CyberQP Product Roadmap

filter-by-category-product-roadmap
  • All Stages
  • In Preview (7)
  • In Development (1)
  • In Research (7)
In Research

Burner & Shared JIT Account Support

We’re expanding our Just-In-Time (JIT) access capabilities by introducing support for Burner and Shared JIT account models—giving partners more flexibility in how JIT accounts are created, managed, and cleaned up. In addition to the existing per-technician JIT model, admins will be able to choose between: (1) Burner JIT accounts, which are automatically created and deleted after each session for maximum security and minimal footprint, and (2) Shared JIT accounts, which allow multiple technicians to activate a common JIT account that is disabled after each use. These options help reduce account sprawl, align with enterprise access practices, and support tighter lifecycle control. The update includes enhanced profile provisioning to skip Windows onboarding screens, customizable username conventions, retry logic for failed deletions, and Temporary Access Pass support to streamline M365 JIT logins without repeated MFA setup. Admins can select a default model per customer and manage account behavior at scale with bulk actions.

In Research

Duo Identity Verifcation Integration

We’re expanding CyberQP’s identity verification capabilities with a new Duo Integration, enabling MSPs to verify end-user identities using Duo’s secure push notifications directly within the CyberQP dashboard and PSAs. This feature builds on our existing verification options, providing a more secure and frictionless option for identity verification. Leveraging Duo’s strong authentication already widely deployed for SSO and MFA means no additional apps or enrollment overhead for you or end-users.

MSPs can configure a single Duo integration to support all their customers via Duo’s multi-tenant portal, with CyberQP intelligently surfacing Duo as a verification option when applicable. Technicians can trigger Duo Push for end-user verification, with pass/fail results logged and displayed in the CyberQP dashboard for audit and workflow automation. This provides critical security assurance before executing sensitive actions like access requests or ticket generation. It also reduces dependency on more vulnerable methods like SMS or email, speeding up verification while hardening identity workflows. Existing customers benefit from seamless rollout with no need to import user emails or phone numbers into CyberQP, further reducing friction. This feature will enhance both user experience and security posture for MSPs looking to elevate trust in end-user interactions.

In Research

Customer-Specific Branding for Elevation & End-User Touchpoints

To build trust and deliver a professional, personalized experience, we’re introducing Customer-Specific Branding across CyberQP’s elevation workflows and end-user interactions. you will be able to upload unique branding assets such as logos and icons for each customer, which will then be applied to key touchpoints including UAC elevation prompts, system tray menus, welcome and identity verification emails, and the CyberQP Self-Serve portal (web, iOS, and Android). This ensures that end-users see recognizable branding during critical interactions, reducing confusion and increasing confidence in the legitimacy of requests. Default placeholders will be used when no logo is provided, and branding will appear automatically when elevation is enabled for a customer. This feature enhances the end-user experience while reinforcing the your professionalism and presence ultimately helping drive user trust, security adoption, and brand awareness across your environments.

In Research

GDAP-Specific JIT Policies for Scalable and Secure Access

To simplify and secure technician access to Microsoft 365 environments across multiple customers, we’re introducing GDAP-Specific JIT Policies a new policy type purpose-built for IT-Professionals using Microsoft’s GDAP (Granular Delegated Admin Privileges) framework. Today, technicians must create and manage one JIT account per customer, often resulting in hundreds of accounts and OTPs that are difficult to track. Our current GDAP JIT solves this but requires access to the MSP’s internal M365 tenant, which introduces risk and complexity.

This new policy type allows MSPs to define a centralized, secure GDAP JIT policy without assigning privileged roles or specific customers. Instead, MSPs can grant access to selected security groups mapped to GDAP roles and limit technician access by group. Once configured, technicians can create and activate GDAP JIT accounts across any customer tied to the GDAP integration without needing direct access to the MSP’s core tenant. This dramatically reduces account sprawl, simplifies policy management, and maintains a strong security posture by preventing unnecessary privilege exposure. Technicians can activate GDAP JIT accounts from the global JIT menu or within eligible customer environments, all while leveraging CyberQP’s existing JIT framework.

In Research

Application Blocklisting and Execution Controls for Non-Privileged Software

We’re expanding CyberQP’s elevation security model by introducing Application Blocklisting, giving MSPs and IT professionals the ability to prevent the execution of unauthorized applications even those that don’t require elevated permissions. Many modern threats and policy violations originate from software installed in user-writable directories, which can bypass traditional privilege elevation safeguards. This new feature enables proactive control by allowing admins to block specific apps based on metadata such as file path, publisher, hash, or program name all while minimizing end-user impact.

When a blocked application is launched, users will see a customizable UAC-style prompt with options to request or automate approval, empowering help desk staff or onsite personnel to unblock legitimate actions while maintaining security. These controls can be applied globally, at the customer level or even at the user level, offering the granularity you need to enforce unique software policies across diverse environments. By combining real-time visibility, request workflows, and precise enforcement, this enhancement closes a critical gap in security and supports compliance without compromising user productivity.

In Research

M365 GCC High Support

To meet the needs of MSPs and end customers operating in highly regulated industries, we’re adding support for Microsoft 365 GCC High environments within CyberQP’s Just-In-Time (JIT) access framework. Government contractors and organizations handling Controlled Unclassified Information (CUI) require solutions that comply with strict compliance standards like FedRAMP and ITAR making GCC High support essential.

With this enhancement, MSPs managing GCC High tenants will be able to create, manage, and activate JIT accounts in those environments, just as they do today with standard M365 tenants. The feature ensures seamless integration while respecting the security boundaries and operational policies unique to GCC High. This unlocks secure, time-bound access for technicians without requiring standing privileges reducing risk while supporting compliance mandates. By extending JIT to GCC High, CyberQP helps partners serve sensitive sectors with confidence and meet stringent government-grade security expectations.

In Research

Native CyberQP MFA

To simplify security and reduce operational costs, we’re introducing CyberQP’s native Multi-Factor Authentication (MFA) solution a fully integrated, end-to-end MFA system built specifically for IT professionals managing privileged access. Today, you are forced to rely on third-party MFA tools like Duo or Microsoft Authenticator alongside CyberQP, leading to increased costs, fragmented workflows. Our built-in MFA will eliminate the need for separate vendors should you choose while providing a seamless and secure authentication experience across technician logins, end-user access, third-party contractors, and Just-in-Time (JIT) accounts.

This solution will support endpoint-level MFA enforcement for both domain-joined and non-domain devices, M365 portals, and even offline scenarios helping MSPs meet stringent compliance requirements like CIS, NIST, and cyber insurance mandates. With tight integration into CyberQP’s JIT workflows, technicians will benefit from faster logins and a more unified experience, without having to manage dozens of MFA tokens across tools. By consolidating privileged access and MFA into one platform, CyberQP strengthens its position as a comprehensive PAM solution tailored for IT professionals, driving cost efficiency, adoption, and improved security outcomes.

In Preview

Chrome Extension – M365 JIT Accounts

To improve technician efficiency and streamline secure access workflows, we’re introducing the CyberQP Chrome Extension, delivering powerful credential management and Just-In-Time (JIT) access directly within the browser. This extension eliminates constant tab-switching by allowing users to search, view, and autofill JIT account credentials including OTPs into Microsoft login pages with a single click. Key features include support for username/password and SSO login, inline credential suggestions, JIT account activation and management, and smart search across customers. Technicians can quickly copy or autofill credentials, activate accounts, and launch Microsoft portals directly from the extension all while respecting access controls and policies. With built-in session security, OTP management, and integration into CyberQP’s existing authentication flows, this tool will significantly reduce friction in daily technician workflows while maintaining strong access governance.

In Development

Customer-Scoped JIT Policies for Granular Access Control

We’re enhancing policy governance with Customer-Scoped JIT Policies, giving you more control over how Just-In-Time access is applied across their customer base. Previously, JIT policies were universally available to any customer a technician could access leading to potential compliance issues or the unintended complexity of privileged access. With this update, MSPs can now restrict specific JIT policies to designated customer groups, ensuring policies align with each customer’s unique security and compliance needs. Admins can also completely disable JIT usage for specific customers or Tech’s when necessary. This feature enables tighter access boundaries, reduces friction, and gives you the flexibility to enforce least-privilege principles more effectively across diverse environments.

In Preview

Guided Onboarding UI Wizard and Progress Tracker

We’re working on a new Onboarding UI Wizard to provide a clearer, more intuitive experience for both new and existing CyberQP partners. For first-time users, the wizard delivers step-by-step guidance through initial setup including adding customers, deploying agents, and configuring key features while highlighting the value and purpose of each action. For existing partners, the wizard evolves into a deployment progress tracker, offering visibility into feature adoption and deployment status across new and existing customers. Users can easily see what’s complete, what’s pending, and take action directly from the wizard. With skippable steps, contextual tips, and real-time progress indicators, this unified experience reduces setup friction, increases visibility, and helps partners accelerate secure rollout across their entire customer base.

In Preview

Unified Agent Deployment Page

To streamline the onboarding experience and simplify agent installation across environments, we’re working on a Unified Agent Deployment Page a centralized hub within CyberQP that consolidates all deployment methods in one intuitive interface. Whether accessed via the onboarding wizard, customer agents page, or the main navigation menu, this page dynamically adapts to the selected customer and presents relevant installation instructions, artifacts, and configuration options. Technicians can choose from manual, scripted, or RMM-based deployment methods (including support for tools like Datto, ConnectWise, NinjaRMM, N-Able, Kaseya, and Intune), all backed by copy-ready scripts tailored with customer-specific variables like install token, customer name, and agent ID. The page also includes real-time feedback with an embedded agent detection table that updates as new agents are installed and allows manual assignment post installation if variables are not present. This unified view simplifies deployment, ensures consistency, and accelerates agent rollout across all customer environments whether onboarding a single site or hundreds.

In Preview

Simplified Agent Installation supporting Customer Name, API or Deferred Assignment capability’s

We’re making agent deployment faster, smarter, and more flexible with a major upgrade to the CyberQP Agent Installer. This new approach eliminates the need for technicians to manually fetch agent install tokens, tenant IDs, or customer-specific install scripts before deployment. Instead, IT admins can now install the agent by simply providing a customer name, or even choose to install without assigning a customer assigning it later via the CyberQP Agents dashboard. If a matching customer doesn’t exist, the system can automatically create one or leave the agent unassigned until configured.

The installer will dynamically pull tenant and customer info using CyberQP’s API, and continue to support traditional install methods via agent ID for backward compatibility. This update also lays the foundation for a JWT token-based installation process, enabling secure, token-driven automated deployments. With built-in support for custom install scripts, region-specific installers, post-install restarts, and integration company name matching, this improvement significantly reduces setup friction and speeds up time-to-value especially for fast-paced onboarding scenarios or RMM-based deployments.

In Preview

Multi-Company Support for Shared AD & M365 Domains

To better support MSPs managing large organizations with multiple subsidiaries or geographical branches, we’re introducing Multi-Company Support for Shared Domains. This enhancement removes the current restriction that prevents a single Active Directory (AD) or M365 domain from being linked to more than one CyberQP customer. MSPs will now be able to assign accounts from a shared domain to multiple CyberQP customers, aligning with how these subsidiaries are structured in PSA systems like ConnectWise Manage, HaloPSA, and Autotask. This ensures MSPs can accurately map accounts, manage tickets, and bill each entity separately without sacrificing the operational efficiency of a centralized directory. With this feature, CyberQP aligns more closely with real-world MSP workflows and complex customer structures.

In Preview

Global Automatic Imports

Global Automatic Imports, a powerful new feature that enables MSPs to set default import settings for Active Directory (AD), Microsoft 365 (M365), and Local accounts across all customers. With this enhancement, accounts will be automatically imported as soon as the CyberQP agent is installed or M365 integration is completed, saving time and ensuring consistency. Partners can apply global settings or tailor import rules per customer, with support for both end-user and admin accounts. This update streamlines account onboarding, allowing for users to take a set-it-and-forget-it approach to onboarding new accounts.

In Preview

Account Discovery & UAC Remediation Tool

Roadmap Item: Local Admin Discovery & UAC Remediation Tool

To help MSPs reduce security risk and prepare for Privileged Access Management (PAM) rollout, we’re introducing a Account Discovery and UAC Remediation tool. This feature gives MSPs visibility into which users have local admin rights across all agented systems and makes it easy to convert unnecessary admin accounts to standard users either individually or in bulk. MSPs can also view and manage User Account Control (UAC) settings across endpoints to ensure proper elevation prompts are in place. The tool supports selective exclusions for critical or break glass accounts and enables bulk remediation actions, eliminating the need for time-consuming and error-prone scripting. Combined with CyberQP’s Audit Mode & End User Elevation, this capability streamlines environment hardening and lays a secure foundation for scalable, policy-based elevation workflows.

Experience the #1 Zero Trust Platform

Reduce Risk

Enhance Efficiency

Simplify Compliance