When there are 0-day threats, it would be great to target machines with the 0-day patches released from Microsoft etc... and made available from the Software Installation option and being able to search for the KB number to deploy.
Alternatively if Atera had its own storage available to its customers to reference for the afore mentioned updates. Customers could download their own patches and search for them to be deployed centrally.

The possibiliy to store personal passwords of technicians also for themselves - passwords that only the technician should know (personal passwort safe) for Logins on 3rd party portals for example

Ability or script to change and domain admin password or add a domain admin user / password.

A e-mail notification (maybe with an authentication code) when remote shell actions get executed by a user or process. This way if ever a user account gets hacked they are unable to directly execute actions on the system without user interaction.

I would like the option to permanently stop Atera from asking me to set up biometric logins. I already reset my mfa because it was a significant number of clicks to skip the biometric login and use TOTP instead. Now that I have done this, it still requires an excessive number of clicks to login to the admin console because you have to dismiss the requests to set up biometric login.

2FA : it should remember my settings. Right now, there are 8 clicks to log in. I just want to put in the passwords and 2FA, not biometric. Would be nice for it to remember how we want to log in. Too many clicks. It keeps showing me all the options every single time

To help automate security it would be nice for Atera to check if a customer has experienced a breach or their data has been compromised on the dark web. To protect system admins.

Enable generating a totp code within password manager for client passwords stored in password manager

Please consider allowing more than 1 device to login to Atera with Windows Hello credentials through Auth0.

Backing up or exporting files: We spend all of our lives backing up things for our customers, feels uncomfortable not to back up our databased. if Atera is hacked and if we don't have a back up and we will have a problem. It would be a facility to have a backup of Atera. It is not about migrating to a new service. Us knowing we have a secure backup every week and every night.

Hi,

If we store our customer's 365 tendency log-in details, we would like to see an option to set up the MFA\2FA and generate the MFA code so that we can improve the security of our customer's accounts.

Huge security risk to only have a singly read/write API key - I see there are suggestions for separate read/write one but realistically we should be generating keys per app and have the option to limit the scope to specific features or customers.

The API key gets transferred in the clear on PowerShell scripts to a customer device - so there really needs to be some improvements in this area.

The ability to Lock access to your home country and also be able to Lock to Azure static IPs if you have Geo remote users and want them to use a host VDI that is Geo located in your home country/ Region.

My customers are extremely privacy-conscious, an acceptance password for Splashtop to confirm the connection would help a lot. Just connecting to the machine is causing some problems.

It would be good if Atera would commission a third party to undertake a security audit of the Atera platform and publish the report. How can we provide any kind of assurance to our customers when we do not even know if security is being looked at?

If Atera suffers from a breach what can we say to our customers? We use a random product that we have no idea the security of it and they got hacked?

Have a checkbox for permanently trust this device.

2fa on a phone is completely redundant. If somebody steals my phone and hacks my password, then they instantly have access to my authentication app to access the atera app anyway. Not very well thought through and pointless having to do it even once a week.

The only application I can possibly think of is an employee that leaves, in which case their access could be revoked through the portal anyway.