Skip to main content

Endpoint Privilege Management demo

EPM for Windows and macOS

Youtube video for macOS and Windows Endpoint Privilege Management

What is Endpoint Privilege Management?

Endpoint Privilege Management (EPM) is a security solution that enforces the principle of least privilege by removing local administrative rights from users, allowing them to run necessary, approved applications with elevated privileges only when required. It reduces the attack surface, prevents unauthorized software execution, and mitigates ransomware risks by controlling which applications have high-level access. 
Endpoint Privilege Management (EPM) is all about implementing least privilege security on your Windows and macOS workstations. It is a cloud solution that allows you to remove local admin rights on your workstations to protect your organization. A user without local admin rights can’t make changes to system folders, kill processes, remove security software, and more. This makes your organization more secure, but the weakness is that users still need admin rights from time to time to install, update, or use business software. With idemeum EPM you can apply rules to automatically elevate certain apps or system actions without giving users permanent admin permissions.

EPM primary features

Flexible rule engine to determine how elevation requests need to be handled. You can match applications with file attributes, publishers, or certificate elements, and then define what applications need to be elevated automatically or blocked.
Idemeum agent can operate in audit mode to discover applications that users are elevating without enforcing any rules. After you identify the applications you need, you can enforce the rules mode.
Idemeum offers the option for users to request elevated actions. Once the request is submitted, IT team will receive a notification / ticket will be created in the ticketing system.
Idemeum integrates with various ticketing systems (HaloPSA, ConnectWise, etc.) to be able to create tickets when users request elevated actions.
Idemeum EPM integrates seamlessly with allowlisting so that you can combine application control with elevation management.
Idemeum agent offers protected mode for IT technicians to bypass any enforcement rules when they need to troubleshoot the workstation. Authenticate with mobile application to access the technician mode on any workstation.
For compliance requirements you can enforce standard user accounts across your workstations. Idemeum agent will periodically check the local Administrators group and downgrade all accounts there, except the exclusion list that you specify.
Idemeum agent automatically discovers all local admin and domain admin accounts across your workstations and offers an option to downgrade or remove these accounts.