Integrate BeyondTrust Privilege Management for Windows with BeyondInsight


Privilege Management combines privilege management and application control technology in a single lightweight agent. This scalable solution allows global organizations to reduce the attack surface of their endpoint estate by eliminating local admin rights, enforcing application controls and protecting against the techniques used by modern malware.

With the integration between U-Series Appliance, BeyondInsight, and Privilege Management, you have a proven privilege management solution that transmits data about your endpoints and policies to a centralized management console with the reporting and analytic capabilities needed to reduce risk, maximize security, and empower users to work effectively.

The Endpoint Privilege Management Reporting and Web Policy Editor (WPE) features are not installed out of the box with BeyondInsight. Please contact your BeyondTrust representative for assistance with installing and configuring these features and their associated services in your BeyondInsight environment.

For more information on using the Web Policy Editor in BeyondInsight once installed and configured, please see Manage Endpoint Privilege Management Policies.


BeyondInsight and Privilege Management architecture diagram


  • BeyondInsight version or later
  • Privilege Management for Windows or later

The reporting component is available in BeyondInsight versions 6.10 and later releases. The Web Policy Editor component is available in BeyondInsight versions 22.1 and later releases. Please contact BeyondTrust Technical Support if you are interested in accessing these features.

The Privilege Management endpoints and the U-Series-BeyondInsight appliance communicate using TLS certificates for authentication of both parties. This guide details how to use the BeyondInsight default client certificate (eEyeEmsClient), but you may prefer to use your own Public Key Infrastructure (PKI).

For more information, please refer to Use a Domain PKI for BeyondInsight Communication in the BeyondInsight Installation Guide.

Network Considerations

TCP Port 443

An event service is used to communicate between Privilege Management and BeyondInsight using port 443. Events from Privilege Management are sent to BeyondInsight using this service. Communications over this channel is secured by means of a client certificate.

This connection is from the endpoint to the appliance where BeyondInsight is hosted. No ports need to be open on the client side.

TCP Port 1443 Required for the SQL Server database connection from the event server to the server where the database is hosted.

For information on integrating BeyondTrustPrivilege Management for Mac with BeyondInsight, please see the Privilege Management for Mac Integration Guide.