BeyondTrust Endpoint Privilege Management App

The BeyondTrust Endpoint Privilege Management App for ePO is comprised of two components:

  • Web Policy Editor: Edit and manage policies through an updated modern user interface.
  • Endpoint Privilege Management Reporting: Provides overview data and detailed insights on user behavior within your organization.
    • Add to Policy: Included in reporting is Add to Policy functionality, which allows you to seamlessly update policy based on user events in reporting event data.

Download the BeyondTrust Endpoint Privilege Management App from the BeyondTrust Customer Portal.

Endpoint Privilege Management App Features Overview

The new features available in the BeyondTrust Endpoint Privilege Management App:

  • Better overall policy editing and reporting user experience
  • Updated Trusted Application Protection token and template
  • Updated QuickStart policy templates
  • Add basic admin rights Windows access token
  • A more secure elevation token with greater control over granted privileges for rules targeted at actions
  • Privileges enhanced Windows access token
  • Keeps the same privileges of the process token. Should be used with advanced parent tracking or anti-tamper.
  • Ability to require a secret to uninstall EPM agent (Agent Protection)
  • Option to use a reason drop down in macOS end user messages
  • Disable applications and application rules for easy testing and policy updates
  • Windows Hello and macOS Touch ID message authentication
  • Windows and Mac AND / OR message logic UX improvements
  • Windows and Mac IdP / RADIUS message configuration
  • BeyondTrust Password Safe integration
  • DLL Control for Windows
  • Ability to elevate Store Apps for Windows (depending on app type)
  • ACR MFA support for Mac
  • Support Azure AD Conditional Access Policies (MFA) for Mac
  • And more UX and usability enhancements

Features that will not be available in the BeyondTrust Endpoint Privilege Management App at initial launch:

  • Local AD Search
    • AD accounts and groups can still be added manually for Windows workstyle filtering, custom tokens and designated users in messages
  • Manually update reputation for events

Features that will not be available in the BeyondTrust Endpoint Privilege Management App and are being deprecated:

  • Windows workstyle expiry filters
  • Windows workstyle time range filters