BeyondTrust Privileged Remote Access 25.3: Secure Access Innovations for 2026

The pressure to secure privileged remote access has never been greater. Modern IT and security teams are entering 2026 facing a paradox: they must provide faster, more granular access to a fragmenting landscape of servers, databases, and operational technology (OT) environments

Balancing operational speed with control remains the core challenge. IT and security teams must enable fast, seamless access to servers, databases, cloud infrastructure, applications, and industrial systems, while enforcing strong controls and complete auditability. How do you empower teams to work securely and fluidly across cloud and industrial systems without creating manual bottlenecks or security gaps?

Privileged Remote Access (PRA) 25.3 continues BeyondTrust’s commitment to secure access that adapts to the scale of your infrastructure. This release addresses architectural friction head-on, delivering practical innovations that simplify cloud and database workflows, strengthen automation around credential hygiene, and reduce deployment complexity. Whether you manage enterprise IT, cloud infrastructure, or industrial environments requiring OT security solutions, PRA 25.3 helps you move faster and more securely in the year ahead.

Read on for the highlights, or click here to view the full release notes for detailed technical updates.

1. Automated Import of Password Safe–Managed Credentials and Endpoints

Privileged Remote Access 25.3 makes it easier for your teams to keep credential and endpoint inventories accurate without repetitive manual work. With new automated Import Rules, administrators can proactively bring in discovered accounts and endpoints, ensuring your access environment always reflects your current infrastructure.

Import Rules allow you to:

• Auto-import domain, local, BeyondTrust Password Safe, and AWS accounts, as well as discovered endpoints

• Apply string and numeric filters (e.g., name, description, password age, etc.)

• Auto-assign accounts to the correct Account Group

• Optionally create RDP Jump Items and assign endpoints to Jump Groups

• Retain discovery results available for manual review

• Receive email notifications after each scheduled discovery run

Why it matters: This automation reduces administrative effort, improves visibility, and ensures your access environment always reflects the latest changes.

2. Simplified Password Safe Integration Without ECM Dependencies

Release 25.3 strengthens the integration between Privileged Remote Access and BeyondTrust Password Safe, giving teams a more streamlined and consistent way to manage and inject credentials. Your teams can now connect directly, reducing deployment complexity and making upgrades faster and smoother.

Privileged Remote Access now natively supports discovery and imports for:

• SSH

• WebJump

• SQL (Microsoft SQL, PostgreSQL, MySQL)

• Kubernetes

Why it matters: This support reduces infrastructure overhead, simplifies upgrades, and supports modern, zero trust–aligned access workflows.

PRA 25.3 introduces more automation and tighter integrations, but the real security gains come from how those capabilities are applied. Follow these practical recommendations to help translate our newest features into measurable risk reduction

1) Patch Smart – Keep Your Environment Current Without Disruption

PRA 25.3 is designed to reduce the operational friction that often delays patching. With the latest updated delivered automatically, you can ensure your access infrastructure seamlessly stays aligned with the latest security improvements, reducing risk of exposure from outdated components.

For teams that require tighter change control, update behavior can be tailored using defined maintenance windows, allowing security teams to stay current without interrupting critical operations.

2) Centralize and Govern Credential Use

Credentials do not need to be scattered across tools or handled manually. The built-in BeyondTrust Vault centralizes credential discovery, rotation, and injection, reducing exposure, while improving auditability.

Where possible, pair this with federated authentication using SAML or other external identity providers, and regularly review privileged accounts to remove unused access and rotate credentials before they become a liability.

3) Enforce Least Privilege Access at the Session Level

PRA 25.3 makes it easier to apply least privilege access with precision by setting strict session and group policies that limit users to only what’s required for their role. Limiting privileges at the session level reduces the blast radius, without slowing productivity.

Before rolling out new policies, teams can validate their impact using the Session Policy Simulator, helping avoid misconfigurations, while maintaining strong access controls.

The updates in Privileged Remote Access 25.3 reflect BeyondTrust’s long-term commitment to helping organizations secure access everywhere—from the cloud to the factory floor. By eliminating architectural friction, automating credential hygiene, and strengthening access for high-value database workflows, this release helps organizations deliver secure remote access across cloud, OT, and database environments.

• Already a customer? Upgrading ensures you are on the most secure and stable version available. Upgrade now to benefit from the latest security and performance advancements.

• Exploring BeyondTrust Privileged Remote Access for the first time? Click here to see Privileged Remote Access in action.

Need help with your upgrade or have technical questions?

• Open a secure support ticket via our Customer Portal 

• Join the BeeKeepers Community to learn more from other users

• Explore our Security & Compliance Center