BeyondTrust Remote Support 25.3: Advancing and Securing the Service Desk Control Plane

As organizations move into 2026, service desk solutions are evolving from a tactical support function into a critical identity security control plane. Service desks sit at the intersection of users, endpoints, credentials, and privileged access, making them a high-value target for attackers seeking to bypass traditional controls. As a result, strengthening service desk security has become essential to modern identity security strategies and an increasingly important extension of Privileged Access Management (PAM).

In the last three years, 69% of organizations have experienced an identity-related breach, representing a 27-percentage-point increase year-over-year. Furthermore, 51% of organizations now consider service desk bypass attacks their most significant risk. Identity-based attacks increasingly target service desk workflows, technician credentials, and remote access pathways as primary entry points into broader enterprise environments.

At the same time, IT teams are under constant pressure to move faster. Supporting a growing mix of operating systems, distributed endpoints, and privileged access demands cannot come at the cost of security, compliance, or visibility.

The latest release of BeyondTrust Remote Support 25.3 addresses these challenges by bridging the identity silos that typically separate service desk workflows from broader security initiatives. Further, with expanded BeyondTrust Password Safe integrations, more granular role-based controls, deeper forensic traceability, and ongoing platform and OS support, this release strengthens the service desk as a foundational component of a modern Privileged Access Management and identity security strategy, without adding unnecessary complexity.

Remote Support 25.3 also includes important security enhancements and fixes as part of our ongoing commitment to continuous hardening. Remote Support 25.3.2, which includes the latest security enhancements and remediation guidance outlined in BT26-02, represents the most secure and current version of the platform. We strongly recommend customers upgrade to ensure they are running the most secure and stable version available.

Read on for the highlights or view the full release notes for technical details.

1. Strengthening Service Desk Privileged Access Management (PAM)

Remote Support has long been essential for securing privileged access during live support sessions. This release takes that role further by deepening native integrations with BeyondTrust Password Safe.

New enhancements allow Remote Support to directly discover and import Password Safe-managed credentials (including SSH and WebJump credentials) without requiring the Endpoint Credential Manager (ECM). For organizations using BeyondTrust products, this simplifies the use of credentials in service desk workflows.

Additionally, new automated import capabilities allow teams to keep credential and endpoint inventories aligned with discovery results, reducing the need for manual updates and improving accuracy over time.

Why this matters:
These enhancements reinforce the service desk as a governed access layer rather than a workaround. Credentials remain vaulted, are injected only when needed, and are centrally managed, all without adding manual or administrative overhead, helping organizations mature their PAM programs faster and reduce reliance on shared or static secrets.

2. Enhanced Remote Session Monitoring and Forensic Audit Trails

Visibility remains a cornerstone of identity security, especially for privileged activities performed during remote sessions. This is why reliance on VPNs alone for these connections can be risky. In the case of an incident, breach, or audit, they do not provide sufficient forensic evidence to protect your organization.

This release introduces expanded forensic traceability for actions taken within the Command Shell on Windows systems using Jump Clients, along with advanced traceability in screen-sharing contexts. Combined with existing session logging and monitoring, these enhancements provide clearer insight into what actions were taken, when, and by whom.

Additional security safeguards (such as automatically closing elevated windows upon session termination, and tighter controls over command shell context) work together to further reduce the risk of lingering privileged states.

Why this matters:
Auditing is an essential step in incident remediation, and as compliance requirements grow more stringent and investigations demand greater precision, service desks need more than session recordings. They need actionable, granular audit data that supports faster investigations, stronger accountability, and defensible compliance outcomes.

3. Granular RBAC for Service Desk Teams Without Admin Sprawl

Security and efficiency pressures are converging, and Remote Support 25.3 demonstrates that you can no longer solve for just one or the other: solutions need to address both.

Remote Support now offers more granular role-based access controls (RBAC) for service desk teams by allowing non-administrative users to manage policies for other non-administrative users, while maintaining a strict separation from administrator-level controls. This enables teams to move faster by removing unnecessary escalation to full administrators, while maintaining governance and least-privilege enforcement.

Why this matters:
Granularity with intention is a key indicator of solution maturity. By carefully expanding who can do what (and just as importantly, what they cannot), Remote Support preserves the security boundaries that auditors and security teams demand and empowers teams to scale responsibly.

4. Modern OS and Platform Support for Secure Remote Support

Remote Support continues to ensure operational readiness by fully supporting macOS Tahoe 26. For organizations managing diverse endpoint environments, timely OS support is essential for maintaining productivity and security consistency across the fleet.

In parallel, we’ve made improvements to dashboards and reporting to provide clearer visibility into license usage, Jump Client health, and Jumpoint status. This empowers service desk leaders to better understand capacity, coverage, and operational health in real time.

Why this matters:
Modern service desks must support the latest platforms without sacrificing security controls or visibility.

Remote Support 25.3 reinforces the service desk as a trusted extension of PAM, rather than as a parallel access path. This reflects BeyondTrust’s broader identity security strategy of expanding capability depth, increasing control granularity, and strengthening integrations without burdening customers with unnecessary complexity.

By advancing role-based access controls (RBAC), session monitoring, and forensic traceability, Remote Support continues to raise the bar for service desk security and efficiency. Deeper native integrations with Password Safe, ensure credentials remain vaulted, governed, and injected only when needed, aligning service desk workflows with PAM best practices rather than creating parallel or unmanaged access paths. And by maintaining strong support across solutions, it ensures organizations can operate securely as environments evolve.

As part of this release, Remote Support 25.3 also delivers important security updates and continued platform hardening. BeyondTrust maintains a disciplined secure development lifecycle and continuously evaluates product security to address emerging risks and evolving attack techniques. This version includes corrective fixes and additional safeguards designed to further strengthen session integrity, privileged access controls, and service desk resilience.

We strongly recommend that customers upgrade to Remote Support 25.3.2 to ensure they are running the most secure and stable version available. Staying current enables organizations to benefit from the latest security enhancements, performance improvements, and platform support updates. Enabling automatic critical updates can further streamline this process and reduce operational risk.

Security remains foundational to how BeyondTrust builds and evolves its solutions. Remote Support 25.3 reflects our ongoing commitment to proactive hardening, responsible remediation, and helping organizations protect the service desk as a critical component of their identity security strategy.

Together, these investments position Remote Support not just as a remote access security tool, but also as a core component of a modern, identity-centric security architecture. By extending consistent PAM controls across the service desk, organizations gain stronger governance, reduced attack surfaces, and clearer visibility as environments, threats, and compliance demands continue to evolve.

• Already a customer? Upgrading ensures you are on the most secure and stable version available. Enable automatic critical updates or upgrade now to benefit from the latest security and performance advancements.
• Exploring BeyondTrust Remote Support for the first time? See Remote Support in action, or try it yourself by requesting a free trial.

Need help with your upgrade or have technical questions?

• Open a secure support ticket via our Customer Portal
• Join the BeeKeepers Community to learn more from other users
• Explore our Security & Compliance Center