EPM for macOS
In this post we define in detail how EPM functions on a macOS workstation
EPM offline mode - macOS
When the idemeum desktop agent is installed on macOS and the elevation mode is set to offline, idemeum desktop agent does not capture elevation events, does not apply any rules and does not change any default macOS behavior.
EPM audit mode - macOS
Audit mode works for any user privilege - standard and admin users.
- Capture elevation events for protected menus, apps that require elevation, and SUDO commands
- Rules are not applied
- Users are presented with native authentication window
EPM rule mode - macOS
The table below represents how EPM behaves depending on what user is logged in to the workstation - standard, admin, or MSP.
| OS protected menus |
App with no admin elevation |
App with admin elevation |
SUDO command |
|
|---|---|---|---|---|
| Standard user | Request | - | Request | Request |
| Admin user | Request | - | Request | Request |
| MSP tech | Auto approved | - | Auto approved | Auto approved |
| Offline mode | Native auth | - | Native auth | Native auth |