Release 2.46 introduces a number of incremental improvements:

• Terminal copy/paste on click: You can now copy terminal output by selecting text and left-clicking the terminal. Similarly, you can use a right-click to copy the selected text and immediately paste it. The behavior is similar to what you might be used to from the Windows-builtin terminal.
• Terminal scrolling: You can now use Ctrl+PageUp/Ctrl+PageDown to scroll the terminal. These new shortcuts are active by default, but you can disable them under Tools > Options > Terminal. (#1611)
• Using microphones over RDP: When you connect to a Windows VM, you can now share your local microphone so that you can use it within the RDP session. Microphone sharing is disabled by default and you can enable it in the VM's connection settings.

In addition, the release includes several stability improvements and component updates.

IAP Desktop is developed and brought to you by jpassing.

Release 2.45 introduces a number of improvements, mostly related to SSH:

• Bracketed pasting: When you paste clipboard content to the terminal, IAP Desktop now uses bracketed pasting again. Bracketed pasting helps maintain formatting when you copy code blocks, and lets you paste multi-line commands to a shell without immediately executing them. Bracketed pasting is on by default, but you can turn it off under Tools > Options > Terminal.
• Updated terminal: The terminal is now based on Windows Terminal 1.21.2361, which resolves several clipboard-related issues.
• SFTP downloading: Downloading large files over SFTP (by copy/paste or drag/drop) is now more efficient and uses a clipboard format (TYMED_ISTREAM) that doesn't require the entire file to be buffered in memory.
• Project Explorer search: When you enter a search term in the search box, the window now perform a case-insensitive search.

In addition, the release includes several stability improvements and fixes for the following issues:

• Right-clicking a deleted project in the Project Explorer window sometimes showed the wrong context menu, making it difficult to unload the project.
• Running a command that produces large quantities of output sometimes caused the SSH terminal to hang.
• Hitting Ctrl+Alt+K early during application startup could cause the Authorized Keys window to become unfuntional.

IAP Desktop is developed and brought to you by jpassing.

Release 2.44 introduces a number of SSH improvements:

• New terminal: The SSH terminal is now based on the same component that powers the Windows Terminal. As a result of this change, the terminal now supports a range of additional xterm features, including mouse input and support for 256 colors.

• Browse and transfer files: When you're connected to a Linux VM, you can now browse the VM's file system and transfer files by selecting Session > Transfer files. You can transfer files by using copy and paste or drag and drop in the same way you're used to from Windows File Explorer.

• Group policies for SFTP: You can now use a group policy to control whether users in your organization are allowed to transfer files by using SFTP.

The release also includes these new features:

• Connect to PostgreSQL: You can now let IAP Desktop connect to PostgreSQL and launch the psql command line client for you.

In addition, the release includes several stability improvements and fixes, including:

• Automatic Logons are now automatically disabled if your local computer is subject to the Do not allow passwords to be saved group policy.
• Metadata-based SSH keys that included excess whitespace could cause authentication to fail.
• Under certain circumstances, the installer didn't detect the Windows version correctly and refused to execute. #1580.

A note to vim users: Because the SSH terminal now supports mouse input, coping text from vim might no longer work as before. To copy text from vim, use the set mouse=r option, or hold the Shift key while coping text.

Update 01/07/2025: Updated packages to fix an issue with the Automated logons setting that caused IAP Desktop to ignore existing saved passwords.

Release 2.43 introduces a number of Remote Desktop improvements:

• Sign-out: You can now remotely sign out of a Remote Desktop by choosing Session > Sign out. In addition to disconnecting the session, the command terminates your Windows session on the remote VM. (#1463)

• Reconnect: When a Remote Desktop session times out and displays the lock screen, you can now use Session > Reconnect to let IAP Desktop reconnect the session and sign you in automatically again. (#1463)

• Disable automatic logons: IAP Desktop now offers an additional connection setting, Automatic logons. When you set this to Disabled, IAP Desktop won't try to sign you in automatically, and won't offer you to save credentials. The setting is intended for VMs that use the Always prompt for password upon connection group policy and lets you avoid duplicate credential prompts when connecting to such VMs. (#1501)

• Display resolution: Instead of letting IAP Desktop resize the Remote Desktop session to fit your current window size, you can now use the Display resolution setting to let IAP Desktop use a fixed resolution for the Remote Desktop session.

The release also includes these new features:

• ARM64 support: IAP Desktop now natively supports ARM64, and there is a separate installer package for ARM64 machines.

• Intune deployment: The documentation now contain instructions for deploying IAP Desktop using Intune and customizing IAP Desktop using Intune.

In addition, the release includes several stability improvements and fixes, including:

• Connection settings: The connection settings window now properly indicates when a Windows password is being inherited.

Release 2.42 introduces the following new features:

• DPI-aware scaling: IAP Desktop now automatically scales its GUI based on the DPI settings of your primary monitor, letting the application and RDP sessions look crisp on high-DPI screens. IAP Desktop automatically scales RDP session to match your display settings, but you can optionally disable display scaling in the connection settings.

• Remember RDP credentials: When you connect to a Windows VM and haven't stored RDP credentials before, IAP Desktop shows a credential prompt. This prompt now includes a "Remember me" option that lets you store your credentials and skip the credential prompt the next time you connect.

In addition, the release includes several stability improvements and fixes, including:

• Windows CNG: IAP Desktop now uses Windows CNG as crypto backend for SSH and no longer depends on OpenSSL. Previous versions used CNG for SSH user authentication, but relied on a bundled version of OpenSSL to handle all other cryptographic operations. CNG is a part of Windows and serviced by Windows Update.
• Dark mode: Icons have been optimized to look better in dark mode.

Additional notes:

• IAP Desktop 2.42 now requires Windows 10 14393 (also called 1607, 'Anniversary Update', or LTSB 2016), Windows Server 2016, or a later version of Windows. Older versions of Windows such as Windows 8.1 or Windows 10 1507 lack support for a Windows CNG feature that's required for SSH and therefore can't be used to run IAP Desktop anymore.
• Updates now default to the x64 (64-bit) version of IAP Desktop.

Update 08/20/2024: Updated packages to fix an issue in the upgrade progress that cause IAP Desktop to fail during startup for some users.

Release 2.41 introduces the following new features:

• RDP admin sessions: The connection settings for Windows VMs now include an additional setting, Session type. When you set this to Admin, IAP Desktop connects to the VM in administrative mode, similar to mstsc /admin. (#1326)

• Type clipboard text: In situations where you can't use copy/paste to copy text to a Remote Desktop session, you can now let IAP Desktop simulate keyboard input by using the Session > Type clipboard text command.

• Instance properties: The Instance properties window now shows additional details, including VM metadata, CPU architecture, and labels.

In addition, the release includes several stability improvements and fixes, including:

• Linux usernames containing dots weren't acccepted, despite being POSIX-compliant (#1312, fix contributed by @dave-pollock)

Additional notes:

• IAP Desktop will soon drop support for Windows 8.1 and Windows 2012 R2 as these versions of Windows are past their end of life.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

Release 2.40 introduces the following new features:

• Faster RDP full-screen switching: Entering and leaving full-screen mode is now faster and, in most cases, no longer requires a reconnect. (#1005)

• RDP in restricted admin mode: You can now connect to Windows VMs using RDP in restricted admin mode. You can enable restricted admin mode in the connection settings.

• SSH password prompting: When you're using SSH with password authentication, you can now choose between saving credentials or letting IAP Desktop show a password prompt every time you connect. (#1227)

• Tunneling: You can now use IAP Desktop to create IAP tunnels to MySQL/MariaDB, Postgres, SQL Server, and custom server applications. You can then use any tool to connect to that tunnel and the tunnel remains open until you close IAP Desktop. (#1192)

• Session management: You can now close multiple sessions at once by using the Close all or Close others menu items in the session menu.

• Project search: When you add a new project, you can now search for projects by any term, not just by prefix. (319229912)

• x64: When you download IAP Desktop, you can now choose between x86 (32-bit) and x64 (64-bit). We recommend switching to the 64-bit version if you're frequently using more than ~8 RDP sessions in parallel to avoid resource exhaustion issues. (#1203)

In addition, the release includes several stability improvements and fixes, including:

• The New logon credentials command suggested an invalid username when you configured a UPN in the VM's connection settings.
• Under certain circumstances, double-clicking a file in the SSH file download dialog could cause IAP Desktop to crash. (325757513)

Additional notes:

• Support for RDP bitmap persistence has been removed.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

Release 2.39 introduces the following new features:

• WebAuthn over RDP: IAP Desktop can now redirect local Windows Hello/FIDO2 authenticators over RDP so that you can use them in a Remote Desktop session.

• Improved high-DPI screen support: The application now uses GDI scaling to reduce blur on high-DPI screens.

• OS Login with workforce identity: As a workforce identity user, you can now use IAP Desktop to connect to Linux VMs that use OS Login. Note that to use OS Login with worforce identity, you might need to update your VM's guest environment. (#1158)

• Password/keyboard-interactive SSH authentication: For VMs that don't support public key authentication, IAP Desktop can now use password or keyboard-interactive SSH authentication. To use password or keyboard-interactive SSH authentication, open the VM's connection settings and set Public key authentication to disabled. (#743)

• Ephemeral SSH keys: You can now configure IAP Desktop to use a new, ephemeral SSH key every time you launch the application. Using ephemeral SSH keys lets you use IAP Desktop in scenarios where the Windows CNG key store has become corrupted or inaccessible or when you're logged in using a read-only Windows profile. (303075734, 275455836, 307194658, 308161113)

• FIPS 140-2 compatibility: IAP Desktop now works on computers that have been configured to only allow FIPS-compliant cryptographic algorithms (311436717)

In addition, the release includes several stability improvements and fixes, including:

• Using a proxy server that requires NTLM authentication could result in sporadic connection failures. (317964071, 316679392, 318732966)
• On computers that have Hyper-V installed, connecting to a VM sometimes failed because of a port conflict. (317595820, 309816619)
• Publishing an SSH key to VM metadata could fail if you only had actAs access to the VM's service account, but not to the enclosing project.

Additional notes:

• IAP Desktop no longer works with .NET 4.6.2 and instead requires .NET 4.7 or a newer version of the .NET framework.
• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

Release 2.38 introduces the following new features:

• Workforce identity: IAP Desktop now supports workforce identity federation as an alternative way to sign in to IAP Desktop.

• Easier reauthentication: When your session expires, IAP Desktop no longer requires you to grant consent for multiple OAuth scopes, making it quicker and easier to reauthenticate.

• Private service connect: You can now let IAP Desktop connect to Google Cloud APIs through Private Service Connect (PSC). You can use PSC to connect from corporate networks that have Cloud VPN/Interconnect access to Google Cloud, but might otherwise have limited internet access. #1028.

• SSH rsa-sha2-512 and rsa-sha2-256 authentication: When you configure IAP Desktop to use an RSA key for SSH public key authentication, the application now defaults to using rsa-sha2-512 or rsa-sha2-256 instead of the deprecated rsa-ssh algorithm.

• Port forwarding: You can now create custom tunnels by right-clicking a VM and selecting Connect client application > Forward local port. Port forwarding is an alternative to registering a custom client application and doesn't require any extra configuration. On multi-user systems such as RDS farms, IAP Desktop only allows applications from the same session to connect. #936

• SQL Server Management Studio: When you connect to a VM using SSMS, Object Explorer now shows the name of the VM you're connected to. #1071.

• Data sharing: To help us improve and prioritize features, you can now optionally allow IAP Desktop to collect and share usage data. Data sharing is disabled by default for all users.

• VPC-SC: When accessing a VM failes because of a VPC service control policy, the error message now includes a troubleshooting ID and a link to the troubleshooting tool.

• Updated group policy templates: You can now use Active Directorg group policies to manage Private Service Connect and and workforce identity federation settings across endpoints.

• Secure Cloud Console: When you've enabled BeyondCorp certificate-based access, all links to the Cloud Console now use the secure Cloud Console (console-secure.cloud.google.com).

Additional notes:

• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
• Workforce identity federation is subject to certain limitations and currently doesn't support OS Login.
• Future releases of IAP Desktop will require .NET 4.7 or later (instead of .NET 4.6.2). This change is expected to have minimal impact.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.

You can now use IAP Desktop to launch database clients and other client applications and let them securely connect to Google Cloud VMs over IAP TCP forwarding.

To use the feature, right-click a VM in the Project Explorer window and select Connect client application. IAP Desktop then creates an IAP TCP forwarding tunnel, launches the application, and lets the application connect to Google Cloud through the tunnel.

You can use this feature with the following client applications:

• SQL Server Management Studio (SSMS): You can launch SSMS and let it authenticate and connect to SQL Server using either Windows authentication or SQL Server authentication. You can use Windows authentication even if your workstation is not domain-joined or if it's joined to a different domain than your SQL Server instance.

• MySQL Shell: You can launch the MySQL command-line client to connect to MySQL servers.

• Chrome: You can launch Chrome to connect to management portals or other websites that are only available inside your VPC on port 80 or 8080.

• Custom applications: You can extend the feature by registering your own applications.

Other new features include:

• Multiple RDP sessions to same VM: You can now create multiple sessions to the same Windows VM by right-clicking a VM in the Project Explorer window and selecting Connect as user.

• Enhanced Properties window The Properties Window now shows additional details about a VM's security settings

In addition, the release includes several stability improvements and fixes, including:

• Several improvements to the dark theme
• A fix for an issue that caused the options dialog to fail when the connection limit was set to lower-than default value (283811054)
• IAP Desktop now closes unused tunnels as soon as they're not used anymore, freeing up system resources

Additional notes:

• Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might have to re-authenticate more often.
• Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.