Release notes

This article is your go to resource to learn about new Datto SaaS Defense features, product enhancements, and application fixes. Tracking of this information starts in November 2021.

Enhancements

  • The modals across the product have been redesigned for a cleaner, consistent appearance.
  • Tooltips have been added to the Seats Management section for each service.
  • Overall infrastructure of the product has been enhanced.

Fixes

Bugs related to the product's pagination component have been fixed.

Enhancements

Improved Policies page load performance

The Policies page loads much quicker now. The page would take minutes to load for some users but now loads within a few seconds.

Fixes

Several minor bug fixes have been completed during the past couple of months that enhance product performance.

Fixes

When downloading a scan summary in Firefox, the resulting PDF did not include any content. This issue has been resolved.

Enhancement

Improved Dashboard load performance

The load performance of the Dashboard page has been improved.

Fixes

Several minor bug fixes have been completed.

Enhancement

Cards improved and standardized

All cards in the product have been improved and standardized so they look the same as in all Kaseya products.

Enhancement

Input improved and standardized

All input fields in the product have been improved and standardized so they look the same as in all Kaseya products.

Enhancement

Icons and typography improved and standardized

All icons and typography (fonts, letter spacing, etc.) in the product have been improved and standardized so they look the same as in all Kaseya products.

Fix

A bug on the Clients page has been fixed.

Enhancement

Header improved and standardized

The product header has been improved and standardized so it looks the same as in all Kaseya products.

Enhancement

Buttons and banners improved and standardized

All buttons and banners in the product have been improved and standardized so they look the same as in all Kaseya products.

Enhancement

Add policy trigger values using a CSV file

Now you can upload a CSV file when creating or editing a policy. This provides a quick way to configure a policy with multiple trigger values. You can upload a CSV file when creating email or link policies.

For more information, see the article Creating new policies.

Enhancement

New Policies page

A new Policies page has been created that makes working with client rules, referred to as policies, much easier.

The benefits of this new page include the following:

  • Access to policy functionality is now more convenient. You no longer have to navigate multiple screens and options to work with a policy.
  • The Policies table provides a quick way to review your policies and make edits when necessary.
  • The steps for creating a new policy have been streamlined, making it easier.

For more information about policies and the Policies page, see the article Understanding policies. To create new policies, refer to the article Creating new policies.

NOTE  Your existing email, file, and URL policies have already been migrated and are listed in the Policies table.

Datto SaaS Defense rebranding

The Datto SaaS Defense application color scheme has been updated. The colors of the user interface elements are now based on a purple color palette instead of blue, as shown in this Dashboard page example.

The color change also applies to the onboarding product walk-throughs available on each page of the application. Elements such as splash screens and buttons that were blue are now purple.

Also, the application images in the Help system have been updated with the new purple color scheme.

New feature

New SPF record test feature

The daily SPF record test always fails for clients whose SPF record is misconfigured or is in its default state. As a result, SaaS Defense treats each email sent by the client's domain as a malicious threat even though the emails may be legitimate.

Now, when a daily SPF record test fails due to a misconfigured or default SPF record, SaaS Defense will automatically add the domain to the client's Check SPF Spoofing per Domain configuration in the disabled mode. SaaS Defense will not verify the domain until the SPF record is corrected and passes the next daily test. The client's Check SPF Spoofing per Domain configuration will automatically reactivate at that time.

For more information, see the article Check SPF Spoofing per Domain configuration.

Reminder - New demonstration videos: Analyzing security threats

In this new video series, we access various Malicious page records and analyze the tests Datto SaaS Defense performed that determined the record content was a security threat.

The Video demonstrations are available on the Additional resources page in the Online Help System.

New demonstration videos: Analyzing security threats

In this new video series, we access various Malicious page records and analyze the tests Datto SaaS Defense performed that determined the record content was a security threat.

The Video demonstrations are available on the Additional resources page in the Online Help System.

Notifications page retired in portal.bitdam.com

The Notifications page in portal.bitdam.com, the old dashboard, has been retired due to technical circumstances. The Notifications page is available in the current dashboard, partner.bitdam.com.

However, administrators using the old dashboard do not have permissions to access the current dashboard. Permissions will be implemented in the near future. In the meantime, administrators attempting to access the retired Notifications page will be presented with a message indicating the page is unavailable and that the issue is being addressed.

Your existing notifications will not be affected.

Overview page retired

As a reminder, the Overview page was retired on July 3, 2022. SaaS Defense has fully transitioned to the Dashboard page. For information about using the Dashboard page, refer to the article Datto SaaS Defense Dashboard.

Enhancements

Feature Description
New Dashboard The new Dashboard allows you to quickly track your environment's product usage and effectively monitor threat prevention activity within your organization.

It will replace the current Overview and provides a more useful and meaningful visual display of your organization's key platform information.

It includes six widgets (sections): Prevented Threats, Protected Email Accounts, End User Reports, Total Threats, Most Attacked Seats, and Scans Traffic.

Each widget indicates its total number of instances based on the clients and time period you select.

Some widgets include the View All link that provides access to the SaaS Defense page associated with the widget. This allows you to review and work with only the individual records for which the widget's total number is calculated.

The Overview page is still available temporarily by clicking Switch to the old Overview. However, if you switch back to the new Dashboard page, you cannot go to the Overview page again. SaaS Defense will fully transition to the new Dashboard by the end of Q2 2022.

Refer to the article Datto SaaS Defense Dashboard.
Improved Email Threat Report The Email Threat Report is more comprehensive and easier to understand. The prevention mode and monitoring mode versions of the report now:
  • Clearly identify the time period for which the information applies.
  • Summarize the total number of threats blocked or flagged for each threat type during the report time period.
  • Include separate spam, malicious, and phishing email sections. Each section lists the specific emails blocked or flagged for that threat type.
  • Provide the specific reason the email was blocked or flagged.
  • Clearly describe the result of clicking Release to Inbox and I think it's safe.

Refer to the article Configuring the Email Threat Report.
Search user inbox address on the Malicious page A new search box has been added to the Malicious page toolbar. By entering a valid user inbox email address, you can search for and display only the threat records for the email address you entered. This search applies to the Exchange 365 and OneDrive services only.

Refer to the article Analyzing threats on the Malicious page.

Scanning Shared mailboxes

 Shared mailboxes are now being scanned by Datto SaaS Defense. The Shared seat type has been added to the Exchange 365 configuration page and shows the number of end users with a licensed shared mailbox.

Refer to the article Accessing service seat information.

Enhancements

Feature Description
Live Search Instead of using the Live Search page just to find emails you need to quarantine, the functionality has been expanded to allow you to search your clients' Exchange 365 mailboxes for any reason.

For example, maybe you want to verify the emails approved by SaaS Defense for a certain client. Or, perhaps you'd like to analyze only the emails of clients who have been targets of a specific attack.

Also, now you can access an email's Verdicts & Info pane to investigate the email further. This pane is identical to the Verdicts & Info pane accessed from the Malicious page and provides the same details and functionality, such as the ability to quickly quarantine or release individual emails.

Refer to the article Performing a live email search.
Spam Trials Excludes allowlist The sender's email address is now automatically added to the client's Spam Trials Excludes allowlist when an end user does one of the following:
  • Releases a spam email via the Email Threat Report
  • Uses the Outlook add-in to report an email was incorrectly classified as spam

Any future spam emails from this sender will be received by the client's users.

New Features

Email banners

A set of email banners has been created to convey important information about certain emails received by the end user. A banner appears at the top of the email body and includes a color coded icon to convey the level of concern about the email's contents. Banners apply to emails in the following categories and each includes an example:

  • Informative: (Gray icon) Datto SaaS Defense determines there is nothing suspicious or malicious about the email. However, the email was sent from outside the end user's organization and therefore, the end user should use caution when interacting with the email.


  • Warning: (Yellow icon) Datto SaaS Defense determines one of the email's elements is listed in the organization's restricted list policy or determines the email is spam. The end user should use caution when interacting with the email.


  • Incriminating: (Red icon) Datto SaaS Defense determines the email contains a malicious file or link. The end user should not open files or click links within the email.

IMPORTANT  To use the banners feature, you need to configure an Email Banners rule. When doing so, you select the specific banner categories, Informative, Warning, or Incriminating, for which a banner will appear within your end users' emails. Refer to the article Configuring email and URL rules.

System updates

A new pop-up feature has been added to notify you when a new version of the application is available. Click Reload to refresh your browser and update to the latest version. You can do so at your convenience. The notification will stay on-screen until your browser has been refreshed.

Enhancements

Feature Description
Allow spam emails from specified domains The Spam Trials Excludes configuration now allows you to specify domains from which spam emails are allowed to be received. This is in addition to the ability to specify email addresses.

Note that a regex (a text string pattern) cannot be used to configure a Spam Trials Excludes rule.

Refer to the article Configuring spam control rules.
Selecting records on the Live Search and Malicious pages Functionality has been changed to make it easier to select records on the Live Search and Malicious pages. The checkbox column is now permanently visible so you can select the desired records (no longer hover over the first column to make the checkbox appear).

Refer to the articles Performing a live email search and Analyzing threats on the Malicious page.

Tips

The Permitted Email Headers rule is often used when you want to conduct an email phishing test with your client end users. When entering the Header information for the rule, include only the name of the element, for example Errors-to. Do not include a colon after the header name. In the Value field, enter the header criteria, for example, abc@test.com.

Refer to the article Configuring email and URL rules.

Enhancement

With the Spam Trials Excludes configuration, now you can specify email addresses from which spam emails are allowed to be received. While Datto SaaS Defense normally blocks email identified as spam, it allows those sent from addresses that you have included on the Spam Trials Excludes allowlist. Refer to the Configuring spam control rules article.

New articles

  • Spam related information is now available in the Configuring spam control rules article. It includes details for the Spam Trial Threshold and Spam Trials Excludes configurations.
  • The File types supported article describes each file type Datto SaaS Defense supports and identifies the type of scan performed for each.

IMPORTANT  The Creating an SPF record article is now available. An SPF record plays a critical role in preventing spam and phishing attacks. The article includes instructions for creating an SPF record and stresses the importance that you and your clients do so. It is very important that you provide your clients with this article.

Enhancements

Feature Description
Global configurations A new Global Configurations rule section has been added on the Clients page's Configurations page. Now you can create and apply rules to all of your clients at once.

Your existing rules remain active and are now accessible in the Account Configurations section on the Configurations page.

Account configuration rules override global configuration rules. Therefore, you can apply custom configurations to individual clients.

Refer to the article Configuring global policies.
New email configuration rules Three new email configuration rules have been added:

  • Use SPF in Spoof Trial: An SPF record identifies a domain's list of servers that are authorized to send emails. The Use SPF in Spoof Trial configuration controls whether SaaS Defense accesses the SPF record of the email sender's domain.

    When activated, SaaS Defense verifies the authorization status of the sending email server: allowing emails sent by authorized servers and blocking emails sent by unauthorized servers.
    Refer to the article Configuring email and URL rules.

  • Spam Trial Threshold: SaaS Defense applies many scoring rules in determining whether an email is spam. The default threshold value is seven.

    With the Spam Trial Threshold configuration, you can block more spam by lowering the threshold value and block less spam by increasing the threshold value.
    Refer to the article Configuring email and URL rules.

  • Rewrite Exclusions: If a client requests that certain end users be excluded from the Rewrite Body Urls functionality, you can do so by configuring a Rewrite Exclusions rule.
    Refer to the article Configuring the Rewrite Body Urls rule.

Enhancements

Feature Description
Email Threat Report When configuring a Users Report Configuration rule, you can now elect to have emails SaaS Defense has identified as spam included in the Email Threat Report.

Refer to the article Configuring the Email Threat Report.
New Events page action Now you can quarantine an email directly from the Events page. When doing so, an auto-generated email is sent to the end user indicating the email identified in the incident report has been quarantined.

Refer to the article Reviewing an incident report on the Events page.
Lucky Meter The Lucky Meter service is designed to be used temporarily and therefore, becomes unavailable for a client when one of the following usage thresholds is reached:
  • The service has been active for the client for 60 days.
  • The number of email attacks received by the client reaches 300.

Features have been added to notify you when a client has reached one of the usage limits. Also, you can monitor a client's current service activity as it relates to the thresholds.

Refer to the article Using the Lucky Meter.

New Features

Replace Body on Block

The Replace Body on Block functionality enables Datto Saas Defense to replace the entire body content of a malicious email with a stub file. The advantage of configuring this option for your clients is that malicious links included in an email are removed and not accessible by end users.

You configure this feature on the client's Configurations page in the Integrations section.

Refer to the article Configuring the Replace Body on Block rule.

Enhancements

Feature Description
New Events page actions Now you can perform the following actions for a report listed on the Events page:
  • Temporarily block (for three days) emails sent by the address indicated in the From field. This allows you to investigate and determine whether to configure a rule placing the sender on a blocklist.
  • Automatically perform a live search using the From address so you can quickly quarantine emails from the sender.

Refer to the article Reviewing an incident report on the Events page.
Performing a live email search Instead of performing a search based on one date only, now you can specify a date range of up to three days in your search criteria.

Refer to the article Performing a live email search.

New Features

Rewrite Body Urls

The Rewrite Body Urls functionality enables Datto Saas Defense to scan URLs included in the body of an Exchange 365 email and verify the validity of the intended site.

With the Rewrite Body Urls option enabled, when an end user clicks a URL within an Exchange 365 email, Datto Saas Defense scans the link. If the link is not suspicious, the end user is allowed access to the web page. However, if the link is suspicious, the end user is not allowed access. Instead, a web page is displayed indicating access to the site has been blocked because the site is malicious.

To configure the Rewrite Body Urls option, refer to the article Configuring the Rewrite Body Urls rule.

Enhancements

Feature Description
Adding a notification Two new types of notifications can be added. In addition to Malicious, the Type options include:
  • Malicious Email Read by User: To receive notifications when an end user has read a malicious email.
  • Notification on Reported Email: To receive notifications when an end user has reported a threat incident using the Datto SaaS Defense Report Threat application.

Refer to the article Adding a notification on the Notifications page.

New Features

Live Search

Using the new Live Search feature, you can quickly search for and quarantine malicious emails you think Datto SaaS Defense may have missed. The feature enables you to search for multiple email threats received by client end users that either have the same subject field contents or were sent from the same email address.

With View mode, you can group emails with matching Client, Subject, and From information into one record (one row) and quarantine each email in the group at the same time.

Refer to the article Performing a live email search.

Enhancements

Feature Description
Creating allowlists and blocklists Now you can upload a comma-separated values (CSV) file to automatically configure multiple email rules at once. A rule is automatically created for each email address listed in the file. The CSV file must be properly formatted for the rules to be configured correctly.

Refer to the article Configuring email and URL rules.
Creating a report The Detection Summary Report has been renamed Malicious Report. It includes more detail such as the percentage of attacks that were BEC, phishing, and BEC phishing. The Detection Report has been renamed Detection Summary (CSV version of the Malicious Report).

Refer to the article Creating reports on the Reports page.

New Features

Email Threat Report

With the Email Threat Report, you can automatically email a customized threat report to each client end user at specified intervals. The report lists the malicious email threats intended for the end user's inbox that Datto SaaS Defense has quarantined. The purpose of the report is to regularly notify the end user of the emails that have been quarantined for that end user.

The report enables the end user to, if appropriate, release an email identified as spam or to indicate when an email should not have been quarantined (by clicking I think its safe in the example below). This achieves two goals: It notifies you to release the email to the intended recipient's inbox and it provides valuable information for improving the product's threat detection techniques.

On each client's Configurations page, you set the Users Report Configuration option to indicate the frequency (Hourly, Daily, Weekly) for which the Email Threat Report is sent to the client. You can use the Users Report Excludes option to enter email addresses of end users who should not be sent an Email Threat Report.

Refer to the article Configuring the Email Threat Report.

Weekly Traffic chart

On the Clients page, each Microsoft 365 service page now includes a Weekly Traffic chart showing the total number of scans that have been performed on the service's content for the week. In this example, 258,161 scans were conducted on the client's Exchange 365 service. You can hover over various points on the chart to view the scan total for a particular day.

Refer to the article Accessing service seat information.

Enhancements

Feature Description
Creating allowlists and blocklists More options have been added for configuring a Restricted Emails Rule (blocklist) or Permitted Emails Rule (allowlist).
Now you can configure a rule:
  • applying to an entire domain.
  • requiring only one of the following: From Address, Return Path Address, To Address.
  • allowing emails based on email header parameters.

Refer to the article Configuring email and URL rules.
Seat management information A seat type has been identified for each Microsoft 365 service to indicate that an end user has a license for the specific service. A seat type button has been added to filter the end user data to show only those users that have a license for the specific service.

Refer to the article Accessing service seat information
Datto SaaS Defense Report Threat When an end user submits a report identifying an email that should have been quarantined by Datto SaaS Defense, but wasn't, the email is automatically addressed per the client's operating mode (i.e., prevention, monitoring).