# Release Notes: 2025-12-10 ### Non-Human Identity Security #### Enhancements * **EAC-53227**: Veza now supports Microsoft Copilot Studio, Microsoft's low-code AI bot platform within Power Platform. * This integration discovers AI bots (Copilots) and their components, including Topics, Actions, Custom GPTs, Knowledge Sources, and AI Models, while mapping permissions through Azure Dynamics 365 security roles to provide visibility into who can access, modify, or invoke conversational AI bots. * The integration supports both system-level permissions (Owner, Service Principal) and role-based access control through Dynamics 365 security roles with depth-level scoping (Global/Deep/Local/Basic). ### Lifecycle Management #### Enhancements * **EAC-53788, EAC-46395**: LCM Policies now support Alias Definitions as shorthand references for specific integrations and entity types. These can make attribute formatters and condition strings more readable, and enable greater control when policies use multiple sources of identity with the same integration type, or use the same entity type to both source and synchronize identities. Alias Definitions are currently available in Early Access. * **EAC-55297**: For past Dry Runs, the **Dry Run History** table provides information about the selected identities, when the last Dry Run was performed, and its status. In-progress Dry Runs are now shown on the history table, with the option to cancel the run if needed. * **EAC-53990**: When creating **Access Reviews through Workflow Actions**, administrators can now configure a custom review name using attribute formatters. This is particularly useful for enabling unique, meaningful names in scenarios where multiple reviews can be created. Review names appear in both the Workflow builder and in Dry Run results. * **EAC-53932**: The Azure AD Sync Identities action now supports updating **Exchange Online Mailbox** settings. Administrators can specify a mailbox identity to sync both standard mailbox settings (such as `AuditEnabled`, `AuditLogAgeLimit`, `RecipientLimits`, and `MaxSendSize`) and CAS mailbox settings (such as `OWAEnabled`, `ActiveSyncEnabled`, `EwsEnabled`, `MAPIEnabled`, `PopEnabled`, and `ImapEnabled`). ### Access Security #### Enhancements * **Enhanced Risks page with Risk Profiles**: The Risks page now features an improved experience with Risk Profiles for categorizing authorization risks, Open/Resolved status tracking, and enhanced analytics for monitoring risk trends over time. Risk Profiles organize queries into categories such as MFA Health, Privileged Access, Dormant Access, and Blast Radius, helping teams prioritize remediation efforts. Contact your Veza account team to enable this feature. See [Risks](/4yItIzMvkpAvMVFAamTf/features/insights/risks.md) and [Configure Risk Levels and Profiles](/4yItIzMvkpAvMVFAamTf/features/insights/risks/configure-risk-levels-and-profiles.md) for details. * **FR-4220, EAC-54950**: Administrators can now control which users receive assessment digest emails through a new system setting. **Digest Notification Recipients** now offers two options: **All Users** (default behavior) or **Admin Users Only**, enabling organizations to limit weekly summary digest emails to administrators. This setting is available under **Administration > System Settings**. * **EAC-54825**: You can now assign **Risk Profiles** to individual risks directly from the All Risks table, Dashboard tiles, Queries page, and Query details page. A new **Manage Risk Details** modal enables updating both the risk level and risk profile for custom queries in a single interface. Risk profile selection is disabled for out-of-the-box queries to preserve system-defined configurations. This change is part of the new Risks overhaul, currently available in Early Access. * **EAC-50947**: A new out-of-the-box dashboard is now available in the Dashboard Library to help identify **SharePoint Misconfigurations**. * **EAC-55113**: Administrators can now customize email templates for Access Security alert and risk notifications via API. Templates support simple placeholder replacement (e.g., `{{RULE_NAME}}`, `{{ALERT_NODE_COUNT}}`) and Handlebars templating for conditional content. See [Access Intelligence templates](/4yItIzMvkpAvMVFAamTf/administration/administration/notifications/email-templates/customizing-templates.md#access-intelligence-templates) for placeholders and default templates. #### Bug Fixes * **EAC-55373**: Fixed an issue where several out-of-the-box saved queries (including "Dormant Active Directory Users that are Domain Admins" and related dormant user queries) were returning zero results. ### Integrations #### Enhancements * **EAC-54399**: Open Authorization API (OAA): Added support for querying Configured Permissions in custom applications even when permissions are not role-based. This enhancement enables Veza to discover and display permissions assigned directly to principals (users, groups, and access credentials) without requiring a related role. * **EAC-55231 Appian**: Added support for Appian Role `description` attribute. #### Bug Fixes * **EAC-54900**: SCIM OAuth2: Updated validation during integration configuration to fetch only a single page instead of retrieving all users. * **EAC-55322 Cassandra**: Added implicit SELECT permissions on all tables in `system_schema` keyspace for all roles. * **EAC-48771 Snowflake**: Fixed an issue where the audit log cursor would not advance when there were no audit events for extended periods, causing the integration to fall behind in processing recent activity. The cursor now advances in 6-hour increments even during periods with no events. * **EAC-52862 GitHub**: Added support for extracting GitHub Enterprise Roles and Role Assignments. * **EAC-55065 Open Authorization API (OAA)**: Added truncation to error logging for HRIS bad requests to prevent large outputs when system-level field violations occur. * **EAC-55082 Workday**: Added retry logic for 400 responses during extraction. ### Access Reviews #### Bug Fixes * **EAC-50668**: Fixed an issue where custom column arrangements in Reviews and Configuration lists would reset to default ordering when navigating away and returning to the page. ### Access Search #### Enhancements * **EAC-55117**: Query Builder: Improved editing of filters when "Filter by Type" is used. * **EAC-52679**: Query Builder now supports multiple destination types in a single query. #### Bug Fixes * **EAC-51739**: Access Graph: Fixed an issue where a Server Error could occur for certain entity type paths. ### Veza Platform **New Platform Navigation Experience (Early Access)**: A redesigned navigation experience is now available in Early Access, featuring an icon-driven sidebar, three-column layout, and streamlined access to frequently-used features like Graph Search, Query Builder, and Dashboards. Contact your Veza account team to enable this feature. See [New Navigation Experience](/4yItIzMvkpAvMVFAamTf/product-updates/blog/new-navigation-experience.md) for details. #### Enhancements * **PLT-3075**: Veza now generates audit events when administrators modify sign-on settings. New event types include changes to SSO redirect, SCIM provisioning, SAML enable/disable, MFA requirements, IdP-managed roles, and OIDC configuration. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/release-notes/release-notes/2025-12-10.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.