Early Availability
SCIM Sync User Duplication Prevention with Entra ID
Enhanced SCIM mapping for Azure AD/Entra ID to prevent user duplication when connected via Entra ID identity provider.Infinity Integration with Quantum Services
Infinity Identity is now integrated with Quantum Services. This allows Harmony SASE to share identity information via Infinity Identity to Quantum Security Gateway to enable identity-based rules across SASE and Quantum services.SASE Audit Logs integrated with Infinity Audits
SASE audit logs are now part of, and integrated into Infinity Platform Audits. You can now export these logs via Infinity to SIEM systems.Internet Access Threat Prevention Security Profiles
Administrators can now define enforcement behavior and configure Threat Prevention blades (including Malware Protection, Anti‑Bot, Threat Emulation) to match their security posture and operational needs.
Minimum agent version required:Windows: 12.3.0.10
macOS: 12.3
Internet Access Threat Prevention Exceptions
Administrators can now define granular exceptions for specific URLs or files using SHA‑256 identifiers. This capability reduces false positives while maintaining strong enforcement.
Minimum agent version required:Windows: 12.4
macOS: 12.3
New Features
New Role - Security Manager
A new Security Manager role is now available in the platform to support more granular role-based access control. Users with this role can:Manage Internet Access configurations
Define Data Loss Prevention (DLP) policies
Monitor and investigate security events
MSSP / Infinity – Granular Role Support for MSSP Parent Users
The Infinity Portal now supports additional SASE service roles for MSSP Parent users, enabling granular, role-based access beyond the previously Admin-only model. This enhances security and governance through least-privilege access and clearer separation of duties.With this release, MSSPs can assign the following SASE roles to their users, either directly or via Infinity User Groups:
Security Manager
Network Manager
User Manager
Admin
New Harmony SASE Points of Presence (PoPs)
Harmony SASE expanded global coverage with new PoPs in:Istanbul (Turkey)
Auckland (New Zealand)
Montréal (Canada)
Enhanced Networks
Enhanced Networks is now available in US,EU, and AU data residencies and on-demand in India (IN). This feature provides:Higher network scale
Improved resilience
Simplified networks and tunnels management
For more information, see Enhanced Network.
DLP Enhancements
Data Loss Prevention (DLP) now includes:Data Type Manager – Browse built-in data types (such as PII and payment data) and create custom data types.
Minimum agent version required:Windows and macOS: 11.7
Services column in the DLP policy – Configure more granular DLP rules for web categories, custom URLs, applications.
Apply DLP policy on downloaded files.
For more information, see Data Loss Prevention.
Okta SCIM App – Regional Support Expansion
Harmony SASE’s Okta application (SCIM integration) now supports India (IN) and Australia (AU) regions. Customers whose SASE tenant resides in these regions can connect their Okta IDP (with SCIM enabled) using the built-in Okta app.Web Categories – New Gen AI Category
A new URL Filtering (URLF) Gen AI web category is now available. This category:Supports all policies that allow categories selection (Access, Bypass, DLP)
Provides visibility for generative‑AI destinations
Enhancements
Internet Access Rules – UX Improvements
Improvements to Internet Access policy management aimed at large enterprise rule sets, including:Safer defaults to reduce new rule misconfiguration
Faster access to detailed rule view (quick access / one-click view)
Easier management of large selectors
Trusted Networks – Certificate Validation Hardening
Trusted Networks configuration has been strengthened by removing the option to skip certificate validation, reducing risk from weak or misconfigured trust settings.