New Features And Enhancements In Hotfix Release 122.1.0
New Features And Enhancements In Hotfix Release 122.1.0
Here is the list of the new features and enhancements.
Next Generation API Data Protection
User Experience Enhancements
Starting this release, configuring a new SaaS app instance introduces the following user experience enhancements:
-
In API-enabled Protection > CASB API (NEXT GEN) > Inventory, the UI now displays a banner message indicating that the initial inventory listing is in progress for newly configured SaaS app instances.
-
In Policies > API Data Protection > Next Gen > Retroactive Scan, the Start Scan button for the newly configured SaaS app instance remains disabled while the initial inventory listing is in progress. Once the listing is complete, the button is enabled.
SaaS Security Posture Management (SSPM)
Slack Enterprise Support
SaaS Security Posture Management now supports Slack for Enterprise. With this, you can now monitor Slack Enterprise for security posture issues. New set of predefined rules and entities have been introduced.
To learn more: SaaS Security Posture Management for Slack Enterprise documentation.
MS Teams Support
SaaS Security Posture Management now supports monitoring for MS Teams. New set of predefined rules and entities have been introduced for MS Teams. Contact your sales representative to enable SSPM for MS Teams on your tenant.
Updated SaaS Security Posture Management Report dashboard
SaaS Security Posture Management Reports dashboard in NAA has been updated to include the ability to filter Findings by SSPM Policy.

Traffic Steering
Device Classification Improvements
With version 122.1.0, the Certificate check option available in device classification now supports the following three options:
-
Check UPN: The UPN option enables additional checks on the certificate. This extra check compares the current logged in UserPrincipalName with four fields in the certificate: Subject CN, Subject Email, Subject Alternative RFC822, and Subject Alternative Principal Name. If any of these four fields match, the UPN check will pass.
-
Supported OS: Windows and macOS.
-
-
Check Smart Card: If users enable the Smart Card option, Netskope Client checks Certificates on the card instead of the personal store. Secondly, the Netskope Client checks the Smart Card PIN.
-
Supported OS: Windows
-
-
Check CRL: The Certificate Revocation List (CRL) contains digital certificates that were revoked by the issuing CA before their scheduled expiration date, and those certificates should no longer be trusted. If a certificate was revoked, the posture (device classification) check fails.
-
Supported OS: Windows
-
To learn more: Device Classification.
New Technology for Decrypting Certificate Pinned Application Traffic
Netskope can now decrypt traffic from certificate pinned applications. This significant advancement overcomes the historical challenge of bypassing these applications by default to ensure their proper operation.
Netskope introduced a new steering exception option for these certificate pinned applications: “Steer and Decrypt at Netskope Cloud”. This feature allows you to apply Real-Time Protection policies to this traffic, treating it as you would any traditional application.
– This support is specific to both the application and the operating system. The initial implementation focuses on Google Drive on Windows Intel platforms.
– This feature requires the use of Netskope Client version 122.1.0 or above.
To learn more: Certificate Pinned Applications.