Summary We're finalizing the migration from Private Applications to Private Resources for customers using client-based ZTNA. If your organization has been migrated to support client-based ZTNA, the legacy Private Applications and Private Application Groups API endpoints will now return HTTP 410 (Gone) responses, aligning the API behavior with what you've already been seeing in the Dashboard.   Before Private Applications were the original method for configuring secure access to internal resources. Customers used these API endpoints to manage their applications and application groups: Legacy Private Applications Endpoints: https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-application/  Legacy Private Application Groups Endpoints: https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-application-group/    For customers migrated to client-based ZTNA, the Dashboard has been showing a warning message indicating that Private Applications have been migrated to Private Resources. However, the API endpoints continued to function during the transition period.   Today For customers migrated to support client-based ZTNA: The Private Applications and Private Application Groups API endpoints will now return HTTP 410 (Gone) when called. This status code indicates that the resource has been permanently removed and you should migrate to the replacement API.   Note: For client-based ZTNA migrated organizations, any Private Applications or Private Application Groups created through the legacy endpoints would not be used by the upgraded services, therefore these endpoints now return 410 errors to prevent unintentional misconfiguration.   Example Error Response: When calling Private Applications or Private Applications groups endpoints, you'll receive: json { "errors": [ "This endpoint has been deprecated and is no longer available." ], "message": "Private applications have been migrated to Private Resources. Please use the Private Resources API endpoints instead.", "documentation": "https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-resource/" } Who is affected: - Organizations that have been migrated to support client-based ZTNA - If you've been seeing deprecation warnings in the Dashboard for Private Applications, this applies to you   Who is NOT affected: - Organizations still using the Private Applications system who have not been migrated for client-based ZTNA will continue to have access to these endpoints until their migration is completed   Migration Path Use Private Resources instead of Private Applications: Private Resources provide enhanced functionality and support for client-based ZTNA. Your existing Private Applications have already been migrated to Private Resources in the Dashboard, and are available via private resource endpoints documented below.   New API Endpoints: Private Resources: https://developer.cisco.com/meraki/api-v1/get-organization-secure-connect-private-resources/  Private Resource Groups: https://developer.cisco.com/meraki/api-v1/get-organization-secure-connect-private-resource-groups/    Action Required If you're using the legacy Private Applications API endpoints and have been migrated to client-based ZTNA: 1. Update your API integrations to use the new Private Resources endpoints 2. Test your integrations to ensure they work with the new API structure 3. Handle HTTP 410 responses gracefully in your error handling code   If you have questions or need assistance with the migration, please reach out to Secure Connect support.

Background: Secure Connect customers use a Meraki Dashboard that makes API calls to underlying Umbrella data warehouses. Generally, the Meraki Dashboard region and Umbrella data warehouse region are easily aligned; when they are not correctly aligned some UI errors occur.   Some customers, especially those near the geographic boundaries of these regions, have encountered intermittent UI errors due to latency-based routing behavior. Learn more about Meraki Dashboard Data Storage here. Learn more about Umbrella Data Warehouse Locations here. In all scenarios, customer data is always stored in their preferred region as defined in their organization settings.    What's new: We have implemented more strict internal routing to alleviate these intermittent UI errors and updated the region mappings as follows:    Note: Secure Connect customers with Organizations in Meraki's "South America" region should be using Umbrella's "North America" Data Warehouse.    Learn more about Secure Connect region mappings here.

New DCs in India.

New DCs in Australia and Canada

The SAML certificate used for Secure Web Gateway (SWG) user identification will expire on the May 13, 2025, 07:00:46 UTC. This certificate will be renewed and made available on the March 30, 2025. This will allow time from then until May 13, 2025 for you to update your identity provider (IdP) with the renewed Umbrella SAML certificate.   Updating the certificate is essential to avoid SAML user authentication failures and loss of internet access for those users.   Please use the link below to learn more: https://community.cisco.com/t5/umbrella-announcements/saml-certificate-for-swg-user-identity-expirin...   If you have questions, please contact the Secure Connect support team. 

A running list of feature updates for Secure Connect.

Currently, we have two data centers in Mumbai, IN. Those data centers will be undergoing consolidation the first week of July. To ensure minimal impact on your business operations, we have scheduled the consolidation to occur during non-business hours. Nevertheless, we advise all customers to plan for a possible service interruption in Mumbai during the maintenance period.   If you are utilizing AutoVPN or IPsec tunnels at the Mumbai data center, rest assured that your tunnels should be seamlessly migrated to the consolidated data center. We will be using the same automated tunnel migration process when a data center goes out of rotation for maintenance.  There may be a disruption as we transition your active connections, requiring a disconnect and reconnect phase. To minimize any chance of impact, please make sure you have backup tunnels configured to the secondary data center.   Please contact our support team if you have any issues post-migration.     https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco___Secure_Connect_Troubleshooting_Guides/How_to_Contact_Cisco___Secure_Connect_Support