New Features And Enhancements In Release 104.0.0

New Features And Enhancements In Release 104.0.0

Here is the list of the new features and enhancements.

API Data Protection
Deprecation of Salesforce BYOK Feature

Salesforce Key Management is a feature that allows customers to use Salesforce’s Bring Your Own Key (BYOK) feature to encrypt Salesforce data at rest. Netskope today provides customers the option of rotating/managing these keys from the Netskope console. Note that this feature is now deprecated, which means Netskope will not support this capability in any new commercial or federal Netskope DC.

Note that deprecation of this feature only means that you cannot rotate/manage the encryption keys from Netskope. You can continue using the BYOK feature within Salesforce without impacting Netskope’s API Data Protection for Salesforce.

Fine prints as follows:

  • For new Salesforce app instances, the UI will not have a BYOK checkbox. New instances cannot enable BYOK.
  • For existing Salesforce app instances that have not enabled BYOK, cannot enable it going forward.
  • Existing Salesforce app instances that are using BYOK, can disable BYOK. However, once disabled, you cannot re-enable it.
  • Salesforce Key Management page under Salesforce API-enabled Protection dashboard will not be available for tenants who have not enabled BYOK.
  • For existing Salesforce app instances that have enabled BYOK, the feature will continue to work as expected.
Graceful Handling of Require Check Out Option in Microsoft Office 365 SharePoint Sites

In Microsoft Office 365 SharePoint Sites, there is an option to require check out of files before editing. If this setting is enabled on a SharePoint site, Netskope API Data Protection can quarantine the file but fails to overwrite the original file with a tombstone file. To gracefully handle this kind of a scenario, API Data Protection now provides administrators to identify such files within the Incidents and Alerts UI pages. Following two changes are added in the Netskope tenant UI:

  • Under Incidents > DLP, when you click an incident, the UI displays a new tombstone failure message.
  • Under Skope IT > EVENTS > Alerts, a new alert type Tombstone Failed is introduced for a quarantine action.
CASB Real-time Protection
Dropbox Paper Activity

Enhanced the Dropbox connector to add support (activity coverage) for Dropbox paper module.


Activity name for Preview of any file in Dropbox Paper, has been updated from View to Preview.

Vanity RaaS Support For Azure AD And Google Identity Provider

When accessing Office365 from an unmanaged device, users are required to perform additional authentications via RaaS(Reverse proxy as a service). Release 104 introduces vanity URLS that provide access to supported Office365 apps via single authentication and also allowing DLP / TSS controls on post operations. The vanity URL feature is supported only for the domain.


This is a controlled General Availability feature handled through API (back-end). Contact your Netskope sales representative/support to enable this on your tenant.

Endpoint DLP (EDLP)
Implement macOS Agent

Endpoint DLP now supports macOS. The macOS Endpoint DLP agent is installed with STAgent that supports macOS Big Sur (11), Monterey (12), and Ventura (13) versions along with support for content control and device control policies.

Printer Device Control

Endpoint DLP Printer Device Control is now available. Policies can be created to restrict or allow printer access based on attributes of the printer or connection.


This is a controlled General Availability feature. Contact your Netskope sales representative or support to enable this on your tenant.

Endpoint Policy Features

Endpoint DLP Windows-only features are now labeled as such in the UI.

Offline Event Column Deprecation

The Offline Event column was removed from the Endpoint Events. This column was not intuitively named and could cause confusion.

Windows Installation Package Update

Added a new executable file to Endpoint DLP called epdlp_diag.exe. It is installed in C:Program FilesNetskopeEPDLP which can be used to return Endpoint DLP running state.

Next Generation SaaS Security Posture Management
Renamed Compliance Page to Findings

Starting this release, the Compliance page under API-enabled Protection > Security Posture (Next Gen) is now renamed to Findings. To learn more: View Security Posture Findings.

Workday GA Announcement

Starting this release, Next Generation SSPM for Workday is now declared General Availability (GA). Next Generation SSPM for Workday now supports new set of rules and entities.

To learn more: Next Generation SaaS Security Posture Management for Workday.

Netskope Secure Web Gateway (NG SWG)
Transaction Event Format 3

Improved data generation for the following Transaction Event Format 3 fields:

  • x-sc-notification-name
  • x-c-local-time
  • x-cs-app-activity
  • x-cs-app-object-type
  • x-cs-app-object-name
  • x-cs-app-object-id
  • x-rs-file-type
  • x-rs-file-category
  • x-cs-app-category
  • x-cs-app-suite
SSL Decryption Policies

In the SSL Decryption policy, if an app that shares a common domain with another app is selected, the admin is notified with a pop-up. If the admin clicks Proceed, then the other apps with the same domain are also selected. If the admin clicks Cancel, the apps are removed from the SSL Decryption policy. For Categories and App Suites with apps that have common domains, users are warned with a pop-up.

Disabled Longest Prefix Match For Custom URL Lookup

In SWG, we can now disable longest prefix match when matching incoming URLs against URL lists. Incoming URLs can now match against all URL lists with a positive match criteria. This is different from the current behavior of matching with the URL list with the longest prefix match.


Before disabling the longest prefix match behavior, Netskope recommends reviewing your policies thoroughly as this is a fundamental change to how Netskope processes your policies in SWG.


This is currently a Beta feature. Contact your Netskope sales representative or support to enable this feature for your tenant.

Netskope Private Access (NPA)

This release includes enhancements in Publisher software to improve the speed of data transfer over NPA.

Remote Browser Isolation (RBI)
Clipboard Operation Update

Enhanced the user experience for clipboard operations in isolation. Managed the clipboard operations performed by any button present on the isolated webpage in the RBI session, and also the browser’s menu.

Prior to this enhancement, RBI supported clipboard operations were triggered by keyboard shortcuts and the RBI context menu. With this enhancement, all clipboard operations are now intercepted and handled by RBI regardless of how the user initiates the action.

Threat Protection
Heuristics and Sandbox Detection

On the Malware page, Netskope displays a Not detected message for advanced threat engines when they don’t trigger detection alerts.

To learn more: About Malware.

Traffic Steering
Windows Installer Events And Event Details

Introduced new Installer Events and corresponding event details. You can see these events in Settings > Security Cloud Platform > Netskope Client > Devices. Refer to the following table to understand the new events and their details:

Event Event Details
InstalledInstalled client version ‘x’
UninstalledUninstalled client version ‘x’
Installation FailureFailed to install client version ‘x’ – <reasons for failures>
Uninstallation FailureFailed to uninstall client version ‘x’ – <reasons for failures>
UpgradedUpgraded from client version ‘x’ to ‘y’
Upgrade FailureFailed to upgrade from ‘x’ to ‘y’ – <reason for failures>
Rollback SuccessRolled back to client version ‘x’
Rollback FailureFailed to rollback to client version ‘x’

To learn more: Netskope Client For Windows.

Device Status Page Improvements

Modified the Devices page to show the following the device details in a more granular and detailed way:

  • Rebranded “Client Status” to “Internet Security Status”.
  • Device serial number is shown on Devices page.
  • Two NPA events Tunnel Down and Tunnel Up are introduced.
  • For client version till 103, the “Service” and “New Status” is empty in Event History page of a device.
  • Added new Internet Security status like “Errored” and “Backed off”.
  • Added Last Event Service column for every  event, this signifies the service which generates the event.
  • Added Info last updated field which shows the time when host info was updated.
  • Added new filters like Has Error to list errored devices.

The old NPA status is mapped to new NPA status as mentioned below:

Old StatusNew Status
Steering DisabledDisabled

To learn more: Devices.

Protect Client Configuration And Resources

Netskope Client introduces a new tamperproof capability to protect Netskope processes, folders, files, and registry keys from renaming, modification, or deletion.

In conjunction with this feature, when password protection feature is enabled, it stops the users from uninstalling or stopping the Netskope Client service. You can enable this feature in the Tamperproof tab in Client Configurations under Settings > Security Cloud Platform > Netskope Client > Devices  and is available for Windows 10 or higher versions.



Note: This option was earlier known as Self-Protection and was controlled using a feature flag.

To learn more, view Netskope Client Configuration.

Additional Documentation Updates
  • Devices: Revised and detailed content to align with the options available on the Devices user interface.
Share this Doc

New Features And Enhancements In Release 104.0.0

Or copy link

In this topic ...