June 9, 2026 SaaS Alerts release notes

Fortify Action Processor 3.6.0

Activate Defender for Cloud Apps automation (MCAS API token onboarding)

New custom remediation fortify_mcasActivation. Customer pastes a Cloud Apps API token; Fortify validates it, stores it in Key Vault ({orgId}-CloudAppsApiToken), masks the value in the action doc, and sets mcasConnected. MCAS helper now does dual-path auth — prefers the stored API token (Authorization: Token), falls back to the existing OAuth Bearer flow so existing orgs are unaffected.
New recAction: MCAS custom activity policy (McasCutomActivityPolicy)

New remediation creating/updating/deleting a Defender for Cloud Apps custom activity policy ("multiple failed sign-ins" / password-spray detection) with configurable alert email recipients. Added alertEmailRecipients param with save-time email-format validation
Simplify template apply/alternative-mitigation detection via new type field
New recAction: OAuth app notification policy (McasOAuthAppNotification)

New automated remediation for the Secure Score rec "Create an OAuth app policy to notify you about new OAuth applications." Creates/updates/deletes a Defender for Cloud Apps OAuth app permission policy covering all apps and permission levels, alerting configured recipients on new consents. Converts a previously manual action to fully automated apply/undo.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.