Q: What is Endpoint Privilege Management and how does it improve endpoint security?
Endpoint Privilege Management (EPM) is a form of Privileged Access Management (PAM) that controls administrative privileges across endpoints. Rather than requiring permanent admin rights, EPM provides just-in-time privilege elevation with audit trails. This eliminates the common dilemma of choosing between giving users full admin access or forcing them to submit tickets for every software installation. EPM significantly improves endpoint security because when malware compromises an endpoint, it can only operate with standard user privileges instead of full administrative control.
Q: How does Admin By Request's EPM solution work without requiring permanent admin rights?
Admin By Request EPM intercepts privilege requests at the system level and elevates only the specific application or process that needs admin rights, not the entire user session (when using Run as Admin – single app elevation). This sandboxed approach allows users to install software autonomously while maintaining policy enforcement. You get two elevation modes: Run As Admin for individual applications and Admin Session for time-limited full administrative access.
Q: What makes Admin By Request different from traditional allowlist solutions?
Our EPM product includes allowlist capabilities through Pre-Approval, where administrators can create policies based on file location, vendor certificates, or checksums. What sets us apart from other enterprise cybersecurity solutions is flexibility in how these allowlists are built and maintained. Machine learning automatically adds frequently approved applications to allowlists, AI approval uses application popularity scores, and you can quickly pre-approve applications directly from audit logs. You can start with traditional allowlist approaches but evolve to more dynamic, data-driven policies.
Q: Can the EPM solution work for both online and offline endpoints?
Yes, Admin By Request EPM works whether endpoints are online or offline. Portal settings and elevation logs are cached locally on each device and sync when connectivity is restored. For offline scenarios requiring manual approval, administrators can generate unique PIN codes that users enter to complete their elevation requests. This ensures business continuity even when devices can’t reach the corporate network.
Q: What happens if a user gets disconnected from the domain or needs emergency admin access?
Admin By Request EPM includes a Break Glass feature that generates a one-time, time-limited full local admin account on any endpoint with a single click. This enhanced LAPS solution is ideal for emergency situations where a user becomes disconnected from the directory and no permanent admin account exists on the device. Break Glass accounts are fully logged in the portal, and all processes elevated under these accounts are audit logged for complete visibility.
Q: How does the solution help with compliance and auditing requirements?
Endpoint Privilege Management includes audit and asset tracking features as standard. Every privilege elevation is logged with detailed information including user identity, application details, timestamps, and approval decisions. The system provides filterable views of all managed computers, reporting of installed software and hardware, and API access for integration with SIEM tools. All elevation activity can be exported in PDF, XLS, or CSV formats for compliance reporting.
Q: Does Admin By Request require minimum service hours or additional infrastructure?
No, we don’t require customers to purchase minimum service hours. Our Zero Trust platform is built for ease of use, allowing most organizations to deploy and manage it without ongoing support costs. There’s also no on-premises infrastructure required (no servers, VM appliances, or databases). It’s a SaaS-based solution that you can start testing immediately with our Free Plan covering up to 25 endpoints.
Q: Do you provide setup and configuration services?
Admin By Request EPM is designed to be intuitive enough that most organizations can deploy it without professional setup services, even across thousands of endpoints. However, if you prefer assistance with configuration or other aspects, our team is happy to offer that support.
Q: What operating systems and deployment methods does the EPM solution support?
EPM supports Windows, macOS, and Linux endpoints with cross-platform licensing. The lightweight agent (under 2MB) deploys using standard tools like SCCM, Microsoft Intune, or Jamf. It works across diverse environments including standalone workgroups, multi-domain Active Directory, and Entra ID deployments. The same EPM policies and audit capabilities apply consistently across all supported platforms.
Q: What other applications or services does Admin By Request Endpoint Privilege Management integrate with?
Admin By Request Endpoint Privilege Management integrates with: Active Directory, Microsoft Entra ID, Microsoft Sentinel, ChatGPT, Jira, Lucidum, MetaDefender Vault, Microsoft Teams, OctoXLabs, Okta, OPSWAT MetaDefender, Microsoft Power BI, ServiceNow, Slack, Splunk Cloud Platform, ThreatAware, and VirusTotal.
