January

  • Published on Feb 2, 2026
  • 1 minute(s) read
  • k
 Prev Next

Early Availability

  • Firewall Logging Granularity

    Administrators can now configure logging per firewall rule, enabling logs for both Allowed and Blocked rules. This provides deeper visibility and improved troubleshooting of firewall policies.

    Notes:

    • New customers automatically receive firewall logging granularity.

    • Existing customers without firewall logging enabled can now enable it with granularity.

    • Firewall logging is not supported for gateways created in the past with one CPU.

    • Firewall logging granularity requires coordination with support engineer for deployment.

New Features

  • Granular Role Support for MSSP Parent Users – General Availability (GA)

    The Infinity Portal now supports granular SASE service roles for MSSP Parent users, expanding beyond the previous admin-only model. MSSPs can assign roles directly or via Infinity User Groups, enabling least-privilege access and clearer separation of duties. Supported roles include:

    • Security Manager

    • Network Manager

    • User Manager

    • Admin

  • Infinity Audits for SASE – General Availability (GA)

    Harmony SASE now integrates with Infinity Audits, making member activity and administrator actions visible directly in the Infinity Portal.

    When Infinity Event Forwarding is enabled, these audit events are also exported to your SIEM alongside other security events.

  • SCIM Sync User Duplication Prevention with Entra ID – General Availability (GA)

    Enhanced SCIM mapping for Azure / Entra ID allows Harmony SASE to consistently identify users using the Entra ID unique identifier during provisioning and login.

    This ensures that changes to user attributes such as email or UPN do not result in duplicate user records. As a result, existing access and group memberships are preserved, providing more reliable SSO behavior and reducing operational overhead for teams managing Entra ID–based environments.

Enhancements

  • Idle Member Automatic Sign-Out

    Administrators can now automatically sign out users from idle or unattended devices, reducing exposure from inactive sessions and strengthening endpoint security.

  • Device Posture Check – Certificate Issuer & Root CA Validation

    Device Posture Check (DPC) now includes an additional validation for device certificates, verifying the certificate issuer, validity, and matching private key. This strengthens device trust and compliance posture.

  • Agent Reset Button Control

    Administrators can now control whether the Reset Agent button is visible to end users, helping prevent accidental resets and improving manageability in controlled environments.