Mosyle’s Admin On‑Demand is unique first for being created only and exclusively for macOS leveraging Apple’s modern Endpoint Security API. Second, it’s the only solution specially offered for K‑12 to solve one of the biggest dilemmas on the IT world: should users run as Admin or Standard on their Macs?
Mosyle’s Admin On‑Demand offers the perfect balance by ensuring users are running with Standard privileges while giving them a safe way to access temporary Admin privileges when they really need it.
Admin accounts are the pie‑in‑the‑sky targets for hackers because once a device is compromised, they gain the ability to perform all actions available to an Admin, such as adding or managing other users, accessing files, installing apps and more.
We estimate that within a school environment, users will have a justified need for Admin privileges on their Macs for less than 5 minutes a month. Yes, A MONTH.
But because of those few minutes, such as when an app needs to be removed, users are granted Admin privileges for hundreds of hours a month, creating a massive security risk.
Mosyle Admin On‑Demand will completely eliminate this risk by keeping all users as Standard while maintaining total usability by letting the users quickly and safely request temporary escalation.
Based on customized options, Mosyle’s Admin On‑Demand will constantly monitor all enrolled Macs and automatically and silently convert any identified Admin users into Standard users so no one, the users or IT Admins, need to do it manually.
Anytime a user requests an escalation period on their Macs, Mosyle’s Admin On‑Demand will also automatically convert the user back to Standard at the end of the specified period, ensuring that the privilege removal is never forgotten and the Macs are always protected and compliant.
Mosyle’s Admin On‑Demand will keep detailed records for all privilege related activities so IT Admins and Information Security professionals will have total visibility for audits or investigations of all privilege escalations for each user and device.
Admin On‑Demand will also request the user to provide a justification for each time admin is requested, helping with an appropriate understanding of the context and reasons for the escalation.
Finally, during the period when the user is running as Admin, Mosyle will capture system logs to provide detailed information of all relevant actions performed during the escalation.