> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# EPM control mode

> Configure how control agent is enforcing elevation rules on your workstations.

## EPM control modes

Assuming the [EPM is enabled](/epm/enable-endpoint-privilege-management) for your tenant, you can change the `control mode` for each device to define how the control agent will handle elevations.

* <Badge>offline</Badge> - idemeum control agent is not doing anything
* <Badge color="yellow">audit</Badge> - idemeum control agent collects events, but does not enforce rules
* <Badge color="blue">rules</Badge> - idemeum agent applies rules and performs auto elevation

The sections below show how Windows and macOS devices behave with idemeum control agent installed depending on certain parameters.

### Windows

| Mode                                | User type | Control agent  | User experience                                                             |
| ----------------------------------- | --------- | -------------- | --------------------------------------------------------------------------- |
| <Badge>offline</Badge>              | admin     | no actions     | No experience change                                                        |
| <Badge>offline</Badge>              | standard  | no actions     | No experience change                                                        |
| <Badge color="yellow">audit</Badge> | admin     | capture events | UAC set to always prompt<br />Native auth<br />Events captured in the cloud |
| <Badge color="yellow">audit</Badge> | standard  | capture events | UAC set to always prompt<br />Native auth<br />Events captured in the cloud |
| <Badge color="blue">rules</Badge>   | admin     | no actions     | Native auth<br />No events in the cloud<br />No rules or auto elevations    |
| <Badge color="blue">rules</Badge>   | standard  | enforce rules  | Rules and auto elevations<br />Events captured in the cloud                 |

### macOS

| Mode                                | User type | Control agent  | User experience                                                          |
| ----------------------------------- | --------- | -------------- | ------------------------------------------------------------------------ |
| <Badge>offline</Badge>              | admin     | no actions     | No experience change                                                     |
| <Badge>offline</Badge>              | standard  | no actions     | No experience change                                                     |
| <Badge color="yellow">audit</Badge> | admin     | capture events | Native auth<br />Events captured in the cloud                            |
| <Badge color="yellow">audit</Badge> | standard  | capture events | Native auth<br />Events captured in the cloud                            |
| <Badge color="blue">rules</Badge>   | admin     | no actions     | Native auth<br />No events in the cloud<br />No rules or auto elevations |
| <Badge color="blue">rules</Badge>   | standard  | enforce rules  | Rules and auto elevations<br />Events captured in the cloud              |

## Change EPM control mode

* Navigate to your idemeum admin portal
* Select `Devices` and search for the device you want to change the app control mode for
* Click on `...` then choose `Set app control mode`
* Choose the mode and save the configuration

<img src="https://mintcdn.com/idemeum/iMx8yN8Y_qUcgu75/images/CleanShot-2026-05-22-at-00.08.03@2x.png?fit=max&auto=format&n=iMx8yN8Y_qUcgu75&q=85&s=788787865cf1ee0449a49ba3d2a68a3f" alt="Clean Shot 2026 05 22 At 00 08 03@2x" width="3018" height="2234" data-path="images/CleanShot-2026-05-22-at-00.08.03@2x.png" />

## Bulk EPM control mode change

* Navigate to your idemeum admin portal
* Access `Devices` section and select multiple devices with checkboxes
* Click on the bulk change button at the top and choose `Set app control mode`
* Choose the mode and save the configuration