What's new?

Improved DOC design and user interface

The DriveLock Operations Center features a new structure and look & feel as well. Based on the DriveLock modules, the menu structure allows quick entry and reflects the Critical Security Controls (CSC), providing measures targeted at better protection against attacks. Tabs along the top provide a clear overview and forward-looking expandability.

Improved management of Security Awareness Campaigns

It is now much easier to create, manage, and evaluate security awareness campaigns featuring clear objectives, content, start and end dates, and targeted recipients. An audit trail feature helps track campaign results and historical trends during security audits. With the appropriate role assigned, staff departments can manage campaigns independently from within the DOC and can roll out focused content to other departments by means of the new user groups.

Advanced features for BitLocker and BitLocker To Go

DriveLock has made it even easier to take over and replace managed BitLocker environments. During re-provisioning, DriveLock takes over any existing data partitions. External media (e.g. USB flash drives) that are already encrypted with BitLocker To Go can now be taken over and managed by DriveLock without having to be re-encrypted. In addition, DriveLock is capable of reading blocked storage media and data partitions that are connected externally, even if there is no DriveLock Agent on them or the original assignment to an endpoint is unknown. All use cases meet the highest security standards.

Universal drive rules across all operating systems

The DOC is now able to support all operating systems with just a single drive rule. DriveLock Agents on Windows, Linux and macOS now support the hardware ID as a drive criterion. It can now also be combined with serial number in drive collections. This leads to a faster centralized management for heterogeneous endpoints with only one drive configuration.

Advanced Bluetooth device management

Improved Bluetooth device management lets administrators control Bluetooth devices as easily as they control other technologies. They can create rules, like blocking keyboards but allowing mice, controlling devices based on device type or manufacturer, and managing Bluetooth classes and services. This makes configuration easier and eliminates complexity. It all adds up to an optimized Bluetooth device management solution in just a few steps.

Mac agent with proxy support

The DriveLock macOS Agent now provides proxy support essential for deployment in enterprise environments, whether through automatic configuration via PAC/WPAD or manual configuration options. In addition, protocol-specific proxy support ensures compatibility and secure communication for HTTP(S), SOAP, and MQTT protocols, meeting the unique requirements of each protocol.

Cross-domain endpoint management

Dynamic groups can now filter based on the computer's distinguished name (DN) and the DN of the groups the computer is a member of. This makes it easier to manage complex directory infrastructures when computers are accessible across their directory service's scope.

Secure password management for temporary local administrator accounts

The Configuration Management module features managing local user accounts, including temporary local admin accounts that have automatically generated and secure passwords available for change on a daily basis. Now helpdesk users can view and supply end users with the current (daily) local admin password in the DOC. Same applies to the password history. For example, this is useful when a virtual machine is restored to a previous snapshot and the password in effect at that time is needed. To perform this task, the help desk needs a corresponding role and permissions in the DOC, while existing customers must first store a certificate in the DOC. This takes the capabilities beyond those of Microsoft LAPS (Local Administrator Password Solution).

Enforce complex password requirements for DOC accounts

Cloud customers can now configure a password policy that meets their security requirements. Complex password rules can be enforced for DOC accounts that do not use single sign-on (SSO), plus they can prevent reuse of recent passwords.

Working with user groups

Similar to creating computer groups, it is now also possible to configure static user groups. They are especially convenient for assigning and controlling how security awareness campaigns are executed. In addition, you can use them in policies in all user lists where you could previously use Azure AD groups.

Optimized Azure AD synchronization

This only applies to cloud customers. Synchronization between DriveLock and Azure AD has been streamlined to only those groups relevant to the DriveLock environment while also speeding up the process.

After the update, Azure AD synchronization will be disabled. In order to reactivate synchronization, you will need to select the groups you want to synchronize. Groups that have already been synchronized will remain in the DriveLock database, but will no longer be updated unless they are selected again.

E-mail notification for specific events

The DriveLock platform now features an email notification channel. Critical events, such as virus detection, will be communicated. This allows for more effective monitoring and response to security incidents, while avoiding email inbox overload. The ability to integrate additional communication channels in the future provides additional value and flexibility for notification of important events.

Windows 7 Legacy Support

As of version 2023.1, DriveLock supports Windows 7 endpoints only with a paid Legacy/Extended Support license. Organizations will be notified of this in the DOC.

Windows XP