Skip to content Version [2024-06-12]
Added
- Azure AD multi-tenant support — user login is performed directly against Azure AD while group
membership is resolved via the CapaOne API, fixing elevation denials in cross-tenant scenarios.
Requires the
GroupMember.Read.All API permission.
- “Run as different user” — IT staff can elevate on endpoints without knowing end-user credentials.
- Control panel applet elevation — allow only specified
.cpl applets during process elevation.
Notes
- Azure AD group membership is cached for 15 minutes on endpoints, so changes can take up to 15
minutes to take effect.
