Endpoint Privilege Management for Mac ePO Extension Administration

Endpoint Privilege Management for Mac combines privilege management and application control technology in a single, lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business.

Actionable intelligence is provided by an enterprise class reporting solution with endpoint analysis, dashboards, and trend data for auditing and compliance.

  • Achieve Least Privilege on Mac: There are many functions that require an admin account to run. While most Mac users typically use an admin account to gain the flexibility they need, this represents a large security risk in the enterprise. Endpoint Privilege Management for Mac allows users to log on with standard user accounts without compromising productivity or performance, by allowing the execution of approved tasks, applications and installations as required, according to the rules of your policy.
  • Empower Users and Gain Control: Allow and block the use and installation of specific binaries, packages, and bundles. By taking a simple and pragmatic approach to allowlisting, you can gain greater control of applications in use across the business. This immediately improves security by preventing untrusted applications from executing.
  • Unlock Privileged Activity: Even privileged applications and tasks that usually require admin rights are able to run under a standard user account. With Endpoint Privilege Management for Mac, you can unlock approved system preferences such as date and time, printers, network settings, and power management without needing admin credentials.
  • Take a Pragmatic Approach with Broad Rules: Broad catch-all rules provide a solid foundation, with exception handling options to handle unknown activity. Define the application and set its identification options such as filename, hash, publisher, or URI. Then assign the application to the users who require enhanced rights and set up any additional options, such as end user messaging and auditing.
  • Achieve Compliance: You will have the knowledge to discover, monitor, and manage user activity from the entire enterprise, drawing upon actionable intelligence to make informed decisions. Graphical dashboards with real-time data provide a broad range of reports to aid troubleshooting and provide the information you need to proactively manage your policy on an ongoing basis.
  • Apply Corporate Branding: You can add your own branding to messages and prompts, with reusable messaging templates that make it easy to improve the end user experience. You have control over text configuration.
  • Customizable Messaging: Working seamlessly with macOS, Endpoint Privilege Management for Mac can suppress standard, restrictive messages and allows you to create your own customized authorization prompts to handle exceptions and enable users to request access. Set up access request reasons, challenge and response codes, or password protection to add additional security layers, or simply improve prompts to reduce helpdesk inquiries.
  • Simple, Familiar Policy Design: Firewall-style rules based on Application Groups make set up and management simple. Using the same Endpoint Privilege Management interface and client as for Windows, you can create flexible Workstyles based on the requirements of individuals and groups of users.

About Trellix ePolicy Orchestrator

Trellix ePO software, the foundation of the Trellix Security Management solution, unifies management of endpoints, networks, data, and compliance solutions. More than 45,000 organizations use Trellix ePO software on nearly 60 million nodes to manage security, streamline and automate compliance processes, and increase overall visibility across security management activities. With its scalable architecture, fast time to deployment, and ability to support enterprise systems, Trellix ePO software is the most advanced security management software available.

Only Trellix ePO offers:

End-to-end visibility: Get a unified view of your security posture. Drillable, drag-and-drop dashboards provide security intelligence across endpoints, data, mobile, and networks for immediate insight and faster response times.

Simplified security operations: Streamline workflows for proven efficiencies. Independent studies show ePO software helps organizations of every size streamline administrative tasks, ease audit fatigue, and reduce security management-related hardware costs.

An open, extensible architecture: Leverage your existing IT infrastructure. Trellix ePO software connects management of both Trellix and third-party security solutions to your LDAP, IT operations, and configuration management tools. LDAP Servers can be made available via the built-in registered servers in ePO.

For more information, see Trellix ePolicy Orchestrator.

Endpoint Privilege Management for Mac and Trellix

Endpoint Privilege Management for Mac is implemented as a server extension to Trellix ePolicy Orchestrator, enabling Workstyles to be managed through the ePO Policy Catalog. Granular auditing and reporting of Endpoint Privilege Management for Mac activity is available using ePO integrated dashboards and query editor, as well as the reporting module.

The BeyondTrust Endpoint Privilege Management Reporting module uses the Endpoint Privilege Management Reporting database to store Endpoint Privilege Management for Mac audit data for reporting.

Endpoint Privilege Management for Mac is deployed to endpoints as a client task through the ePO System Tree.

If you do not want to use Trellix ePO for deployment of the client package, the Endpoint Privilege Management for Mac client is available as an executable package, which can be deployed using any suitable third-party deployment solution.

Endpoint Privilege Management for Mac policies are deployed to endpoints through ePO Policy Assignments, which are automatically applied by the Endpoint Privilege Management for Mac client.

If you do not want to use Trellix ePO for deployment of Workstyles, then you may import or export Workstyles as an XML file, and use any suitable deployment solution to deploy the XML file to a set location on each client computer.

BeyondTrust Endpoint Privilege Management App

Starting in version 23.10, we are updating and enhancing the policy editing and reporting experience for our Endpoint Privilege Management for Windows and Mac solution deployed via Trellix ePolicy Orchestrator (ePO).

This new experience will mean policy editing and reporting will happen outside of the ePO extension and will instead be delivered via a new Electron-based application called the BeyondTrust Endpoint Privilege Management App, published by BeyondTrust.