Endpoint Privilege Management (Cloud and Pathfinder) 25.6

July 29, 2025

✨ Enhancements

Analytics: Improvements to the analytics download on the Applications tab

Now, when you download the CSV, it runs smoothly in the background and can handle up to 5 million rows of data. This means you can get even more detailed insights without any hassle.

The data provides you with a clearer view of when users log on to managed endpoints and what privileges they use, whether standard or administrator.

You'll find the data displayed just like it is on the Users page, with the top-level aggregate row and expandable rows of data for easy access.

📘
For more information, see

Application analytics (Classic)

Application analytics (Pathfinder)

Analytics: Filter by User Email for easier insights

The User Email filter is in place to ready Analytics for future event processing from endpoints. This feature will be fully available in a future release.

You can now filter events and user analytics by email address—making it simpler to see who’s doing what on an endpoint.

Here’s how to use the new User Email filter:

On the Events and Users tabs, search using the email filter.
Add User Email from the Column Chooser.
View the User Email field in the Event Details panel.
The email column now appears in CSV exports.
Include it in your Saved Views for quick access.

Available for both Windows and macOS.

📘
For more information, see

Event Analytics and User Analytics (Classic).

Event Analytics and User Analytics (Pathfinder).

Policy Editor: Identity Provider settings have moved!

To make things easier to find, the settings for configuring OIDC and RADIUS for multi-factor authentication have been relocated. You’ll now find them under Utilities in the Policy Editor menu instead of Messages.

No worries—this is just a UI update. Everything still works the same, and there’s no need to update any existing policies using IdP.

📘
For more information, see

Policy Editor utilities (Classic)

Policy Editor utilities (Pathfinder)

Notifications panel: Refreshed look

We’ve given the Notifications panel a visual refresh! Downloads are now easier to view, and the panel layout is more consistent with EPM styling.

Click mark the event as read.
Click the event link to download the event.

📘
For more information, see

Display options and notifications (Classic)

Display options and notifications (Pathfinder)

🛠️ Issues resolved

Description	Resolution
The app matcher, “Regular Expressions”, was not matching on all app types.	Windows application matcher "Regular Expressions" are added to policy when configured for all applicable application types.
The name of the S3 bucket was the same as the VM user and the name couldn’t be changed.	Introduced a SystemParameter value 'S3Prefix' which can override the default folder name for the S3 integration.
Cannot generate valid EPM URL to view JIT app details.	Introduced the new template field %%EpmId%% for the JIT Application webhook responses. This template field will return the integer ID used by the PMC portal to display the JIT Application details.
A large number of events might not finish processing due to a timeout.	Increased the timeout for Elasticsearch to help process large events.
In some cases, administrators cannot successfully accept the EULA.	All administrators can now accept the EULA.
Events larger than 256 characters not sent to Elastic.	ECS events accepted by Elastic when there are large values in EPMWinMac.RemotePowerShell.Command.
Timeout occurring on a large number of JIT app access requests.	Fixed an issue that was preventing users from accessing the JIT Application Access requests when there were a large number of requests.
Azure AD integration user sync failing.	Added a feature flag to allow the Entra ID integration to continue syncing users if the UPN is empty.
Add to policy button displayed in scenarios where the event could not be added using the button.	We have removed the Add to Policy button for Applications that cannot be added to policy via this method.
When using the Management API, not all date filters were accepted and an error message displayed.	Updated the AuthorizationRequest [GET] date-based filters to require a format that is consistent with the response date formats.
Entra ID resync button remains enabled when resyncs were initiated on the backend.	Now the resync button disables during resyncs initiated on the backend.
Entra ID integration failing for deployments with a large number of agents.	Fixed an issue that was causing the Entra ID integration to fail for large deployments.

🧩 EPM Components

EPM Cloud: 25.6.554
Policy Editor: 25.6.17
PMR UI: 25.6.47
Event Collector: 25.6.27
PM Reporting Database: 23.9.13

🔄 Compatibility

🔃 Supported product versions for EPM

Product	Recommended	Supported
EPM Windows adapter	25.6.554	25.5.440 \| 25.4.598 \| 25.3.671 \| 25.2.485 \| 24.8.446 \| 24.7.831 \| 24.6.697 \| 24.5.1037 \| 24.4.361 \| 24.3.766 \| 24.2.499 \| 24.1.581 \| 23.9.578 \| 23.8.515 \| 23.7.356 \| 23.6.562 \| 23.5.516 \| 23.4.424
EPM for Windows	25.4.270.0	25.4.184.0 \| 25.2.1.0 \| 24.8.98.0 \| 24.7.425.0 \| 24.5.361.0 \| 24.5.351.0 \| 24.3.294.0 \| 24.1.108.0 \| 23.9.225.0 \| 23.7.150.0 \| 23.5.212
EPM Response Generator for Windows	25.4.270.0	25.4.184.0 \| 25.2.1.0 \| 24.8.98.0 \| 24.7.425.0 \| 24.5.361.0 \| 24.5.351.0 \| 24.3.294.0 \| 24.1.108.0 \| 23.9.225.0 \| 23.7.150.0 \| 23.5.212
EPM for macOS	25.6.0.48	25.4.1.2 \|25.2.0.1 \| 24.8.0.1 \| 24.7.0.1 \| 24.5.2.3 \| 24.5.1.1 \| 24.5.0.1 \| 24.3.0.1 \| 24.1.0.1 \| 23.9.0.1 \| 23.7.0.3 \| 23.5.0.3
PM macOS adapter	25.6.0.48	25.4.1.2\| 25.2.0.1 \| 24.8.0.1 \| 24.7.0.1 \| 24.5.2.3 \| 24.5.1.1 \| 24.5.0.1 \| 24.3.0.1 \| 24.1.0.1 \| 23.9.0.1 \| 23.7.0.3 \| 23.5.0.3 \| 22.5.1.1
PM Rapid Deployment Tool for macOS	25.4.1.5	25.4.1.2 \|25.2.0.1 \| 24.8.0.1 \| 24.7.0.2 \| 24.5.0.1 \| 24.3.0.1 \| 24.1.0.1 \| 23.1.0.1 \| 23.9.0.1 \| 23.7.0.1 \| 23.5.0.1
PM Response Generator for macOS	25.6.0.48	25.4.1.2 \|25.2.0.1 \| 24.8.0.1 \| 24.7.0.1 \| 24.5.2.3 \| 24.5.1.1 \| 24.5.0.1 \| 24.3.0.1 \| 24.1.0.1 \| 23.9.0.1 \| 23.7.0.3 \| 23.5.0.3