Keeping pace with product releases while balancing mission priorities, operational demands, and compliance obligations is no small task. To help, here is a curated roundup of notable Zscaler GovCloud updates from June, with quick context and scan-friendly takeaways you can share across security, network, and operations teams. Highlights include AI/ML detection source visibility for ZIA traffic, IPSec security enhancements aligned to FedRAMP and FIPS requirements for Zero Trust Branch, new device health monitoring capabilities in ZDX, and expanded DLP collaboration scoping for Microsoft Teams. Zscaler Internet Access (ZIA)Zscaler Internet Access (ZIA) is Zscaler’s secure internet and SaaS access service, providing policy-based protection and visibility for users wherever they work. For many federal environments, ZIA is central to enforcing acceptable use, protecting sensitive data, and maintaining consistent security controls across a distributed workforce.This month’s ZIA updates focus on expanding visibility into AI-driven threat detection, strengthening data loss prevention for collaboration platforms, and continuing to refine governance controls for generative AI usage.HighlightsSupport for AI/ML Detection Source: The Zscaler Admin Console now provides visibility into the AI/ML detection source for Internet & SaaS (ZIA) traffic. This gives security teams greater transparency into how threats are identified, supporting more informed policy decisions and audit responses.Support for Collaboration Scope for Microsoft Teams: When creating a DLP rule for Microsoft Teams, administrators can now define the collaboration scope as External, Internal, or Any to scan messages and attachments in channels containing external, internal, or any (internal or external) members. This enables more targeted data protection aligned to organizational boundaries and mission-partner communication flows.Policy Level Gen AI Prompt Configuration: Customers can capture end user prompts for generative AI applications from the Cloud Application Control policy. This allows granular control of Gen AI prompt configuration and supports tighter governance as Gen AI adoption grows across teams and roles.For full release notes: https://help.zscaler.us/zia/release-upgrade-summary-2026 Zscaler Private Access (ZPA)Zscaler Private Access (ZPA) provides secure, zero trust connectivity between users and private applications without exposing those applications to the internet. It helps organizations reduce attack surface while improving access experience, which is especially important for distributed users, mission partners, and hybrid work environments common across federal agencies.This month’s ZPA updates deliver authentication flexibility for dual-stack environments and a new Private Service Edge release focused on stability and operational improvements.HighlightsAuthentication Settings Update: The Zscaler Admin Console now supports selecting an alternative authentication SP host for an IdP in authentication settings. The alternative authentication SP hosts support dual-stack environments for use with IPv4 and IPv6 infrastructure and application support, helping agencies manage environments transitioning to IPv6 while maintaining backward compatibility.Private Service Edge Version 26.53.4: An update was released for Private Service Edge for Private Access (ZPA) that includes bug fixes, optimizations, and version enhancements.For release notes: https://help.zscaler.us/zpa/release-upgrade-summary-2026 Zscaler Digital Experience (ZDX)Zscaler Digital Experience (ZDX) provides visibility into end-user device health, application performance, and network path quality. For federal teams managing distributed endpoints across agencies and field locations, ZDX helps identify and resolve experience issues before they impact productivity or mission delivery.This month’s ZDX updates introduce new reporting and dashboard capabilities that give IT and operations teams broader insight into device health trends across the organization.HighlightsDevice Events Reports: Device Events reports are now available in the ZDX Admin Portal, providing aggregated insights into common system and software crashes. This helps teams identify recurring issues and prioritize remediation efforts across the fleet.Device Health Dashboard: The new Device Health dashboard provides a comprehensive view of struggling devices across an entire organization, department, user group, or location. This supports faster identification of systemic issues and more proactive endpoint management at scale.For more information: https://help.zscaler.us/zdx/release-upgrade-summary-2026 Zero Trust Branch (ZTB)Zscaler Zero Trust Branch helps modernize branch security and connectivity by bringing zero trust principles to branch offices, remote sites, and OT/IoT environments, reducing reliance on legacy appliances while maintaining consistent policy enforcement.This month’s Zero Trust Branch updates focus on strengthening cryptographic controls and enhancing DNS security to align with federal compliance requirements.HighlightsSupport for DNSSEC: Zero Trust Branch now includes DNSSEC support for DNS traffic in both resolver and proxy modes, enhancing security and reliability for DNS resolution at branch locations. This helps protect against DNS spoofing and cache poisoning attacks.IPSec Security Enhancement: IPSec configurations have been updated to align with FedRAMP and FIPS requirements by enforcing IKEv2 and strengthening cryptographic controls where supported. This includes FIPS 140-3 approved ciphers for encryption, secure key exchange mechanisms, and enhanced practices for pre-shared key generation and rotation, helping agencies maintain compliance while securing branch connectivity.ZTB release notes: https://help.zscaler.us/zero-trust-branch/release-upgrade-summary-2026 Zscaler DeceptionZscaler Deception deploys decoys and lures across environments to detect lateral movement, credential theft, and attacker reconnaissance. For federal organizations, deception adds an active defense layer that can identify adversary activity early in the kill chain without relying solely on signature-based detection.This month’s Deception updates deliver platform maintenance improvements, more granular safe process controls, and reduced false positives for cloud decoy deployments.HighlightsCloud Deception Enhancement: The health check function app for Cloud Deception with Azure was upgraded to Node.js v24.x. Administrators must run the deployment script to sync the latest code and runtime configuration.Support for Detection Types and Subtypes in Safe Processes: Landmine agents for Windows and macOS endpoints now support defining safe processes at a granular level based on detection types and subtypes. This reduces alert noise and helps teams fine-tune detection sensitivity without sacrificing coverage.Updates to GCP Decoy Deployment: An update was released for Terraform user agent configuration that reduces false positive events during Google Cloud Platform (GCP) decoy deployments, improving signal quality for security operations teams.Full release notes: https://help.zscaler.us/deception/release-upgrade-summary-2026 ConclusionWant the full details? Use the links above to review the complete release summaries, and check back next month for the next GovCloud update roundup.Zscaler continues to invest in a robust GovCloud roadmap and remains committed to supporting the unique security, compliance, and operational requirements of the federal market. We’ll keep delivering enhancements that help agencies and federal partners strengthen resilience, simplify operations, and advance mission success.
[#item_full_content] Keeping pace with product releases while balancing mission priorities, operational demands, and compliance obligations is no small task. To help, here is a curated roundup of notable Zscaler GovCloud updates from June, with quick context and scan-friendly takeaways you can share across security, network, and operations teams. Highlights include AI/ML detection source visibility for ZIA traffic, IPSec security enhancements aligned to FedRAMP and FIPS requirements for Zero Trust Branch, new device health monitoring capabilities in ZDX, and expanded DLP collaboration scoping for Microsoft Teams. Zscaler Internet Access (ZIA)Zscaler Internet Access (ZIA) is Zscaler’s secure internet and SaaS access service, providing policy-based protection and visibility for users wherever they work. For many federal environments, ZIA is central to enforcing acceptable use, protecting sensitive data, and maintaining consistent security controls across a distributed workforce.This month’s ZIA updates focus on expanding visibility into AI-driven threat detection, strengthening data loss prevention for collaboration platforms, and continuing to refine governance controls for generative AI usage.HighlightsSupport for AI/ML Detection Source: The Zscaler Admin Console now provides visibility into the AI/ML detection source for Internet & SaaS (ZIA) traffic. This gives security teams greater transparency into how threats are identified, supporting more informed policy decisions and audit responses.Support for Collaboration Scope for Microsoft Teams: When creating a DLP rule for Microsoft Teams, administrators can now define the collaboration scope as External, Internal, or Any to scan messages and attachments in channels containing external, internal, or any (internal or external) members. This enables more targeted data protection aligned to organizational boundaries and mission-partner communication flows.Policy Level Gen AI Prompt Configuration: Customers can capture end user prompts for generative AI applications from the Cloud Application Control policy. This allows granular control of Gen AI prompt configuration and supports tighter governance as Gen AI adoption grows across teams and roles.For full release notes: https://help.zscaler.us/zia/release-upgrade-summary-2026 Zscaler Private Access (ZPA)Zscaler Private Access (ZPA) provides secure, zero trust connectivity between users and private applications without exposing those applications to the internet. It helps organizations reduce attack surface while improving access experience, which is especially important for distributed users, mission partners, and hybrid work environments common across federal agencies.This month’s ZPA updates deliver authentication flexibility for dual-stack environments and a new Private Service Edge release focused on stability and operational improvements.HighlightsAuthentication Settings Update: The Zscaler Admin Console now supports selecting an alternative authentication SP host for an IdP in authentication settings. The alternative authentication SP hosts support dual-stack environments for use with IPv4 and IPv6 infrastructure and application support, helping agencies manage environments transitioning to IPv6 while maintaining backward compatibility.Private Service Edge Version 26.53.4: An update was released for Private Service Edge for Private Access (ZPA) that includes bug fixes, optimizations, and version enhancements.For release notes: https://help.zscaler.us/zpa/release-upgrade-summary-2026 Zscaler Digital Experience (ZDX)Zscaler Digital Experience (ZDX) provides visibility into end-user device health, application performance, and network path quality. For federal teams managing distributed endpoints across agencies and field locations, ZDX helps identify and resolve experience issues before they impact productivity or mission delivery.This month’s ZDX updates introduce new reporting and dashboard capabilities that give IT and operations teams broader insight into device health trends across the organization.HighlightsDevice Events Reports: Device Events reports are now available in the ZDX Admin Portal, providing aggregated insights into common system and software crashes. This helps teams identify recurring issues and prioritize remediation efforts across the fleet.Device Health Dashboard: The new Device Health dashboard provides a comprehensive view of struggling devices across an entire organization, department, user group, or location. This supports faster identification of systemic issues and more proactive endpoint management at scale.For more information: https://help.zscaler.us/zdx/release-upgrade-summary-2026 Zero Trust Branch (ZTB)Zscaler Zero Trust Branch helps modernize branch security and connectivity by bringing zero trust principles to branch offices, remote sites, and OT/IoT environments, reducing reliance on legacy appliances while maintaining consistent policy enforcement.This month’s Zero Trust Branch updates focus on strengthening cryptographic controls and enhancing DNS security to align with federal compliance requirements.HighlightsSupport for DNSSEC: Zero Trust Branch now includes DNSSEC support for DNS traffic in both resolver and proxy modes, enhancing security and reliability for DNS resolution at branch locations. This helps protect against DNS spoofing and cache poisoning attacks.IPSec Security Enhancement: IPSec configurations have been updated to align with FedRAMP and FIPS requirements by enforcing IKEv2 and strengthening cryptographic controls where supported. This includes FIPS 140-3 approved ciphers for encryption, secure key exchange mechanisms, and enhanced practices for pre-shared key generation and rotation, helping agencies maintain compliance while securing branch connectivity.ZTB release notes: https://help.zscaler.us/zero-trust-branch/release-upgrade-summary-2026 Zscaler DeceptionZscaler Deception deploys decoys and lures across environments to detect lateral movement, credential theft, and attacker reconnaissance. For federal organizations, deception adds an active defense layer that can identify adversary activity early in the kill chain without relying solely on signature-based detection.This month’s Deception updates deliver platform maintenance improvements, more granular safe process controls, and reduced false positives for cloud decoy deployments.HighlightsCloud Deception Enhancement: The health check function app for Cloud Deception with Azure was upgraded to Node.js v24.x. Administrators must run the deployment script to sync the latest code and runtime configuration.Support for Detection Types and Subtypes in Safe Processes: Landmine agents for Windows and macOS endpoints now support defining safe processes at a granular level based on detection types and subtypes. This reduces alert noise and helps teams fine-tune detection sensitivity without sacrificing coverage.Updates to GCP Decoy Deployment: An update was released for Terraform user agent configuration that reduces false positive events during Google Cloud Platform (GCP) decoy deployments, improving signal quality for security operations teams.Full release notes: https://help.zscaler.us/deception/release-upgrade-summary-2026 ConclusionWant the full details? Use the links above to review the complete release summaries, and check back next month for the next GovCloud update roundup.Zscaler continues to invest in a robust GovCloud roadmap and remains committed to supporting the unique security, compliance, and operational requirements of the federal market. We’ll keep delivering enhancements that help agencies and federal partners strengthen resilience, simplify operations, and advance mission success.
