Bug Fixes and Miscellaneous Updates
Updated ESC2 Check
- Privileged Mode Added: The ESC2 check now supports Privileged Mode to validate enrollment permissions on the Certification Authority.
- Clearer Rule Text: Updated messaging makes it obvious when the risk is identified as ESC2.
- Improved Guidance: Expanded technical explanations and remediation steps for easier issue resolution.
Entra ID Terminology Standardization
- All terminology has been standardized to align with Entra ID, replacing legacy Azure AD language for consistency and clarity.
Modern Authentication for Email Notifications (Enterprise / Pro)
- PingCastle now supports Modern Authentication with Office 365.
- Uses an Entra app registration to send emails directly from the application instead of legacy SMTP basic auth.
- By default, the app can send on behalf of anyone in the tenantâwe strongly recommend restricting this to a dedicated PingCastle mailbox via the setup process.
UI Improvement: Remove Domain from the Interface
- Previously, domains could only be removed through a hidden link (
/Database/DeleteDomain/{DomainId}). - A Delete Domain button is now available directly on the Domain Report page for a smoother user experience.
Enhanced DNS Zone Update Rules (A-DnsZoneUpdate1 / A-DnsZoneUpdate2)
- DistinguishedName property added to
HealthcheckDnsZones. - LDAP collection now captures DNs for
(objectClass=dnsZone)objects. - Filters out CNF (conflict) and InProgress replication artifacts.
- AddRawDetail outputs now include both DN and partition context (DomainDnsZones vs DefaultNamingContext) for precise object identification.
Bug Fixes
| Description | Case # | Escalation # |
|---|---|---|
| LAPS pie charts display incorrect data | 450719 | 395623 |
| Owner permissions for âRule Exceptionâ are misconfigured | 455140 | 400752 |
| PingCastle Web UI does not start after EntraID credential update | 454716 | 400184 |
| [SMB2SignatureNotEnabled] Invalid SMB2_NegotiateResponse structure. | 395483 | |
| [Standard] The --services collection option is not listed in help | 394006 | |
| [Enterprise] Infrastructure â Domains: Filters behave unexpectedly | 393666 | |
| [Enterprise] Add new Functional Levels for filtering | 392262 | |
| [Standard] Exit option incorrectly terminates the program. Expected behavior: go back one level | 361697 | |
| Running PingCastle from a non-domain-joined machine does not work | 391121 | |
| [Security] Update vulnerable packages | 400967 |
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended⌠| Contact Support |
| If you have a question youâd like to ask other experts⌠| Create a discussion in the community: PingCastle > Discussions & Questions |
| If you have a feature request⌠| Let our product team know directly: PingCastle > Ideas |
| If you have something cool to show⌠| Show everyone what you built: PingCastle > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!