DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Welcome to EPM for Windows and Mac On-premises

What is Endpoint Privilege Management for Windows and Mac On-premises?

BeyondTrust Endpoint Privilege Management for Windows and Mac (EPM-WM) is an on-premises security solution that enforces least privilege on endpoint devices by removing standing administrative rights and controlling how elevated access is granted.

It enables organizations to manage application and user privileges across Windows and macOS systems within their own infrastructure, reducing the risk of unauthorized access, malware execution, and privilege escalation.

How is Endpoint Privilege Management for Windows and Mac useful?

EPM-WM provides these core capabilities:

  • Least privilege enforcement: Removes unnecessary administrative rights while allowing approved actions to run with elevation when required.
  • Application control: Defines which applications can run, under what conditions, and with what level of privilege.
  • Policy-based access management: Applies granular policies based on user, device, application, or context.
  • Privilege elevation workflows: Enables controlled elevation for specific tasks without granting full admin rights.
  • On-premises management: Delivers policy configuration, updates, and reporting through infrastructure managed within your environment.
  • Cross-platform support: Secures both Windows and macOS endpoints under a unified policy framework.

Updated about 2 hours ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.