What’s new

Changelog

A running log of features, improvements, fixes, and security updates shipped in Kovira.

April 2026

  1. Feature

    Microsoft 365 tenant overview

    Connect a Microsoft 365 tenant and Kovira now auto-discovers the org address, tenant contacts, security defaults, identity providers, and directory roles. The data refreshes on a schedule and surfaces on a dedicated tenant page.

  2. Improvement

    Faster Microsoft 365 sync with delta tokens

    Entra ID and Intune sync runs now use Graph delta queries, so subsequent runs only pull what changed. First-time syncs still do a full pull, then settle into incremental updates that complete in a fraction of the time.

  3. Feature

    Intune policy baselines

    Configuration profiles, compliance policies, and scripts from Intune now land as configuration items with full setting baselines. Drift between baseline and live state is highlighted on each policy page.

  4. Feature

    Permission gap analysis for Microsoft 365

    Kovira inspects the Graph permissions actually granted to your connector against the ones each sync needs and flags any gaps with a one-click jump to the consent screen.

March 2026

  1. Improvement

    Centralised error reporting

    Background errors across server actions, edge functions, and the browser now flow into a single store with fingerprint-based deduplication, redaction of secrets and personal data, and short reference codes you can share in support requests.

  2. Improvement

    SLA engine moved to a 15-minute edge tick

    Service-level timers now advance on a managed edge schedule with a singleton lock and a per-tenant scan cap, so breach and at-risk events fire on time even on busy tenants. The same pure engine runs in-app and on the edge so behaviour stays identical.

  3. Feature

    Workflow actions for SLA control

    Workflows can now pause, start, stop, or reset an incident SLA, and react to six SLA trigger events including breach and at-risk for both response and resolution. Useful for pausing while a ticket waits on a customer reply.

  4. Security

    Sensitive fields stripped from workflow updates

    Workflow update-CI actions now recursively scrub keys ending in vault-ref, secret, password, or token from any nested payload before they reach the database. Prevents accidental exposure when a template references the wrong field.

February 2026

  1. Feature

    Custom CI attributes

    Each configuration item type now exposes 15 typed custom-attribute slots with proper data types, replacing the freeform JSON extension field. Attributes are queryable, sortable, and respect tenant isolation.

  2. Feature

    Layer 2 network enrichment

    Switch and device pages now show LLDP neighbours, MAC address tables, and a reverse index of where any host's MAC has been observed. Topology builders draw physical links separately from logical relationships.

  3. Feature

    Recycle bin for configuration items

    Deleting a configuration item now sends it to a recycle bin instead of removing it permanently. Items can be restored or purged, and recycled rows are excluded from inventory counts.

  4. Feature

    Per-member permission overrides

    Individual members can now have permissions granted or revoked above or below their base role. The permission helper consults overrides before falling back to role defaults so authorisation stays consistent everywhere.

January 2026

  1. Security

    Tenant ID immutability across the schema

    Every mutable table now rejects updates that try to change the owning tenant ID. Combined with row-level security and compound foreign keys, cross-tenant data leakage through update statements is no longer representable.

  2. Security

    Independent approver enforced on changes

    The creator of a change request can no longer approve their own change, and the same reviewer cannot vote twice. Duplicate-vote attempts surface a clear error rather than a database constraint violation.

  3. Fix

    Stripe webhook retries on handler failure

    If the Stripe webhook handler fails after marking an event as processed, the mark is now rolled back and the response is a 500 so Stripe will retry. Previously a transient failure could drop an event permanently.

Want to see what’s next?

Browse the feature set or register your interest to be notified when Kovira is live.

See featuresGet notified when we launch