Policies

ℹ️

Note

Endpoint Privilege Management features are only available when an Endpoint Privilege Management license is detected.

Using BeyondInsight with Endpoint Privilege Management for Windows and Mac:

• Deploy Endpoint Privilege Management policies to assets and policy users.
• View a list of policies.
• Manage the global priority for the policies (in single-tenant environments only).
• With the appropriate permissions, manage all areas of policy, including view, unlock, edit, and delete.

View policies

1. From the left menu in BeyondInsight, select Policies under Endpoint Privilege Management.
2. To filter the list of displayed policies, select the criteria from the Filter by list above the grid. Available filter options are:
   • Policy Name
   • Locked
   • Locked By
   • Policy Version
   • Policy Workgroup
   • Powered by

ℹ️

Note

If you select Filter by > Locked, you can then select Locked or Unlocked as the filter criteria. If a policy is locked, this indicates that a user currently has it locked by a policy editor. The ability to lock, unlock, and edit policies in BeyondInsight is planned for a future release. If the Policy Editor is installed in your BeyondInsight instance, and you have sufficient permissions, you can unlock a policy that is locked by another user, and then lock the policy so you can edit it.

ℹ️

Note

You can see who added, modified, or deleted a policy from the Configuration > General > User Audits page. Click the i button for a specific activity to view details.

Deploy policies using a Smart Rule

Use a Smart Rule to deploy policy to assets or policy users.

1. From the Smart Rules page in BeyondInsight, select Asset or Policy User from the Smart Rule type Filter dropdown, and then click Create Smart Rule.
2. Select your desired Selection Criteria.
3. Under Actions, select Deploy Endpoint Privilege Management Policy from the dropdown.
4. Click Select Policies for Deployment.
5. Select the policies using the Add Policy button (plus sign) next to the policy.
6. Use the arrow buttons to arrange the policies. The higher in the list the higher the priority of the policy. Alternatively, use the global priority feature to set the priority. If the global priority feature is active, you cannot set the priority using the arrow buttons.
7. To use the arrows to change priority settings, select Configure Global Priority to deactivate the feature.
8. Click Accept Changes.

ℹ️

Note

We recommend setting policy priority using the global policy priority feature.

Manage global priority for policies

If multiple Smart Rules contain the same asset and there is a different policy priority set in each Smart Rule, the Endpoint Privilege Management agent does not know the policy with top priority on that asset. In this case, a different policy can take precedence each time the agent processes the Smart Rules.

To prevent this, we recommend setting a global priority to process all policy Smart Rules and serve all policies across all applicable Smart Rules to the Endpoint Privilege Management agent as per the defined global priority order.

ℹ️

Note

The global policy priority feature is supported only in single-tenant BeyondInsight installations. This feature is disabled in multi-organization environments.

The global policy priority feature is enabled by default on new installations of BeyondInsight 21.1 or later. It is not enabled by default when upgrading BeyondInsight versions prior to 21.1 to the 21.1 release or later releases.

Enable global policy priority as follows.

1. From the left menu in BeyondInsight, select Policies under Endpoint Privilege Management.
2. Click Configure Global Priority Policy, or if this is your first time using the global policy priority feature, click Configure Now in the banner that displays at the top of the page.
3. Select the policies using the plus sign next to the policy and set their priorities using the arrows. Alternatively, you can manually specify the priority number in the box for the policy, and then click the plus sign.

ℹ️

Note

All policies must be prioritized to enable the Use Global Priority option. Also, any policies added to BeyondInsight after global policy priority is enabled, are not available for assignment in Smart Rules until a priority is explicitly set for them here.

4. Click Save Priority.
5. The banner at the top of the page now indicates a global policy priority has been configured. Click the toggle to enable the Use Global Priority option.
6. A confirmation message displays. Click Enable Global Policy Priority.
7. Global policy is enabled, Smart Rule prioritization is disabled, and the policies display in the grid with their assigned priority.

Agents

View Endpoint Privilege Management agents

Agents are assets with Endpoint Privilege Management installed. You can view and download Endpoint Privilege Management agents on the Endpoint Privilege Management Agents page.

To view the Endpoint Privilege Management Agents

1. From the left navigation in BeyondInsight, click MENU.
2. Under Endpoint Privilege Management, click Agents.
   You can also access the Endpoint Privilege Management Agents page from the Assets page by clicking the Endpoint Privilege Management link at the top of the page.
3. By default, displayed agents are filtered by the Discovery Scanners Smart Group. Select a Smart Group from the Smart Group filter to view agents for that Smart Group.
4. To further filter the displayed agents, use the Last Updated filter, or Filter by criteria.
5. Click the Download All button above the grid to download the list of agents to a CSV file.

📘

Depending on the configuration of your grid and selected columns, not all agent details may be visible. See Display and preferences.