My undergraduate degree is in physical anthropology — the study of human evolution, skeletal biology, the long record of how our species changed over time. One of the things that stuck with me from those years is how much paleoanthropologists work from incomplete evidence. A partial femur, a handful of teeth, a fragment of cranium. You never have the whole picture. What you have is what survived, and from that you reconstruct as accurate a model as you can — knowing it will be revised when the next dig turns up something new.
I think about that a lot in my work now. Because what IT organizations are really doing when they build service maps and discovery schedules and certificate inventories is exactly the same thing: reconstructing a model of something complex from whatever evidence they can collect — and keeping that model current as the landscape beneath it keeps changing.
The Australia and Q1 2026 store release for ITOM Visibility is built around that idea. These aren’t features that declare victory. They’re tools that make your map easier to keep current.
Service Mapping Gets a Guided Path Through Complexity
The most common thing I hear from customers about service mapping isn't that it's broken. It's that it's incomplete. They have a tag-based map that covers seventy percent of a service. They have telemetry flowing in from Dynatrace that covers another piece. They have some top-down discovery that captured the infrastructure layer. But getting all of that into one coherent picture has required manual effort, workarounds, and patience.
Composite Service Mapping addresses that directly. The new guided workflow inside Service Mapping Plus lets you combine multiple mapping methods — tag-based, ML-based, APM-sourced, top-down — into a single calculated service map. You can pull in existing services from any source, add URLs to kick off top-down discovery, include specific servers you know belong, and layer in additional tags. The result gets stored in the calculated service table as a unified structure.
What makes this practical rather than theoretical is the guided experience. You're not asked to understand the architecture of how these methods interact. You're walked through a set of choices: here are the existing service maps you can include, here are ways to extend them, here's what the composite looks like. It substantially reduces the effort required to get from "I have pieces of a map" to "I have a working service model."
This also opens a significant door for organizations using APM tools like Dynatrace. Services ingested through a Service Graph Connector are included in the selection list, meaning you can finally close the gap between how your observability tooling sees a service and how ServiceNow models it.
The map is never finished — but now it's much easier to keep building it.
Certificate Renewals That Don't Require a Trip to the Platform
Here's a scenario every security and infrastructure team knows: a certificate expiration notice goes out, a task gets created, and then nothing happens for two weeks because the person who owns the certificate is busy, doesn't check their task queue, or simply doesn't know how to get to the renewal workflow in the employee portal.
The new email engagement capability for Certificate Inventory and Management removes that friction. When a certificate is approaching expiration, the owner receives a direct email with everything they need: the certificate details, the renewal options, and hyperlinks to take action. They can respond to initiate renewal with an existing CSR or attach a new one — and that reply email is processed by the instance, matched to an automated routing policy, and sent to the appropriate CA for signing. Once signed, the certificate record is updated in the CMDB and a change is automatically created.
Ownership attestation works the same way. If the assigned owner is no longer the right person, they can designate someone else directly from the email. The new owner gets their own notification and the record gets updated accordingly — no manual intervention required.
This matters more than it might appear. Certificate lifespans are shrinking. As of this year, the maximum validity period has dropped, and industry timelines have 47-day certificates on the horizon by 2029. Organizations that rely on task queues and occasional manual checks will not keep up. The organizations that will handle this well are the ones building automated, multi-channel renewal workflows now.
Discovery Schedules That Know Where to Look
Building discovery schedules for IPv6 environments is genuinely hard. The address space is enormous, the notation is unfamiliar to many practitioners, and manually constructing subnet ranges is error-prone in ways that create gaps in coverage — gaps you often don't notice until something isn't being scanned.
The new IPAM integration in the Discovery Admin Workspace addresses this by connecting to Infoblox through the existing Service Graph Connector. Subnet and IP data — IPv4 and IPv6 — is ingested directly, and discovery schedules are created automatically based on the ranges registered there. You define the filter criteria, and the automation handles the rest.
This is particularly meaningful for government organizations and regulated industries that have been actively adopting IPv6. It's also meaningful for any organization that has found themselves maintaining discovery schedules by hand in an infrastructure that changes faster than they can keep up with.
This initial release focuses on schedule creation. Schedule maintenance — handling deregistered IPs and subnets — is coming in a future release, with Bluecat and Narrowbot support to follow as those integrations move to GA.
Alongside the IPAM integration, the Discovery Admin Workspace now also supports creating cloud discovery schedules directly — no longer requiring a context switch to a separate workspace. On-premises IP-based schedules and cloud schedules now live in the same place.
And when something does go wrong with discovery — a failed MID server, a schedule anomaly, a credentials issue — the new Discovery Notifications feature sends real-time alerts to both email and Microsoft Teams, with configurable triggers so administrators can decide which issues warrant immediate notification versus daily summaries.
The Provisional Map and What It's For
In physical anthropology, the working model is always provisional. Every new find requires revision — not because the earlier work was wrong, but because the evidence base expanded. The researchers who produced the best science weren’t the ones who held their models fixed. They were the ones who built for revision from the start.
That’s what a mature visibility practice looks like. Not a perfect static inventory, but a working model designed to be updated as your infrastructure changes, your services grow, and your dependencies shift. The Q1 2026 capabilities — composite mapping, email-driven certificate renewals, IPAM-integrated schedules, unified workspace administration, real-time discovery notifications — are all oriented toward reducing the friction that causes that model to fall behind.
