Release date: November 2022 (major release)
This document was last updated on: November 21, 2022
Download a translated PDF: ARM 2022.4 Release Notes (Versionshinweise, deutsch)
These release notes describe the new features, improvements, and fixed issues in Access Rights Manager 2022.4. They also provide information about upgrades and describe known issues.
If you are looking for previous release notes for Access Rights Manager, see Previous Version documentation.
New features and improvements in ARM
Creation of Azure Active Directory guest accounts
With ARM, accounts can now be created in AAD with external email addresses. This facilitates collaboration, e.g. with Teams and OneDrive, with external or freelance employees and companies.
An additional permission must be added for this purpose for the app registration in the preparation of the Microsoft 365 environment:
For more information, see the Administrator Guide in the chapter "Create an Azure AD guest invitation".
Recertification of Azure Active Directory (AAD) group memberships
AAD group memberships can now be included in the recertification with the new version. Since many authorizations can be controlled through group memberships in AAD, e.g. teams channels, this new feature significantly expands the scope of authorization reviews.
Enhancement of Exchange Online configuration
ARM can now access Exchange Online via a registered application (Application ID and Thumbprint). This new method of authentication (Modern Authentication) is now recommended. Microsoft has already announced that the basic authentication method and EWS will soon no longer be supported by Exchange Online.
To set up, follow all the steps in the appendix of the following Microsoft "App-only authentication for unattended scripts" guide (© 2022 Microsoft, https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps#step-1-register-the-application-in-azure-ad, obtained October 12, 2022). With the setup you get an application ID and a thumbprint, which you then use as user name and password during the configuration in ARM.
For more information, see the Administrator Guide in the chapter "Prepare Exchange resources".
In the configuration application, the input fields for the access data are now labeled resource-specific and there is a link to the corresponding help in the documentation. This facilitates the configuration of resources.
New view of accounts in the web client
The display of accounts and actions for accounts in the web client has been redesigned to follow the look and feel of SolarWinds. In addition to accounts from Active Directory (on-premise), accounts from other resources, for example Azure Active Directory or SharePoint, can now be displayed and actions can be performed on the accounts.
For encrypted communication between ARM server and ARM collectors, the certificates used can now be displayed and approved. ARM can be configured to allow only connections with approved certificates. Connections without approved certificates are displayed as a warning in the ARM Health Check.
For more information, see the Administrator Guide in the chapter "Verify collector connection status and collector certificates".
Interaction with SolarWinds Hybrid Cloud Observability (HCO)
Key data from Access Rights Manager, such as ratings from the Risk Assessment Dashboard and current information about Active Directory, are now configurable as widgets in the HCO dashboards.
SQL Express for ARM Express Installation
SQL Express is no longer included in the ARM download package. For the ARM Express installation, you can use the SQL Express download link included in the installation wizard or, if the desired server does not have an Internet connection, use a locally stored installation package of SQL Express.
New customer installation
ARM and SolarWinds platform or Orion Platform products must be installed on separate servers. Note that ARM is not a SolarWinds platform or Orion Platform product.
How to upgrade
As of version 2020.2, the ARM server has been renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.
|983096||In large environments, long loading times could occur due to the AD Loggas being switched on/off.|
|997613||Due to excessive memory consumption during a SharePoint scan, it could happen that the scan could not be completed.|
|988088||The display of the date in the dashboard of the web client is now correct.|
|461175, 992823||A data owner can no longer perform actions in the Accounts view of the Rich Client that are outside of their assigned scope.|
|1145902, 1168799, 1106224||Fixed an issue where the AD Logga did not start correctly.|
|1141609||Azure AD group memberships are now read completely.|
|1073510||For events reported by ARM to SysLog servers, the encoding can be set.|
|1044952||It is now possible to accept deviations from the department profile even if no group membership has been defined in the profile.|
|1010624||An issue where users in non-trusted domains could not be found has been fixed.|
|1078285||The configuration of the directories for which orders are to be prevented works correctly again.|
|1071886||Fixed an issue that could occur when changing AAD accounts.|
|1018159, 1026158||An error could occur when executing scripts if $ProgressPreference = "SilentlyContinue" was not set. The provided sample scripts have been supplemented.|
|1020280||When executing scripts for alarms, single parameters can be processed (When running scripts on alerts, individual parameters can be passed).|
|948350, 949355, 1176706||The handling when scanning multiple paths in the DFS structure has been corrected.|
|1009591||Changing the AD attribute Description now also works in the web client.|
|366312, 1181685||The password options in the templates now work correctly.|
|Issue: When using user-defined templates, AccountSearchTextField does not work for manager assignment.|
|Resolution/Work-around: Use a standard input field or, if possible, a drop-down menu.|
|Updating FS Logga components on Windows file servers|
|Issue: In some cases, automatic or manual updating of FS-Logga components on Windows file servers may fail.|
|Resolution/Work-around: Start the setup on the Windows file server and select the Repair option. The repair function removes the installation and reinstalls the components.|
|Active Directory accounts not resolved|
|Issue: In some cases, new installations may experience Active Directory scanning issues when scanning through a collector or ARM server installed on a domain controller (DC). This can result in AD accounts not resolving correctly under these conditions. Existing installations are not affected.|
|Resolution/Work-around: Install the ARM server or collector service on a different server, not on DCs.|
End of life
With the release of ARM version 2022.4, the following versions of ARM are no longer supported:
See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.
End of support
This version of Access Rights Manager no longer supports the following platforms and features.
This version of Access Rights Manager deprecates the following platforms and features.
Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.
Exchange 2013 is considered deprecated as of ARM version 2022.4 Although you can still use ARM up to version 2022.4 with Exchange 2013, this Exchange version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated Exchange version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.
|SharePoint 2013||SharePoint 2013 is considered deprecated as of this version. Although you can still use ARM with SharePoint 2013, this version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated SharePoint version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.|
© 2022 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.