---
title: "December"
slug: "december-2025"
updated: 2026-04-07T09:08:34Z
published: 2026-04-07T09:08:34Z
canonical: "support.perimeter81.com/december-2025"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# December

### Early Availability

- **SCIM Sync User Duplication Prevention with Entra ID** Enhanced SCIM mapping for Azure AD/Entra ID to prevent user duplication when connected via Entra ID identity provider.
- **Infinity Integration with Quantum Services** **Infinity Identity** is now integrated with **Quantum Services**. This allows Check Point SASE to share identity information via Infinity Identity to Quantum Security Gateway to enable identity-based rules across SASE and Quantum services.
- **SASE Audit Logs integrated with Infinity Audits** SASE audit logs are now part of, and integrated into **Infinity Platform Audits**. You can now export these logs via Infinity to SIEM systems.
- **Internet Access Threat Prevention Security Profiles** Administrators can now define enforcement behavior and configure Threat Prevention blades (including Malware Protection, Anti‑Bot, Threat Emulation) to match their security posture and operational needs. **Minimum agent version required**:
  - Windows: 12.3.0.10
  - macOS: 12.3
- **Internet Access Threat Prevention Exceptions** Administrators can now define granular exceptions for specific URLs or files using SHA‑256 identifiers. This capability reduces false positives while maintaining strong enforcement. **Minimum agent version required**:
  - Windows: 12.4
  - macOS: 12.3

### New Features

- **New Role - Security Manager** A new **Security Manager** role is now available in the platform to support more granular role-based access control. Users with this role can:
  - Manage Internet Access configurations
  - Define Data Loss Prevention (DLP) policies
  - Monitor and investigate security events
- **MSSP / Infinity – Granular Role Support for MSSP Parent Users** The Infinity Portal now supports additional SASE service roles for MSSP Parent users, enabling granular, role-based access beyond the previously Admin-only model. This enhances security and governance through least-privilege access and clearer separation of duties.

With this release, MSSPs can assign the following SASE roles to their users, either directly or via Infinity User Groups:
  - Security Manager
  - Network Manager
  - User Manager
  - Admin
- **New Check Point SASE Points of Presence (PoPs)** Check Point SASE expanded global coverage with new PoPs in:
  - Istanbul (Turkey)
  - Auckland (New Zealand)
  - Montréal (Canada)
- **Enhanced Networks** Enhanced Networks is now available in US,EU, and AU data residencies and on-demand in India (IN). This feature provides:
  - Higher network scale
  - Improved resilience
  - Simplified networks and tunnels management

For more information, see [Enhanced Network](https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SASE-Admin-Guide/Content/Topics-SASE-AG/Networks/Enhanced-Network.htm).
- **DLP Enhancements** Data Loss Prevention (DLP) now includes:
  - Data Type Manager – Browse built-in data types (such as PII and payment data) and create custom data types. **Minimum agent version required**:

Windows and macOS: 11.7
  - Services column in the DLP policy – Configure more granular DLP rules for web categories, custom URLs, applications.
  - Apply DLP policy on downloaded files.

For more information, see [Data Loss Prevention](https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SASE-Admin-Guide/Content/Topics-SASE-AG/Data-Loss-Prevention/DataLossPrevention.htm).
- **Okta SCIM App – Regional Support Expansion** Check Point SASE’s Okta application (SCIM integration) now supports **India (IN)** and **Australia (AU)** regions. Customers whose SASE tenant resides in these regions can connect their Okta IDP (with SCIM enabled) using the built-in Okta app.
- **Web Categories – New Gen AI Category** A new **URL Filtering (URLF) Gen AI** web category is now available. This category:
  - Supports all policies that allow categories selection (Access, Bypass, DLP)
  - Provides visibility for generative‑AI destinations

### Enhancements

- **Internet Access Rules – UX Improvements** Improvements to Internet Access policy management aimed at large enterprise rule sets, including:
  - Safer defaults to reduce new rule misconfiguration
  - Faster access to detailed rule view (quick access / one-click view)
  - Easier management of large selectors
- **Trusted Networks – Certificate Validation Hardening** Trusted Networks configuration has been strengthened by removing the option to skip certificate validation, reducing risk from weak or misconfigured trust settings.