Summary We're finalizing the migration from Private Applications to Private Resources for customers using client-based ZTNA. If your organization has been migrated to support client-based ZTNA, the legacy Private Applications and Private Application Groups API endpoints will now return HTTP 410 (Gone) responses, aligning the API behavior with what you've already been seeing in the Dashboard.   Before Private Applications were the original method for configuring secure access to internal resources. Customers used these API endpoints to manage their applications and application groups: Legacy Private Applications Endpoints: https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-application/  Legacy Private Application Groups Endpoints: https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-application-group/    For customers migrated to client-based ZTNA, the Dashboard has been showing a warning message indicating that Private Applications have been migrated to Private Resources. However, the API endpoints continued to function during the transition period.   Today For customers migrated to support client-based ZTNA: The Private Applications and Private Application Groups API endpoints will now return HTTP 410 (Gone) when called. This status code indicates that the resource has been permanently removed and you should migrate to the replacement API.   Note: For client-based ZTNA migrated organizations, any Private Applications or Private Application Groups created through the legacy endpoints would not be used by the upgraded services, therefore these endpoints now return 410 errors to prevent unintentional misconfiguration.   Example Error Response: When calling Private Applications or Private Applications groups endpoints, you'll receive: json { "errors": [ "This endpoint has been deprecated and is no longer available." ], "message": "Private applications have been migrated to Private Resources. Please use the Private Resources API endpoints instead.", "documentation": "https://developer.cisco.com/meraki/api-v1/create-organization-secure-connect-private-resource/" } Who is affected: - Organizations that have been migrated to support client-based ZTNA - If you've been seeing deprecation warnings in the Dashboard for Private Applications, this applies to you   Who is NOT affected: - Organizations still using the Private Applications system who have not been migrated for client-based ZTNA will continue to have access to these endpoints until their migration is completed   Migration Path Use Private Resources instead of Private Applications: Private Resources provide enhanced functionality and support for client-based ZTNA. Your existing Private Applications have already been migrated to Private Resources in the Dashboard, and are available via private resource endpoints documented below.   New API Endpoints: Private Resources: https://developer.cisco.com/meraki/api-v1/get-organization-secure-connect-private-resources/  Private Resource Groups: https://developer.cisco.com/meraki/api-v1/get-organization-secure-connect-private-resource-groups/    Action Required If you're using the legacy Private Applications API endpoints and have been migrated to client-based ZTNA: 1. Update your API integrations to use the new Private Resources endpoints 2. Test your integrations to ensure they work with the new API structure 3. Handle HTTP 410 responses gracefully in your error handling code   If you have questions or need assistance with the migration, please reach out to Secure Connect support. ... View more

Summary: Cisco Secure Client ZTA Agent version 5.1.13 is now available for download in the dashboard and includes a fix for the certificate validation issue. Promptly upgrade to ensure uninterrupted operation of Zero Trust Access.   Background: A flaw has been identified in Cisco Secure Client ZTA Agent versions 5.1.8 through 5.1.12, where the agent may fail to start after the code-signing certificate expires. This issue results in certificate verification errors, as shown in agent logs, and will prevent the ZTA Agent from launching past the listed certificate expiration dates.   Version Certificate Expiry Date 5.1.9 January 14, 2026 5.1.10 January 14, 2026 5.1.11 June 4, 2026 5.1.12 June 4, 2026   After these dates, affected agents will no longer function due to certificate expiration. Action Required: To avoid service interruption, customers running versions 5.1.9 or 5.1.10 should upgrade to Cisco Secure Client ZTA Agent version 5.1.13 as soon as possible. This issue has been resolved in the latest release. Please review your current agent versions and refer to the certificate expiry dates to determine your risk and prioritize your upgrade plan. For more details and release notes, visit: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/Cisco-Secure-Client-5/release/notes/release-notes-cisco-secure-client-5-1.html    Cisco Secure Client version 5.1.13 is now available on Dashboard under Secure Connect > Identities & Connections > Remote Access. Look for the Secure Client Downloads button; you'll see the latest version number and buttons to download the client packages from the modal:    For any questions or issues, contact Support for assistance and reference this article or the release notes above.  ... View more

Background: Secure Connect customers use a Meraki Dashboard that makes API calls to underlying Umbrella data warehouses. Generally, the Meraki Dashboard region and Umbrella data warehouse region are easily aligned; when they are not correctly aligned some UI errors occur.   Some customers, especially those near the geographic boundaries of these regions, have encountered intermittent UI errors due to latency-based routing behavior. Learn more about Meraki Dashboard Data Storage here. Learn more about Umbrella Data Warehouse Locations here. In all scenarios, customer data is always stored in their preferred region as defined in their organization settings.    What's new: We have implemented more strict internal routing to alleviate these intermittent UI errors and updated the region mappings as follows:    Note: Secure Connect customers with Organizations in Meraki's "South America" region should be using Umbrella's "North America" Data Warehouse.    Learn more about Secure Connect region mappings here. ... View more

Summary We've been working to improve the Public Application risk scoring UI. The latest update restores Risk Score visibility, sort, and filter to the Public Applications table and introduces a new value to the API.      Before Until recently, we displayed and allowed filtering for Public Application Risk Scores as shown here:    These scores were a consensus risk score across customers, but feedback suggested that was confusing when compared to customer-specific risk scoring in Umbrella. We heard the feedback, and temporarily pulled that data from the table.   The customer-specific risk score has always been available in the drawer, as shown here:       Today Now we're displaying the customer-specific risk scores per public application as shown here:   With this change, there's a new 'null' value being introduced on the API, documented here:   https://developer.cisco.com/meraki/api-v1/get-organization-secure-connect-public-applications/  ... View more

We are improving the visibility of the Legacy Keys by displaying the status of each API Key on the License and API Keys page. You’ll now have specific visibility into which key should be refreshed in case of errors in the dashboard.   To check the status of your API Keys, visit your License and API Keys page: What you’ll see when… All Keys are in good shape: Network Devices key needs to be refreshed:  Reporting key needs to be refreshed:  Management key needs to be refreshed:   For help identifying and fixing an API Key issue, see this doc: I’m seeing errors everywhere! What do I do? ... View more

We are improving the visibility of Secure Connect licensing by bringing visibility into our dashboard. This is the first step of several to provide additional transparency and better communication to our customers and service providers. It is also another small step on our journey to unify our dashboard and remove all cross-launches.   Where to find it:    What it looks like:    What’s next in this area: - Alerting and messaging in dashboard for renewals. - Global overview visibility and API for licensing. ... View more