We’re excited to introduce the latest version of Devolutions PAM, our last major update of the year: version 2024.3! This update brings several powerful new features designed to enhance security and flexibility, making it easier to manage privileged accounts across various systems. Let’s dive into what’s new and how these changes can streamline your workflows.
Manage local accounts with Active Directory provider
Local Windows accounts on computers are enticing targets for threat actors. More than just local Administrator accounts, local Windows accounts are sometimes required for running applications and services. To protect these accounts, Devolutions PAM has extended the capabilities of the Active Directory AnyIdentity provider to optionally include computers in its scans.
By including these computers, Devolutions Server through the PAM module can automatically manage the local Administrator account by default, or manage any combination of local Windows accounts that you choose. With Devolutions PAM managing these local Windows accounts, passwords can be reset on demand, keeping your systems even more secure!
Check in PAM accounts automatically upon session close
Devolutions PAM enables efficient checking out of privileged accounts for specific time periods, reducing the need for multiple check-outs — especially when dealing with complex issues that can’t be resolved in a single remote session.
If you have a PAM account directly associated with a remote session and you want the PAM account to check in when the session is closed, you now have the option to do so! On a per-user basis, you can choose whether you want to be always prompted to check in, automatically check in, or opt out of automatic check-ins altogether.
Run AnyIdentity providers remotely
Until now, AnyIdentity providers operated using an embedded PowerShell 7 stack inside Devolutions Server. Though this has advantages, the need for greater control often calls for the flexibility of running AnyIdentity providers remotely via WinRM.
With the latest update to Devolutions Server, you can now define the remote host with custom credentials against which to run the AnyIdentity provider. Additionally, you can target a specific PowerShell environment by setting the configuration name, typically PowerShell.7
or Microsoft.PowerShell
(Windows PowerShell 5.1).
Allow AnyIdentity providers to use Devolutions Gateway
As shown above, with the new remote AnyIdentity provider ability, you may need to run a provider in a remote network segment protected by Devolutions Gateway. You can now define a Devolutions Gateway instance to run AnyIdentity through.
Configure additional entry types in the PAM usage policy
Under Administration > Privileged access > Usage policies, you’ll find options to define where you can use PAM accounts. A PAM account may be linked to RDP or SSH sessions by default, but you may not want to limit usage. You can quickly toggle usage policies on and off, limiting PAM account usage.
Use application identities through the Devolutions.PowerShell module
Application identities help you to automate operations against Devolutions Server and offer ways to integrate with custom applications. Previously, the Devolutions.PowerShell
module required authentication via a named user. Now, you can use an application identity to authenticate to Devolutions Server using the Devolutions.PowerShell
module for even more flexibility!
Tell us what you think
We’d love to hear your thoughts on the new features in Devolutions PAM 2024.3! How do these updates affect your day-to-day operations? Have you found any particular feature especially useful? Share your feedback with us in the comments section below or on our forum, and let us know how we can continue to enhance your experience.
About Devolutions PAM
Easy to implement and scalable, Devolutions PAM is the ideal privileged access management (PAM) solution for small to medium-sized businesses (SMBs) looking to enhance their security posture while maintaining operational efficiency. Designed to protect, control, and monitor access to critical assets within any IT infrastructure, Devolutions PAM provides a powerful set of tools for managing privileged credentials and sessions, offering deep security, visibility, and accountability across the enterprise. Available as a module for Devolutions Server or Devolutions Hub Business and as a seamless integration with Remote Desktop Manager, Devolutions PAM ensures robust access control, mitigates privileged account risks, and secures remote sessions — all while being sensibly priced for SMBs.