Privilege Management for Mac 25.2 release notes
about 2 months ago
February 25, 2025
Requirements
Trellix (formerly McAfee) Agent (required if you are installing the Privilege Management client with Trellix).
New features
OAuth support in BeyondInsight
Added OAuth authentication for BeyondInsight and Password Safe integrations with EPM for Mac. When creating a package in the Rapid Deployment Tool, add Activation ID and Activation Key for the OAuth configuration. The values are generated in BeyondInsight.
JIT Application Access - macOS sudo
Added sudo to Just-in-Time (JIT) Application Access to provide users temporary, time-limited privileges to sudo commands.
Issues resolved
Issues
| Description | Resolution |
|---|---|
| JIT Admin users may not be able to access the My Admin Requests section of Beyondtrust.app when the workstyle which enables JIT Admin feature is filtered to standard users only. | The My Admin Requests section now displays correctly for end users. |
| In the Rapid Deployment Tool, the settings package cannot be successfully exported when only BeyondInsight is set as the Export option. | The Rapid Deployment Tool where BeyondInsight settings packages, which excluded the Endpoint Privilege Management settings, would not successfully export if a certificate was missing. |
| BI Adapter Version (Null) without PMFM installed | The BeyondInsight Adapter where it was showing a NULL version of the Adapter in system logs when Endpoint Privilege Management was not installed. |
| Capture Config didn’t capture com.beyondtrust.interrogator subsystem when Defendpoint Logs option was selected. | A com.beyondtrust.interrogator subsystem log file is captured when Defendpoint Logs option has been selected. |
| Quickstart template lists sudo /usr/bin/sudo as a binary rather than a sudo command | Removed application template named sudo with Application Type: Binary _and File path: /usr/bin/sudo_ from the Policy Editor QuickStart templates for macOS. Control sudo commands with the sudo application type. |
| Endpoint Privilege Management menu bar options do not highlight on hover. | The Endpoint Privilege Management menu bar options now highlight on hover. |
| Reduce the default DeadlineOffSet value to match the ES deadline reduction in macOS 14.5 | The Endpoint Security deadline timeout on macOS 14 and 15 was triggering too early, the user now has a few seconds more before the timeout occurs. |
| Update Messaging.app template in Quickstart | Updated Messaging.app template in Quickstart so that Endpoint Privilege Management correctly matches against Messaging.app when applied to policy. |
| The User Type in BeyondInsight events is always Administrator. | The User Type now displays the correct user, Administrator or Standard User, in the BeyondInsight EPM Events section. |
| JIT Admin - Administrator user can be created by switching users to root | Administrator accounts cannot be created by switching users to root during a JIT Admin session. |
| Cancelling an EPM-M dialog box when an app is installed to the /Applications folder does not generate an audit event. | An audit event generates (120 - process-start-cancelled-by-user) for the cancelled dialog box. |
| .NET installer failing to install. | Resolved an issue where large Installers fail to open with Endpoint Privilege Management control as the file evaluation would timeout due to the size of the file (5GB+). |
| Protege app not launching after latest Mac client 24.7 update | The Protege application can run when EPM-M is installed. |
| Delay in EPM-M functionality after user is removed from Admin Group | Resolved an issue where there was a delay in Endpoint Privilege Management user group filtering after a user is removed from the Admin Group. |
| Application version is incorrect when installing a different version. | The version of applications was being incorrectly cached, which affected policies that used the Maximum and Minimum File Versions matching criteria. |
| Installer closes when installing the application Schrodinger_Suites_2024-3_Advanced_MacOSX.pkg | Resolved an issue where large Installers fail to open with Endpoint Privilege Management control as the file evaluation would timeout due to the size of the file (5GB+). |
| Large Installers fail to open due to endpoint security timeout | Resolved an issue where large Installers fail to open with Endpoint Privilege Management control as the file evaluation would timeout due to the size of the file (5GB+). |
Compatibility
- Privilege Management Policy Editor 25.2
- Privilege Management ePO Extension 25.2
- Privilege Management Console Adapter 25.2
- BeyondInsight/Password Safe 24.2.1
- Trellix Agent 5.7+
macOS Compatibility
- macOS 13 Ventura
- macOS 14 Sonoma
- macOS 15 Sequoia