential local root escalation
[Bug Fix} Resolved Remote Desktop in read-only mode on macOS 10.14 (Mojave)

Windows

None

Version 3.0.0

macOS

[Security] Executable signed and notarized to support new requirements in macOS 10.15 (Catalina)

Windows

None

Version 2.0.0

macOS

[Update] Delete local Screenshot after forwarding to Meraki Dashboard

Windows

[Update] Screenshot contains multiple display windows

Version 1.0.99

macOS

[Update] Remote desktop prompts for user permission

Windows

None

Version 1.0.98

macOS

None

Windows

[Bug Fix] Resolved failure to install when MSI launched in foreground