← Back to all sparks
T

Tailscale

INFRA · APIS
Velocity6.3

Tailscale deepens enterprise identity while quietly building agent-access infrastructure

networkingidentityenterpriseaccess-controlai-agents
Current state
Tailscale's recent releases concentrate on enterprise identity and governance — nested group sync, self-serve identity-provider switching, OAuth-app device provisioning, multi-tenant policy scoping, and Azure Blob log streaming — atop routine client bug-fix releases. Just outside this window, its Aperture chat and identity-aware MCP connectors signal a move into AI-agent access built on tailnet identity.
Where it's heading
The near-term direction is making Tailscale the identity and access-control fabric for both people and, increasingly, agents. The group and IdP work hardens the enterprise story, while the alpha Aperture connectors and sandboxes extend tailnet identity and access controls to LLM agents and their tool calls.
Prediction
Expect continued enterprise identity and governance features, with gradual promotion of the Aperture agent-access connectors and sandboxes out of alpha as that bet matures.

Recent moves

  1. 1d ago

    Nested group support for synced groups

    Group sync from Microsoft Entra ID and Google Workspace now includes members of nested groups, tightening how enterprise identity maps onto tailnet access. Part of Tailscale's steady deepening of IdP integration.

  2. 3d ago

    Self-serve identity provider changes

    Tailnet owners can now switch their identity provider self-serve from the admin console for supported providers (beta), removing a support-gated step. Another increment in Tailscale's identity-management surface.

  3. 9d ago

    Device Provisioning with OAuth Apps

    New OAuth Apps let teams create and manage device provisioning through the Tailscale API (alpha), extending programmatic control over how machines join a tailnet. Fits the push toward scriptable enterprise administration.

  4. 10d ago

    Connectivity fixes and a public-IP device-posture attribute (beta)

    A maintenance client release fixing wake-from-sleep connectivity, handshake-retry, and SSH session-recording leak bugs, plus a new beta public-IP device-posture attribute usable in posture rules. Reliability work with one small capability addition.

  5. 13d ago

    Tailnet system policy values

    The tailnet system policy now accepts a comma-separated list of tailnet or organization IDs, a small but useful step for managing policy across multiple tailnets in larger deployments.

  6. 22d ago

    Log streaming integration with Azure Blob Storage

    Network-flow and configuration-audit logs can now stream to Azure Blob Storage, extending Tailscale's log-export options for compliance and monitoring alongside existing destinations.