Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
Products
Adam Listek
Adam Listek

As an IT specialist with over 20 years in the industry, I work hard to stay up to date on new and emerging technologies. Having worked in diverse fields from healthcare to higher education, I love new challenges and creating in-depth content to share with the world!

Devolutions pam 2024.3 release

What’s new in Devolutions PAM 2024.3

Summary

The Devolutions PAM 2024.3 update introduces enhanced features like automatic check-in of accounts upon session close, remote AnyIdentity provider functionality, and more flexible PAM usage policies to improve security and operational control.

Table of Contents

We’re excited to introduce the latest version of Devolutions PAM, our last major update of the year: version 2024.3! This update brings several powerful new features designed to enhance security and flexibility, making it easier to manage privileged accounts across various systems. Let’s dive into what’s new and how these changes can streamline your workflows.

Manage local accounts with Active Directory provider

Local Windows accounts on computers are enticing targets for threat actors. More than just local Administrator accounts, local Windows accounts are sometimes required for running applications and services. To protect these accounts, Devolutions PAM has extended the capabilities of the Active Directory AnyIdentity provider to optionally include computers in its scans.

By including these computers, Devolutions Server through the PAM module can automatically manage the local Administrator account by default, or manage any combination of local Windows accounts that you choose. With Devolutions PAM managing these local Windows accounts, passwords can be reset on demand, keeping your systems even more secure!


Check in PAM accounts automatically upon session close

Devolutions PAM enables efficient checking out of privileged accounts for specific time periods, reducing the need for multiple check-outs — especially when dealing with complex issues that can’t be resolved in a single remote session.

If you have a PAM account directly associated with a remote session and you want the PAM account to check in when the session is closed, you now have the option to do so! On a per-user basis, you can choose whether you want to be always prompted to check in, automatically check in, or opt out of automatic check-ins altogether.


Run AnyIdentity providers remotely

Until now, AnyIdentity providers operated using an embedded PowerShell 7 stack inside Devolutions Server. Though this has advantages, the need for greater control often calls for the flexibility of running AnyIdentity providers remotely via WinRM.

With the latest update to Devolutions Server, you can now define the remote host with custom credentials against which to run the AnyIdentity provider. Additionally, you can target a specific PowerShell environment by setting the configuration name, typically PowerShell.7 or Microsoft.PowerShell (Windows PowerShell 5.1).


Remotely running an AnyIdentity provider via winrm and over a Devolutions Gateway instance
Remotely running an AnyIdentity provider via winrm and over a Devolutions Gateway instance

Allow AnyIdentity providers to use Devolutions Gateway

As shown above, with the new remote AnyIdentity provider ability, you may need to run a provider in a remote network segment protected by Devolutions Gateway. You can now define a Devolutions Gateway instance to run AnyIdentity through.

Configure additional entry types in the PAM usage policy

Under Administration > Privileged access > Usage policies, you’ll find options to define where you can use PAM accounts. A PAM account may be linked to RDP or SSH sessions by default, but you may not want to limit usage. You can quickly toggle usage policies on and off, limiting PAM account usage.


Configuring PAM usage policies or turning them off altogether
Configuring PAM usage policies or turning them off altogether

Use application identities through the Devolutions.PowerShell module

Application identities help you to automate operations against Devolutions Server and offer ways to integrate with custom applications. Previously, the Devolutions.PowerShell module required authentication via a named user. Now, you can use an application identity to authenticate to Devolutions Server using the Devolutions.PowerShell module for even more flexibility!


Connecting via an application identity in Devolutions.PowerShell
Connecting via an application identity in Devolutions.PowerShell

Tell us what you think

We’d love to hear your thoughts on the new features in Devolutions PAM 2024.3! How do these updates affect your day-to-day operations? Have you found any particular feature especially useful? Share your feedback with us in the comments section below or on our forum, and let us know how we can continue to enhance your experience.

About Devolutions PAM

Easy to implement and scalable, Devolutions PAM is the ideal privileged access management (PAM) solution for small to medium-sized businesses (SMBs) looking to enhance their security posture while maintaining operational efficiency. Designed to protect, control, and monitor access to critical assets within any IT infrastructure, Devolutions PAM provides a powerful set of tools for managing privileged credentials and sessions, offering deep security, visibility, and accountability across the enterprise. Available as a module for Devolutions Server or Devolutions Hub Business and as a seamless integration with Remote Desktop Manager, Devolutions PAM ensures robust access control, mitigates privileged account risks, and secures remote sessions — all while being sensibly priced for SMBs.

Request a demo today.

Related Posts

Read more Products posts