Access Management

Microsoft Azure Console

Access to the Azure management console for the subscription where the customer’s deployment lives is exclusively available to BeyondTrust employees who require it for their job responsibilities. To maintain security, phishing-resistant MFA is required to access the console, and all activity is audited for compliance.

BeyondTrust Access to Customer Instances

OS-level access to Endpoint Privilege Management instances or clusters requires the use of Privileged Remote Access (PRA). This access is granted to a limited number of authorized support, cloud operations, and engineering employees, and is subject to IT-maintained phishing-resistant MFA for additional security. Furthermore, granular permission-setting ensures that only approved accounts are granted access. To ensure accountability, all sessions must be recorded and stored for a minimum of 90 days.

Only a select few authorized support, cloud operations, and engineering personnel are allowed access to the backend of customer instances.

A support incident is required to access a customer instance, except for in the case of Severity Level 1 incidents, for which an exception may apply.