Up Next: What to Expect in the 2025.4 Release

Last updated: 08/09/2025 Expected Release date: First week of November

This is an early preview of the release notes; the features and details may change as we move closer to the final release.

Expect further updates in upcoming release notes. The final release notes, including the build number and upgrade details, will be shared as part of the actual release notes that will be around November.

What's New in 2025.4

We’re introducing exciting new features, enhancements, and critical fixes to improve usability, security, and performance. Here’s a preview of what’s expected in the 2025.4 release.

Native HaloPSA and Autotask REST API Support

The following two integration features are now available to all partners from this release:

HaloPSA Native Integration
Autotask REST API Support

These features were previously available only through a controlled rollout starting from 2025.2.1, but are now open for full partner adoption to support improved service workflows and API flexibility.

Dedicated native integration with HaloPSA (Professional Services Automation) inside N-central

Why we developed this?

While the existing HaloPSA integration was functionally complete, it introduced friction because it was managed across two separate platforms. Partners and Sales Engineers consistently highlighted the need for a simpler, faster, and more cohesive experience.

Also, having a native integration positions N-central as a centralized hub for ITSM/PSA integrations, aligning with the vision of a unified, modernized platform.

Features include:

Unified User Experience
- All configuration and operations are managed directly within N-central.
- No need to switch between HaloPSA and N-central or use third-party connectors

Device & Customer Mapping: Easily map devices and customers between N-central and HaloPSA for accurate service tracking and streamlined workflows.

Automated Ticketing:
- Automatically create and update tickets in HaloPSA based on N-central alerts.
- Two-way sync ensures ticket statuses remain aligned across both platforms.

Credential Management:
- Securely store and manage HaloPSA API credentials in N-central.
- Includes a "Test Connection" feature to validate your integration setup.

Optimized via HaloPSA APIs: All integration operations - ticketing, asset sync - leverage HaloPSA API endpoints.

Improved Time Entry User Matching: The integration now supports listing API-only users from HaloPSA.

With HaloPSA’s robust native billing capabilities - including support for billing based on the number of devices managed - the need to manage billing profiles directly in N-central has been eliminated.

While partners had shown strong interest in this features, critical issues were uncovered during testing with early adopters and as a result the GA was postponed until we fix critical issues in both NFR and Production environments.

The following are the changes we implemented:

Device Export & Asset Sync

Bulk Device Sync

Issue: Currently, only 15–25 devices can sync in a single job before failures or timeouts occur.
How we fixed it: Export hundreds of devices in a single job by increasing the existing rate limit for the Halo Batch Post API fallback to avoid timeouts. Also, any null or unused fields are removed from export JSON for faster, error-free processing.

Asset Uniqueness

Issue: The Halo setting “Asset tag must be unique” caused problems - if enabled, exports were blocked; if disabled, exports went through but created duplicates.
How we fixed it: Devices with the same name are now handled cleanly by appending all device names with N-central Device IDs.

Customer Mapping Validation

Issue: Devices that weren’t linked to a customer in N-central were still being synced, which confused PSA systems and created orphaned records.
How we fixed it: The Customer Name / Site Name is now mandatory during Customer Mapping. A warning message is displayed on the Customer Mapping page if no valid customer name is selected.
If an export is triggered without a complete mapping, the export fails gracefully with a clear error explaining why.

Smarter Error Messaging for Failed Device Exports

Issue: When device exports to Halo failed, the error messages were too vague or generic, making it hard to understand the root cause.

How we fixed it: Improved the export error messages so failures are clearly explained, helping admins quickly diagnose and resolve issues. The "Last Failure Timestamp" column shows the time of the error attempt, and the "Last Error Message" column contains a clear, user-friendly message explaining the failure.

400 Validation Errors – Clear guidance when fields are missing (e.g., “Device serial number missing”).

Error message after update:

401 Unauthorized Errors – Friendly messages when API credentials are invalid, with instructions to check the HaloPSA client secret.

429 Rate Limit Errors – User-friendly messages explain when too many exports were triggered and advise when to retry.

Ticketing Improvements

Issue: Tickets were mapped to wrong types and noted that required fields often blocked syncs.

Alert-Partners please ensure this setting is on your Halo side

All ticket type fields are configured as Visible – Not Required.

(Configuration → Tickets → Ticket Types → Edit → Field list → set to Visible – Not Required)

Approval process is disabled.

(Configuration → Tickets → Approval Processes → uncheck “Allow choice of CAB members when an approval step begins”).

Ensured that now the correct Ticket Types Are Assigned During Ticket Creation From N-central to HaloPSA.

Show & Download Error Messaging for Failed Device Exports

Issue: Previously, when a device export failed, the error message shown in the modal box was often too long, truncated, or unreadable.

How we fixed it: Partners can quickly capture and share error details without digging into logs.

Once users select the filter by Failed exports, only failed device export rows appear.
Long error messages in the Export Results table are now truncated with an ellipsis (…) for a cleaner view. Hovering over a truncated error shows the full message in a tooltip, so details are never lost.
Added two quick-action icons next to each error message: Copy to Clipboard – instantly copies the full error text for troubleshooting or sharing & Download as Text File – saves the full error (with device details and timestamp) as a .txt file for easy reference or support tickets.

Known Limitation:

At this time, errors can only be copied or downloaded one at a time. Bulk copy/download is not yet supported.

For detailed information on capabilities for Autotask REST API Support, see: N-central 2025.2.1 Release Notes

N-central SSO Enhancements – Stronger Security, More Control

This release strengthens SSO session security, administrator control by

Providing more flexibility to configure how N-central enforces token expiry to balance strict session security against compatibility with different identity provider (IdP) implementations.
Adding emergency controls with one-click session revocation when high security concerns arise.

Token Validity Check (new setting) for Microsoft Azure AD and Generic Identity Providers:

The "Enable token" validity check option is checked by default for new providers.
When enabled, N-central validates the token’s expiry claim on every request, ensuring immediate access termination once a token expires.

This setting applies only to active SSO sessions.

Existing IDP configurations upgrading to this version → validation defaults to off unless explicitly enabled.
For N-able Login (MSP SSO), token validity check is always enforced (not configurable in the UI).

Polling Interval (Added a new input bar)

The Polling interval setting defines how often N-central checks externally with the identity provider to confirm a token is still valid.

Default value is 5 minutes; range is 1 to 1,440 minutes.
Polling is independent of the token validity check. Even if you disable token claim validation, you can still configure external polling.
Tokens issued by N-able Login are time-limited (60 minutes), so sessions naturally expire if not refreshed.

The Polling Interval is updated for both new and existing IdPs.

Revoke All Sessions (Added a new button)

A new “Revoke all SSO sessions” button is available for Azure AD and Custom (OIDC) providers which forces all users authenticated with that provider to log in again. Use this when applying sensitive security changes or responding to access concerns.
Other providers and local authentication remain unaffected.

Clicking on this button will display a confirmation modal with message “You are about to revoke all active sessions for users authenticated via this SSO provider. This will force all linked users to log in again. Are you sure you want to continue?”

When the user clicks on the Confirm button, it invalidates all active sessions for users authenticated through this SSO provider. The user will be logged out and prompted to Login again.

User Audit Syslog Export – Additional Audit Events for Ecoverse Features

In earlier releases, the audit coverage for Ecoverse included:

Patch Management events (e.g., patch install/uninstall logs).
Reboot actions initiated from the Asset View.

This release significantly expands coverage to additional high-impact activities:

Take Control & Advanced RBM

Remote control session start/end (from Asset View, native session).
Remote background session start/end.
Remote background file transfer (upload, download).
Process termination.
Registry edits.
System shell command execution.

Scripting (Asset View)

Script executed.
Script added.
Script edited.
Script cloned.
Script deleted.
Script downloaded.

Asset Tags

Tag created.
Tag edited.
Tag assigned/unassigned to Assets.
Tag deleted.

Cloud Commander

Tenant connects, disconnect, remove.
Cloud users add, edit, delete.
Cloud user password reset.
Cloud user MFA reset.
Cloud user session revoked.
Cloud user disabled.
Cloud user license assigned/unassigned.
Cloud user assigned/unassigned to groups.
Cloud user assigned/unassigned to roles. To configure Syslog export and take full advantage of these features, see: Configure Syslog Export

Continued Development on CMMC-Compliant Version of N-central for On-Premises Partners

We are continuing development on the CMMC-compliant version of N-central, specifically designed for on-premises partner-hosted instances. This work is part of our broader initiative to ensure CMMC Level 2 compliance, supporting partners managing environments aligned with U.S. Department of Defense (DoD) cybersecurity requirements.

Bug Fixes

A range of high-impact bugs have been resolved in this release. Be sure to review the full list included below for more details.

Category	Updated Summary	Issue Key
Integration and Remote Support
Core	Remote desktop sessions blocked in some networks Issue: Partners couldn’t connect via Remote Desktop (RDP) when traffic passed through a proxy/firewall. Fix: Updated agent handling so remote desktop works reliably through proxies.	NCCF-767054
Core	PSA integrations disrupted after content validation change Issue: A recent change stopped allowing line breaks (newlines) in notification templates. Many partners relied on those newlines to format alerts for their PSA systems, so the change broke PSA notification processing. Fix: Restored support for newlines in templates, ensuring PSA integrations and notifications work as expected.	NCCF-712005
Performance & Task Reliability
Core	Device services sometimes showed as “stale” for several minutes Issue: AMP-based services showed as stale for 4–5 minutes before returning to normal, confusing monitoring dashboards. Fix: Corrected status reporting so services update in real time.	NCCF-736090
Core	Maintenance checks delayed other system tasks Issue: Maintenance refreshes ran too long, delaying other actions. Fix: Optimized refresh logic so tasks no longer get stuck.	NCCF-714640
Core	Errors when scheduling automation tasks at site level Issue: Site-level scheduled tasks for automation returned system errors when running on AMPs. Fix: Fixed task handling so scheduled tasks run reliably.	NCCF- 597747
Core	Asset info update task profile not working correctly Issue: The “Update Asset Info When Finished” task profile didn’t behave correctly when bulk asset updates were used. Fix: Adjusted the profile so asset info updates run as intended.	NCCF-204273
Core	System delays caused by internal counter Issue: Partners experienced delays tied to TimeElapsedCounter wait logic. Fix: Adjusted calculation logic to remove unnecessary wait times.	NCCF-404466
Security & Certificates
Core	Password policy option not applying Issue: The “Do not allow username-based passwords” option in Password Settings could not be enforced, weakening security policies. Fix: Fixed the password validation so the option now works.	NCCF-649150
Core	Outbound communication blocking did not fully apply Issue: Outbound communications continued even after being disabled, causing unexpected data flow. Fix: Updated logic so outbound communication is fully blocked when configured	NCCF-571471
Core	Root certificate store created invalid entries Issue: Upgrades built the root certificate store with invalid records, creating trust issues. Fix: Cleaned up store building process to ensure only valid records are included.	NCCF-572605
Core	Security and stability improvements with Jetty update Issue: Jetty version (9.4.54) contained known issues. Fix: Upgraded to Jetty 9.4.56 to improve stability and security.	NCCF-427410
Monitoring & Data Accuracy
Core	Endpoint Detection & Response (EDR) status displayed incorrectly Issue: EDR monitoring showed “No Data” in the UI even though API calls were retrieving data. Fix: Corrected UI reporting so service status is displayed accurately.	NCCF-542099
Core	Linux agent crash during log monitoring Issue: On some devices, a math error made the Linux agent crash when reading logs. Fix: Fixed the error so the agent no longer crashes.	NCCF-789878
Backup & Credentials
Core	Backups failed when password contained special characters Issue: Backups would fail if your FTP password had the “%” symbol in it. Fix: Backups now work even if your password includes special characters.	NCCF-789183
Core	ESXi login failed if credentials contained a hyphen Issue: Logging in to ESXi failed if your username or password had a “-” (hyphen). Fix: Logins now work with hyphens in usernames and passwords.	NCCF-709175
MSAD	AM Agent crash on app domain unload Issue: The AM Agent crashed when the AppDomain was unloaded with unhandled exceptions. Fix: Stabilized the unload process to prevent agent crashes.	MSAD-5149
MSAD	Misconfigured services due to AM Engine unload Issue: Unloading the AM Engine app domain caused service misconfigurations and agent instability. Fix: Adjusted handling during unload to avoid misconfiguration.	MSAD-5148

How to Prepare for 2025.4 in Advance

If you would like to participate in the public preview to test the new 2025.4 version in a non-production environment before rolling it out fully, the Public Preview of 2025.4 will be available in the 3rd week of October.

Stay Tuned

Be on the lookout for the official N-central – 2025.4 release in November 2025. We look forward to delivering these exciting updates - stay tuned for the full release package!

Forward-Looking Statements Disclaimer

This content may contain forward-looking statements regarding future product plans and development efforts. N-able considers various features and functionality prior to any final generally available release. Information regarding future features and functionality is not and should not be interpreted as a commitment from N-able that it will deliver any specific feature or functionality in the future or, if it delivers such feature or functionality, any time frame when that feature or functionality will be delivered. All information is based upon current product interests, and product plans and priorities can change at any time. N-able undertakes no obligation to update any forward-looking statements regarding future product plans and development efforts if product plans or priorities change.