EPM for macOS

In this post we define in detail how EPM functions on a macOS workstation

EPM offline mode - macOS

When the idemeum desktop agent is installed on macOS and the elevation mode is set to offline, idemeum desktop agent does not capture elevation events, does not apply any rules and does not change any default macOS behavior.

EPM audit mode - macOS

Audit mode works for any user privilege - standard and admin users.

Capture elevation events for protected menus, apps that require elevation, and SUDO commands
Rules are not applied
Users are presented with native authentication window

EPM rule mode - macOS

The table below represents how EPM behaves depending on what user is logged in to the workstation - standard, admin, or MSP.

	OS protected menus	App with no admin elevation	App with admin elevation	SUDO command
Standard user	Request	-	Request	Request
Admin user	Request	-	Request	Request
MSP tech	Auto approved	-	Auto approved	Auto approved
Offline mode	Native auth	-	Native auth	Native auth

Quick-start guides

Core features

Desktop agent

JIT Computer Access

JIT Entra ID Access

Endpoint Privilege Management

Cloud LAPS

RFID Single Sign-On

Multi-tenant MSP portal

Cloud RADIUS

Security

Support

Knowledgebase

Legal

EPM for macOS

EPM offline mode - macOS

EPM audit mode - macOS

EPM rule mode - macOS

On this page