Multi-Tenant Endpoint Security — Enhancements and Resolved Issues

Applies To: Multi-Tenant Endpoint Security Management

For more information about new features, go to the What's New in WatchGuard Endpoint Security PowerPoint.

WatchGuard periodically updates Endpoint Security products and modules to provide enhancements and resolve reported issues. New versions roll out gradually to accounts. Some features and enhancements listed here might not be available to your account. When a new version is available, upgrade notifications appear as alerts in the upper-right corner of the management UI. If an upgrade is available, we recommend that you upgrade to the most recent version. If there is no alert in the management UI and you need to upgrade to the latest version of the product, contact your WatchGuard representative to request an upgrade. For more information, go to the Knowledge Base article: WatchGuard Endpoint Security Upgrade Schedule.

Latest Release

Release Date: 4 May 2026 (Patch Management Enhancements)

Enhancements

  • In a patch installation task, you can now configure required conditions that must be met for a patch to be installed. These conditions can include: time since the patch was released, minimum number of successful installations, maximum number of failed installations, and minimum number of days since the first successful installation.
  • In the Available Patches list, you can now exclude patches from installation tasks.
  • There is a new Excluded Patches list where you can review a list of the patches excluded for all of your managed accounts.
  • On the Detected Patch page, a Patch Installation Status section now shows installation data from all computers in a specific account, in all accounts you manage, and in the wider WatchGuard community.

Previous Releases

Enhancements

  • The workstations and servers settings were reorganized to better align with the new products and feature distribution. For more information, go to Configure Workstations and Servers Security Settings in Help Center.
  • In the Zero-Trust behavior configuration, Audit will be replaced by Learning to avoid confusion with the global Audit mode.

New Features

Blocked Scripts List

The Blocked Scripts list is now available for Service Providers to review centralized information about the scripts blocked on client networks.

New Features

Zero-Trust Application Service Report for Managed Accounts

The Zero-Trust Application Service Report enables Service Providers to see the effectiveness of the Zero-Trust Application Service on their managed accounts over the last 30 days. The report provides metrics that illustrate how zero-trust works, and enables Service Providers to compare specific statistics for their accounts with averages calculated across all WatchGuard accounts.

Enhancements

  • Delegated accounts now show in the multi-tenant endpoint security management UI. To see accounts that were delegated before this release, you must revoke delegation and then delegate access again in WatchGuard Cloud.

New Features

Clients' Product Versions List

A new Clients' Product Versions list is available for Service Providers to review which version of the software client accounts have installed. The Clients' Product Versions list also enables partners to update the product on their client accounts to the latest version so that they can take advantage of new features and resolve known issues with the previous version.

Enhancements

  • Settings for the multi-tenant endpoint security management UI were updated to include Script Blocking. On the Script Blocking page, Service Providers can configure rules to allow or block scripts on their client accounts. When Service Providers configure Update settings in a per-computer settings profile, they can specify whether the computer will restart (if necessary) during the maintenance window.
  • Settings for the multi-tenant endpoint security management UI were updated to include Maintenance Windows. On the Maintenance Windows page, Service Providers can configure time slots during which Endpoint Security can upgrade its protection software and restart the endpoint computer. When Service Providers create a patch installation task, they can specify whether the computer will restart (if necessary) during the maintenance window.

Resolved Issues

  • Minor updates and bug fixes.

Enhancements

Resolved Issues

  • Minor updates and bug fixes.

New Features

A new Available Patches list shows Service Providers all patches that are available for each managed account. The list includes this information:

  • Client name
  • Group
  • Occurrences (the number of computers on the client network that have the patch available)
  • Program name
  • Program version
  • Patch name
  • Patch release date
  • Criticality

You can also schedule a task to install one or more patches from the Available Patches list.

Resolved Issues

  • Minor updates and bug fixes.

New Features

Service Provider accounts can now centrally configure settings for the new Endpoint Access Enforcement feature. Endpoint Access Enforcement monitors connections to computers on your network to reduce infections from unprotected devices. Service Providers can also enable a toggle to make the settings profile editable by the managed account. When the profile is editable, the managed account can add exclusions for connections from specific IP addresses.

There is also a new Endpoint Access Enforcement list available from the Status menu that shows detected connections on client networks.

Enhancements

  • These settings profiles were updated for Service Provider accounts:
    • Program Blocking — You can now block programs by MD5 and SHA-256 codes.
    • Authorized Software — You can now authorize programs by MD5 and SHA-256 codes.
    • Workstations and Servers — You can now centrally enable advanced scanning with AMSI and protection for vulnerable drivers.
  • Anti-exploit protection settings were updated. The Advanced Code Injection toggle was removed. To enable anti-exploit protection, you now enable the Code Injection toggle.

Resolved Issues

  • Minor updates and bug fixes.

Enhancements

  • Service Providers can now centrally run patch installation tasks on test computers to verify patches install successfully before they deploy the patches across the network.
  • Service Providers can now enable two-factor authentication (2FA) to help prevent tampering in managed accounts. When enabled, 2FA with an authenticator app such as AuthPoint is required to authenticate and log in to the local management UI or to uninstall the protection software from a device. Service Providers can generate a QR code for all accounts, or multiple QR codes for different accounts and account groups. This feature requires that the endpoint have Windows protection v8.00.22.0023 or higher.

New Features

Patch Installation Results

A new Patch Installation Results list shows Service Providers all of their centrally managed accounts and whether they have Patch Management or not. For accounts with Patch Management, this information is shown:

  • Number of patches that were successfully installed
  • Number of computers that require a restart
  • Number of patch installation or download errors

Service Providers can also export the details of the patches installed in their managed accounts.

Enhancements

  • In the workstations and servers settings profile, Service Providers can now select these new Web Access Control content categories:
    • Generative AI – Multimedia
    • Generative AI – Conversation
    • Generative AI - Text & Code
    • Other AI ML Applications
  • In the per-computer settings profile, Service Providers can centrally configure Windows computers to enable anti-tampering when they start in Safe Mode with networking enabled. This feature requires Windows protection v8.00.22.0023 or higher on the endpoint.

New Features

Centralized Settings Inheritance for Service Provider Accounts

In the multi-tenant management UI for Endpoint Security, Service Providers can now create and assign settings profiles to the Service Provider accounts they manage. This enhancement includes the ability to keep settings that the managed Service Provider account has already assigned to their managed accounts or account groups. For more information, go to Settings Inheritance for Service Provider Accounts.

Resolved Issues

  • Minor updates and bug fixes.

New Features

Security Dashboard

Service Providers can use a new Security dashboard to see an overview of the security status of their managed accounts. The Security dashboard includes information in these tiles:

  • Protection status
  • Offline computers
  • Outdated protection

This release also adds new filters that enable you to check the security status of clients more effectively. For more information, go to Multi-Tenant Endpoint Security Management — Security Dashboard in Help Center.

Enhancements

  • The Clients' Protection status list includes these changes:
    • Data shown in the list now corresponds only to the computers that meet the filter criteria you select.
    • A new column shows the number of unmanaged computers discovered.

Resolved Issues

  • Minor updates and bug fixes.

New Features

  • These new settings are available for Service Provider accounts:
    • Network Attack Protection (Advanced EPDR, EPDR, and EDR only)
    • Remote control (Advanced EPDR only)

Enhancements

  • Service Providers can now assign a settings profile that allows the managed account to add authorized software to the list. If you change the status of the settings from editable to non-editable, changes that the managed account made to the settings profile no longer apply .
  • Service Providers can now assign a settings profile that allows the managed account to add scan exclusions to specific files and paths. If you change the status of the settings from editable to non-editable, the exclusions the managed account added to the settings profile no longer apply.
  • Patch Management now supports macOS and Linux computers. For managed accounts with Patch Management, Service Providers can create a patch installation task that installs patches based on the operating system. macOS and Linux patches are not included in existing recurring or new recurring Patch Management tasks.

Resolved Issues

  • Minor updates and bug fixes.

New Features

  • A new Status > Risks by Client page shows Service Providers a list of their clients, including the number of computers with risks and the distribution of risks present on the computer. To see the details for a client, you must open the WatchGuard Endpoint Security management UI for the client. In Account Manager, select the client account.

Enhancements

  • Service Provider Endpoint Manager now shows inside the WatchGuard Cloud user interface, instead of in a separate tab. When you move from one Service Provider account to another in Account Manager, the user interface updates to show endpoint security information for the selected account. Multi-tenant endpoint security management for Service Providers is seamless and no longer referred to as Service Provider Endpoint Manager. To open the multi-tenant endpoint security management UI for a Service Provider account, select Monitor > Endpoints or Configure > Endpoints.

Resolved Issues

  • Minor updates and bug fixes.

New Features

  • In Endpoint Manager, you can centrally manage and apply security setting profiles for iOS devices on your network through WatchGuard Cloud accounts and account groups. The security features available depend on whether the iOS device is integrated with a mobile device management (MDM) solution and whether it is in supervised mode. For more information, see Manage Endpoint Security Settings Profiles.

  • You can create and run tasks on multiple clients. You can create, schedule, and launch analysis tasks, as well as patch installation tasks. Installation tasks only affect endpoints with WatchGuard Patch Management in the accounts of your managed clients. For more information, see Manage Tasks.

Enhancements

  • In a per-computer settings profile, you can enable shadow copies. Shadow Copies is a Microsoft Windows feature that enables you to restore previous versions of files. Requires Windows protection version 8.00.20.0001 or higher.
  • In the Antivirus settings of a workstations and servers settings profile, you can enable decoy files to use as bait to detect attacks that change files stored on computers. Decoy files require Windows protection version 8.00.20.0001 or higher.

Enhancements

  • On the Status page, a new Indicators of Attack list shows the detected Indicators of Attack (IOA) for each client account, including the number of affected computers.