Skip to main content

Endpoint Privilege Management

EPM for macOS

In this post we define in detail how EPM functions on a macOS workstation

EPM offline mode - macOS

When the idemeum desktop agent is installed on macOS and the elevation mode is set to offline, idemeum desktop agent does not capture elevation events, does not apply any rules and does not change any default macOS behavior.

EPM audit mode - macOS

Audit mode works for any user privilege - standard and admin users.

  • Capture elevation events for protected menus, apps that require elevation, and SUDO commands
  • Rules are not applied
  • Users are presented with native authentication window

EPM rule mode - macOS

The table below represents how EPM behaves depending on what user is logged in to the workstation - standardadmin, or MSP.

OS protected
menus
App with no
admin elevation
App with
admin elevation
SUDO
command
Standard user Request - Request Request
Admin user Request - Request Request
MSP tech Auto approved - Auto approved Auto approved
Offline mode Native auth - Native auth Native auth