Microsoft New Security Requirements - Consent Process has been Activated

Microsoft has introduced a new security framework to give CSP Partners and Control Panel Vendors (CPVs) a more secure application model through multi-tenant application authentication capability.

You should have completed the consent process until 3rd of February 2019. From 4th of February, Microsoft will enforce the new security model and you will no longer be able to provision any Microsoft services from our platform if you haven't given your consent to our platform. Our platform will support both functionalities until 3rd of February, meaning that if you haven't given your consent we will continue using the credentials of your global admin user for authentication purposes.

For running the consent process, check please Give you consent to interworks.cloud platform.

Automatic Update of Cloud Apps Settings in Tenant Reseller

From this release, the cloud application settings for services that are inherited from the parent organization are now updated automatically in child level (i.e. in tenant resellers or country tenants). This means that if you are a CSP and you change for example your "Web App ID", you will no longer need to go and update it in each tenant, it will be done automatically from our system.

In the child organization, the administrator will be able to see and change only settings that are available for him. The rest settings will be hidden from the tenant administrator.

This feature has been implemented for the service manager MS Cloud Services, Azure Pack, Panda Antivirus, Acronis Cloud Backup, Acronis Files, interworks.cloud OSS and Citrix CPSM. For the rest service manager an update will follow in one of the next releases.  

For more details, check please Syncing Tenant BSS with Underlying Provisioning Platforms.

Acronis Cloud Backup - Support for Local Storage Quota

From this release you can set quotas for the local storage your customers are using for their backups.  We upgraded our Acronis Cloud Backup service manage and we exposed a new product characteristic called "Local Storage (GB)" for setting for your Acronis plans the local storage quota you wish.

Using this new property you can bill your customers for the local storage they are using since we lock in Acronis portal the local storage that is is available for customer's backups. 

For more details, check please /wiki/spaces/KASFD/pages/4663189.

Locking Mechanism for BSS & Storefront Users

In this release we introduced the user locking mechanism for users that have multiple failed login attempts. A BSS or a Storefront user will be locked and he will not able to login in BSS or Storefront portal if he exceeds the number of failed login attempts your administrator has defined.  

The maximum login attempts can be defined by your administrator in the new "Security Settings" section we included in the "Organization Profile" page.  

If a user is locked can be unlocked only by the BSS administrator from the "unlock users" tool.

For more details, check please BSS & Storefront Users Lock

Code Security Improvements

In this release we included various improvements that strengthen our platform against malicious attacks. 

1. Any excel functions defined in the excel file will be disabled before the upload of the file in our translation tool.
2. Remove of Logo enumeration in our image handler in Storefront for preventing phishing campaigns with XSS (Social Engineering).
3. Prevent Cross-site Scripting (XSS) for Contacts and Document description fields in BSS.
4. Prevent XSS on Translation Manager in BSS.
5. Prevent XSS on Landing Page Manager in BSS.
6. Prevent Storefront user enumeration by displaying the same error message for both invalid usernames or passwords.
7. Addition of "Enable editor Anti-XSS filtering" option in "Organization Profile" settings for preventing cross-site scripting in the description editors we have in all edit pages. 

Resolved Issues