Documentation forAccess Rights Manager

Access Rights Manager 2022.4 Release Notes

 

Release date: November 2022 (major release)

This document was last updated on: November 21, 2022

 

Download a translated PDF: ARM 2022.4 Release Notes (Versionshinweise, deutsch)

These release notes describe the new features, improvements, and fixed issues in Access Rights Manager 2022.4. They also provide information about upgrades and describe known issues.

If you are looking for previous release notes for Access Rights Manager, see Previous Version documentation.

 

New features and improvements in ARM

Creation of Azure Active Directory guest accounts

With ARM, accounts can now be created in AAD with external email addresses. This facilitates collaboration, e.g. with Teams and OneDrive, with external or freelance employees and companies.

An additional permission must be added for this purpose for the app registration in the preparation of the Microsoft 365 environment:

  • User.Invite.All

For more information, see the Administrator Guide in the chapter "Create an Azure AD guest invitation".

 

Recertification of Azure Active Directory (AAD) group memberships

AAD group memberships can now be included in the recertification with the new version. Since many authorizations can be controlled through group memberships in AAD, e.g. teams channels, this new feature significantly expands the scope of authorization reviews.

To use the new functionality after upgrading from previous ARM versions, an AAD scan must first be successfully completed with the new version and then the ARM service must be restarted.

 

Enhancement of Exchange Online configuration

ARM can now access Exchange Online via a registered application (Application ID and Thumbprint). This new method of authentication (Modern Authentication) is now recommended. Microsoft has already announced that the basic authentication method and EWS will soon no longer be supported by Exchange Online.

To set up, follow all the steps in the appendix of the following Microsoft "App-only authentication for unattended scripts" guide (© 2022 Microsoft, https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-azure-ad, obtained October 12, 2022). With the setup you get an application ID and a thumbprint, which you then use as user name and password during the configuration in ARM.

ARM version 2022.4 eliminates the need to set up impersonation for Exchange Online using Exchange Web Services (EWS).

For more information, see the Administrator Guide in the chapter "Prepare Exchange resources".

Please note: For customers who want to switch to modern authentication after upgrading to the new ARM version, the recommended method is to create a new configuration and delete the old one or disable the scanning schedule. If you want to continue using the old configuration, the organization used for modern authentication must match the previous domain (the part of the previous username after the "@"). Otherwise, a known issue will occur.

 

Configuration improvements

In the configuration application, the input fields for the access data are now labeled resource-specific and there is a link to the corresponding help in the documentation. This facilitates the configuration of resources.

 

New view of accounts in the web client

The display of accounts and actions for accounts in the web client has been redesigned to follow the look and feel of SolarWinds. In addition to accounts from Active Directory (on-premise), accounts from other resources, for example Azure Active Directory or SharePoint, can now be displayed and actions can be performed on the accounts.

Improved security

For encrypted communication between ARM server and ARM collectors, the certificates used can now be displayed and approved. ARM can be configured to allow only connections with approved certificates. Connections without approved certificates are displayed as a warning in the ARM Health Check.

For more information, see the Administrator Guide in the chapter "Verify collector connection status and collector certificates".

 

Interaction with SolarWinds Hybrid Cloud Observability (HCO)

Key data from Access Rights Manager, such as ratings from the Risk Assessment Dashboard and current information about Active Directory, are now configurable as widgets in the HCO dashboards.

 

SQL Express for ARM Express Installation

SQL Express is no longer included in the ARM download package. For the ARM Express installation, you can use the SQL Express download link included in the installation wizard or, if the desired server does not have an Internet connection, use a locally stored installation package of SQL Express.

 


New customer installation

Return to top

ARM and SolarWinds platform or Orion Platform products must be installed on separate servers. Note that ARM is not a SolarWinds platform or Orion Platform product.

For information about installing Access Rights Manager see the "ARM Installation Guide" from the Success Center.

How to upgrade

If you are upgrading from a previous version, please refer to the chapter "Perform an update installation" from the Success Center.

As of version 2020.2, the ARM server has been renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.

 


Fixed issues

Return to top

ARM 2022.4

Case Number Description
983096 In large environments, long loading times could occur due to the AD Loggas being switched on/off.
997613 Due to excessive memory consumption during a SharePoint scan, it could happen that the scan could not be completed.
988088 The display of the date in the dashboard of the web client is now correct.
461175, 992823 A data owner can no longer perform actions in the Accounts view of the Rich Client that are outside of their assigned scope.
1145902, 1168799, 1106224 Fixed an issue where the AD Logga did not start correctly.
1141609 Azure AD group memberships are now read completely.
1073510 For events reported by ARM to SysLog servers, the encoding can be set.
1044952 It is now possible to accept deviations from the department profile even if no group membership has been defined in the profile.
1010624 An issue where users in non-trusted domains could not be found has been fixed.
1078285 The configuration of the directories for which orders are to be prevented works correctly again.
1071886 Fixed an issue that could occur when changing AAD accounts.
1018159, 1026158 An error could occur when executing scripts if $ProgressPreference = "SilentlyContinue" was not set. The provided sample scripts have been supplemented.
1020280 When executing scripts for alarms, single parameters can be processed (When running scripts on alerts, individual parameters can be passed).
948350, 949355, 1176706 The handling when scanning multiple paths in the DFS structure has been corrected.
1009591 Changing the AD attribute Description now also works in the web client.
366312, 1181685 The password options in the templates now work correctly.

 

 


Known issues

Return to top

User-defined templates
Issue: When using user-defined templates, AccountSearchTextField does not work for manager assignment.
Resolution/Work-around: Use a standard input field or, if possible, a drop-down menu.
Updating FS Logga components on Windows file servers
Issue: In some cases, automatic or manual updating of FS-Logga components on Windows file servers may fail.
Resolution/Work-around: Start the setup on the Windows file server and select the Repair option. The repair function removes the installation and reinstalls the components.
Active Directory accounts not resolved
Issue: In some cases, new installations may experience Active Directory scanning issues when scanning through a collector or ARM server installed on a domain controller (DC). This can result in AD accounts not resolving correctly under these conditions. Existing installations are not affected.
Resolution/Work-around: Install the ARM server or collector service on a different server, not on DCs.

 


End of life

Return to top

With the release of ARM version 2022.4, the following versions of ARM are no longer supported:

  • ARM 2020.2

 

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

 


End of support

Return to top

This version of Access Rights Manager no longer supports the following platforms and features.

Typ Details
Operating system

NetApp 7mode

 


Deprecation notices

Return to top

This version of Access Rights Manager deprecates the following platforms and features.

Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.

Type Deprecation
Exchange 2013

Exchange 2013 is considered deprecated as of ARM version 2022.4 Although you can still use ARM up to version 2022.4 with Exchange 2013, this Exchange version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated Exchange version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

SharePoint 2013 SharePoint 2013 is considered deprecated as of this version. Although you can still use ARM with SharePoint 2013, this version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated SharePoint version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.

 


Legal notices

Return to top

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.