Privilege Management for Mac ePO Extension Administration

Privilege Management for Mac combines privilege management and application control technology in a single, lightweight agent. This scalable solution allows global organizations to eliminate admin rights across the entire business.

Actionable intelligence is provided by an enterprise class reporting solution with endpoint analysis, dashboards, and trend data for auditing and compliance.

Achieve Least Privilege on Mac

There are many functions that require an admin account to run. While most Mac users typically use an admin account to gain the flexibility they need, this represents a large security risk in the enterprise. Privilege Management for Mac allows users to log on with standard user accounts without compromising productivity or performance, by allowing the execution of approved tasks, applications and installations as required, according to the rules of your policy.

Empower Users and Gain Control

Allow and block the use and installation of specific binaries, packages, and bundles. By taking a simple and pragmatic approach to allowlisting, you can gain greater control of applications in use across the business. This immediately improves security by preventing untrusted applications from executing.

Unlock Privileged Activity

Even privileged applications and tasks that usually require admin rights are able to run under a standard user account. With Privilege Management for Mac, you can unlock approved system preferences such as date and time, printers, network settings, and power management without needing admin credentials.

Take a Pragmatic Approach with Broad Rules

Broad catch-all rules provide a solid foundation, with exception handling options to handle unknown activity. Define the application and set its identification options such as filename, hash, publisher, or URI. Then assign the application to the users who require enhanced rights and set up any additional options, such as end user messaging and auditing.

Achieve Compliance

You will have the knowledge to discover, monitor, and manage user activity from the entire enterprise, drawing upon actionable intelligence to make informed decisions. Graphical dashboards with real-time data provide a broad range of reports to aid troubleshooting and provide the information you need to proactively manage your policy on an ongoing basis.

Apply Corporate Branding

You can add your own branding to messages and prompts, with reusable messaging templates that make it easy to improve the end user experience. You have control over text configuration.

Customizable Messaging

Working seamlessly with macOS, Privilege Management for Mac can suppress standard, restrictive messages and allows you to create your own customized authorization prompts to handle exceptions and enable users to request access. Set up access request reasons, challenge and response codes, or password protection to add additional security layers, or simply improve prompts to reduce helpdesk inquiries.

Simple, Familiar Policy Design

Firewall-style rules based on Application Groups make set up and management simple. Using the same Privilege Management interface and client as for Windows, you can create flexible Workstyles based on the requirements of individuals and groups of users.

About McAfee ePolicy Orchestrator

McAfee ePO software, the foundation of the McAfee Security Management solution, unifies management of endpoints, networks, data, and compliance solutions. More than 45,000 organizations use McAfee ePO software on nearly 60 million nodes to manage security, streamline and automate compliance processes, and increase overall visibility across security management activities. With its scalable architecture, fast time to deployment, and ability to support enterprise systems, McAfee ePO software is the most advanced security management software available.

Only McAfee ePO offers:

End-to-end visibility: Get a unified view of your security posture. Drillable, drag-and-drop dashboards provide security intelligence across endpoints, data, mobile, and networks for immediate insight and faster response times.

Simplified security operations: Streamline workflows for proven efficiencies. Independent studies show ePO software helps organizations of every size streamline administrative tasks, ease audit fatigue, and reduce security management-related hardware costs.

An open, extensible architecture: Leverage your existing IT infrastructure. McAfee ePO software connects management of both McAfee and third-party security solutions to your LDAP, IT operations, and configuration management tools. LDAP Servers can be made available via the built-in registered servers in ePO.

For more information, please see McAfee ePolicy Orchestrator.

Privilege Management for Mac and McAfee

Privilege Management for Mac is implemented as a server extension to McAfee ePolicy Orchestrator, enabling Workstyles to be managed through the ePO Policy Catalog. Granular auditing and reporting of Privilege Management for Mac activity is available using ePO integrated dashboards and query editor, as well as the reporting module.

The BeyondTrust Privilege Management Reporting module uses the Privilege Management Reporting database to store Privilege Management for Mac audit data for reporting.

Privilege Management for Mac is deployed to endpoints as a client task through the ePO System Tree.

If you do not want to use McAfee ePO for deployment of the client package, the Privilege Management for Mac client is available as an executable package, which can be deployed using any suitable third-party deployment solution.

Privilege Management for Mac policies are deployed to endpoints through ePO Policy Assignments, which are automatically applied by the Privilege Management for Mac client.

If you do not want to use McAfee ePO for deployment of Workstyles, then you may import or export Workstyles as an XML file, and use any suitable deployment solution to deploy the XML file to a set location on each client computer.