2.41.1463

Release 2.41 introduces the following new features:

• RDP admin sessions: The connection settings for Windows VMs now include an additional setting, Session type. When you set this to Admin, IAP Desktop connects to the VM in administrative mode, similar to mstsc /admin. (#1326)

• Type clipboard text: In situations where you can't use copy/paste to copy text to a Remote Desktop session, you can now let IAP Desktop simulate keyboard input by using the Session > Type clipboard text command.

• Instance properties: The Instance properties window now shows additional details, including VM metadata, CPU architecture, and labels.

In addition, the release includes several stability improvements and fixes, including:

• Linux usernames containing dots weren't acccepted, despite being POSIX-compliant (#1312, fix contributed by @dave-pollock)

Additional notes:

• IAP Desktop will soon drop support for Windows 8.1 and Windows 2012 R2 as these versions of Windows are past their end of life.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.40.1418

Release 2.40 introduces the following new features:

• Faster RDP full-screen switching: Entering and leaving full-screen mode is now faster and, in most cases, no longer requires a reconnect. (#1005)

• RDP in restricted admin mode: You can now connect to Windows VMs using RDP in restricted admin mode. You can enable restricted admin mode in the connection settings.

• SSH password prompting: When you're using SSH with password authentication, you can now choose between saving credentials or letting IAP Desktop show a password prompt every time you connect. (#1227)

• Tunneling: You can now use IAP Desktop to create IAP tunnels to MySQL/MariaDB, Postgres, SQL Server, and custom server applications. You can then use any tool to connect to that tunnel and the tunnel remains open until you close IAP Desktop. (#1192)

• Session management: You can now close multiple sessions at once by using the Close all or Close others menu items in the session menu.

• Project search: When you add a new project, you can now search for projects by any term, not just by prefix. (319229912)

• x64: When you download IAP Desktop, you can now choose between x86 (32-bit) and x64 (64-bit). We recommend switching to the 64-bit version if you're frequently using more than ~8 RDP sessions in parallel to avoid resource exhaustion issues. (#1203)

In addition, the release includes several stability improvements and fixes, including:

• The New logon credentials command suggested an invalid username when you configured a UPN in the VM's connection settings.
• Under certain circumstances, double-clicking a file in the SSH file download dialog could cause IAP Desktop to crash. (325757513)

Additional notes:

• Support for RDP bitmap persistence has been removed.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.39.1348

Release 2.39 introduces the following new features:

• WebAuthn over RDP: IAP Desktop can now redirect local Windows Hello/FIDO2 authenticators over RDP so that you can use them in a Remote Desktop session.

• Improved high-DPI screen support: The application now uses GDI scaling to reduce blur on high-DPI screens.

• OS Login with workforce identity: As a workforce identity user, you can now use IAP Desktop to connect to Linux VMs that use OS Login. Note that to use OS Login with worforce identity, you might need to update your VM's guest environment. (#1158)

• Password/keyboard-interactive SSH authentication: For VMs that don't support public key authentication, IAP Desktop can now use password or keyboard-interactive SSH authentication. To use password or keyboard-interactive SSH authentication, open the VM's connection settings and set Public key authentication to disabled. (#743)

• Ephemeral SSH keys: You can now configure IAP Desktop to use a new, ephemeral SSH key every time you launch the application. Using ephemeral SSH keys lets you use IAP Desktop in scenarios where the Windows CNG key store has become corrupted or inaccessible or when you're logged in using a read-only Windows profile. (303075734, 275455836, 307194658, 308161113)

• FIPS 140-2 compatibility: IAP Desktop now works on computers that have been configured to only allow FIPS-compliant cryptographic algorithms (311436717)

In addition, the release includes several stability improvements and fixes, including:

• Using a proxy server that requires NTLM authentication could result in sporadic connection failures. (317964071, 316679392, 318732966)
• On computers that have Hyper-V installed, connecting to a VM sometimes failed because of a port conflict. (317595820, 309816619)
• Publishing an SSH key to VM metadata could fail if you only had actAs access to the VM's service account, but not to the enclosing project.

Additional notes:

• IAP Desktop no longer works with .NET 4.6.2 and instead requires .NET 4.7 or a newer version of the .NET framework.
• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.38.1281

Release 2.38 introduces the following new features:

• Workforce identity: IAP Desktop now supports workforce identity federation as an alternative way to sign in to IAP Desktop.

• Easier reauthentication: When your session expires, IAP Desktop no longer requires you to grant consent for multiple OAuth scopes, making it quicker and easier to reauthenticate.

• Private service connect: You can now let IAP Desktop connect to Google Cloud APIs through Private Service Connect (PSC). You can use PSC to connect from corporate networks that have Cloud VPN/Interconnect access to Google Cloud, but might otherwise have limited internet access. #1028.

• SSH rsa-sha2-512 and rsa-sha2-256 authentication: When you configure IAP Desktop to use an RSA key for SSH public key authentication, the application now defaults to using rsa-sha2-512 or rsa-sha2-256 instead of the deprecated rsa-ssh algorithm.

• Port forwarding: You can now create custom tunnels by right-clicking a VM and selecting Connect client application > Forward local port. Port forwarding is an alternative to registering a custom client application and doesn't require any extra configuration. On multi-user systems such as RDS farms, IAP Desktop only allows applications from the same session to connect. #936

• SQL Server Management Studio: When you connect to a VM using SSMS, Object Explorer now shows the name of the VM you're connected to. #1071.

• Data sharing: To help us improve and prioritize features, you can now optionally allow IAP Desktop to collect and share usage data. Data sharing is disabled by default for all users.

• VPC-SC: When accessing a VM failes because of a VPC service control policy, the error message now includes a troubleshooting ID and a link to the troubleshooting tool.

• Updated group policy templates: You can now use Active Directorg group policies to manage Private Service Connect and and workforce identity federation settings across endpoints.

• Secure Cloud Console: When you've enabled BeyondCorp certificate-based access, all links to the Cloud Console now use the secure Cloud Console (console-secure.cloud.google.com).

Additional notes:

• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
• Workforce identity federation is subject to certain limitations and currently doesn't support OS Login.
• Future releases of IAP Desktop will require .NET 4.7 or later (instead of .NET 4.6.2). This change is expected to have minimal impact.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.37.1187

You can now use IAP Desktop to launch database clients and other client applications and let them securely connect to Google Cloud VMs over IAP TCP forwarding.

To use the feature, right-click a VM in the Project Explorer window and select Connect client application. IAP Desktop then creates an IAP TCP forwarding tunnel, launches the application, and lets the application connect to Google Cloud through the tunnel.

You can use this feature with the following client applications:

• SQL Server Management Studio (SSMS): You can launch SSMS and let it authenticate and connect to SQL Server using either Windows authentication or SQL Server authentication. You can use Windows authentication even if your workstation is not domain-joined or if it's joined to a different domain than your SQL Server instance.

• MySQL Shell: You can launch the MySQL command-line client to connect to MySQL servers.

• Chrome: You can launch Chrome to connect to management portals or other websites that are only available inside your VPC on port 80 or 8080.

• Custom applications: You can extend the feature by registering your own applications.

Other new features include:

• Multiple RDP sessions to same VM: You can now create multiple sessions to the same Windows VM by right-clicking a VM in the Project Explorer window and selecting Connect as user.

• Enhanced Properties window The Properties Window now shows additional details about a VM's security settings

In addition, the release includes several stability improvements and fixes, including:

• Several improvements to the dark theme
• A fix for an issue that caused the options dialog to fail when the connection limit was set to lower-than default value (283811054)
• IAP Desktop now closes unused tunnels as soon as they're not used anymore, freeing up system resources

Additional notes:

• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might have to re-authenticate more often.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.36.1101

Release 2.36 introduces the following new features:

• Connect via VPN/Interconnect: In situations where you can't use IAP TCP forwarding, you can now
  configure IAP Desktop to directly connect to the private IP address of a VM. You can find the new setting in
  the Connection Settings window and you can configure it for individual VMs, zones, or entire projects. (#870)

• Tab coloring: IAP Desktop now uses different tab colors to help distinguish different types of sessions:

  • Blue indicates that a session was connected via IAP TCP forwarding
  • Gold indicates that a session was connected via VPN/Interconnect
  • Plum/purple indicates that a session was initiated from a browser

• Session tooltips: Hovering over a tab now shows information about the session, including the user you
  used to authenticate.

• Automatic theme selection: IAP Desktop now automatically selects a theme (light/dark) based on your
  Windows settings.

• Credential callbacks: When launching IAP Desktop from a browser, you can now optionally provide a
  credential callback URL that IAP Desktop can use to automatically obtain user credentials. (#872)

In addition, the release includes several stability improvements and fixes, including:

• After minimizing and restoring a full-screen RDP session, the window wasn't properly restored. (280783689)
• Opening an iap-rdp:/// URL didn't work
  correctly if you were already connected to the same VM and the IAP Desktop window was minimized.
• If you set an operating system filter in the Project Explorer window, the filter was persisted.
  This was inconsistent with how other filters worked. (273494372, 280659989)
• In some circumstances, launching a second copy of IAP Desktop caused the first copy to fail (280666330, 278929559).

Additional notes:

• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.35.1020

Release 2.35 introduces the following new features:

• Dark mode: You can now choose between the (default) light theme and a new dark theme by going to Tools > Options > Appearance. Dark mode works on Windows 11 and recent versions of Windows 10 (20H1 or newer). (#715)
• Updated theme and icons: Both themes have been updated to look more modern and are now using a new set of icons.

In addition, the release includes several stability improvements and fixes, including:

• You can now launch multiple instances of IAP Desktop as the same user across different Windows sessions. Previously, launching IAP Desktop failed with an error "All pipe instances are busy" if another instance was running as the same user, but in a different (RDP) session. (270097766)

Additional notes:

• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.34.988

Release 2.34 introduces the following new features:

• Windows Defender integration: Files downloaded from a Linux VM are now automatically scanned by Windows Defender.
• Sign in with Chrome in guest mode: The Sign-in dialog now provides an option to sign in with Chrome in guest mode, making it easier to sign in for secondary profiles.

In addition, the release includes several stability improvements and fixes, including:

• You can now configure the maximum number of concurrent TCP connections IAP Desktop uses per endpoint. You can use this setting in situations where a proxy server doesn't permit more than a certain number of connections in parallel (#851).
• You can now customize the RDP connection timeout in the connection settings. Extending the timeout can be useful when entering credentials manually instead of using saved credentials.
• The minimum window size has been reduced, making it easier to use IAP Desktop on 1080p displays (#841).
• Downloading a file from a Linux VM failed if the file used file name that's not supported by Windows (#828).

Additional notes:

• Windows 8.1 is now out of support and future releases of IAP Desktop will no longer be tested to work on Windows 8.1.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.33.964

This is release 2.33 of IAP Desktop.

This release introduces the following new features:

• SFTP file download: When you're connected to a Linux VM, you can now download files by selecting Session > Download files. You can then browse the remote file system and choose which files to download (#633).

  To upload files, drag-and-drop them onto an SSH terminal window.

In addition, the release includes several stability improvements and fixes, including:

• Pasting multi-line text into nano didn't properly preserve line endings (253777656).
• The terminal did not handle certain cursor-related commands correctly, possibly causing the cursor to disappear (253777494).
• The terminal did not handle certain color-related xterm commands correctly.
• When using a tiled window layout with multiple RDP sessions, moving the focus between sessions could cause the Session menu to not show the right commands.

Notice about upcoming breaking changes:

• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

2.32.939

This is release 2.32 of IAP Desktop.

This release introduces the following new features:

• Resilience to network connectivity issues: When you temporarily loose internet connectivity, IAP Desktop can now recover lost connections without impacting active RDP or SSH sessions.
• Floating windows: When you "tear off" a Remote Desktop of SSH session tab, the floating window can now be minimized and maximized (#712)
• Project Explorer window: The window now remembers whether you've collapsed or expanded a project across restarts (#775)

In addition, the release includes several stability improvements and fixes, including:

• Minimizing the application window caused terminal window contents to be cleared (248087823)
• When SSH public key authentication failed, the error message did not indicate that the failure could be due to the use of ssh-rsa (#790)
• For new installations, IAP Desktop incorrectly used RSA as default key type for SSH public key authentication instead of ECDSA

Notice about upcoming breaking changes: Upcoming IAP Desktop releases are planned to implement the following breaking changes:

• Future releases might only be made available for 64-bit versions of Windows.