.For many Mac admins, the ideal balance between security and productivity comes down to how you handle local admin rights on your fleet.Too much access creates risk.
Too little access creates daily annoyance.Apple has done a great job of making it so you can operate as a Standard User day to day, but there are times when local admin rights are needed.SAP’s Privileges app has been a popular way to thread that needle by letting users elevate themselves to admin status when needed, and then return to a standard user when they are done.
It gives IT teams more control while giving end users the ability to solve their own problems without waiting for a help desk ticket to be approved.With the release of Privileges 2.4, SAP is adding new tools that make it even more flexible and reliable in enterprise environments.Some of my favorite gear eufyCam 2C Upgrade your home security with wireless cameras that includes HomeKit compatibility.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021.Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi Fi, thousands of Macs, and thousands of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, share stories from the trenches of IT management, and explore ways Apple could improve its products for IT departments.What’s new in Privileges 2.4 The 2.4 release brings a handful of features that give IT teams more flexibility while tightening security.
A new initial expiration interval option lets admins set a default time limit for elevated rights before a user picks their own.If you want admin access to last 10 minutes by default but allow up to 60, you can do that now.Privileges can now queue unsent logging events if a Mac is offline.
Instead of losing syslog or webhook data, it stores events locally and sends them in order when the device is back online.This is a big win for environments that depend on complete audit trails.Over the past few years, I’ve continued to say that extracting logs from macOS is one of the key things IT teams need a handle on.
There is also an option to require biometric authentication without a password fallback.You can now enforce Touch ID as the only way to confirm admin elevation.Some of my favorite gear Abode Home Security System Abode is the best home security system and includes compatibility with HomeKit.
Support for mutual TLS in webhooks means Privileges can present client certificates when your endpoint requires them.For companies with strict webhook security, this brings enterprise grade protection.Admins can also configure a custom script or app to run before privileges expire.
This could be used to notify a user, trigger a backup, or run a compliance check before admin rights are removed.Finally, a new background daemon watches for unexpected changes to the admin group.If rights are granted or revoked outside of Privileges, it updates the interface and logs what happened.
Why is this a great update? Privileges has always been about giving users the access they need without opening the door.The 2.4 release takes that idea further with features that protect against gaps in logging, enforce stronger authentication, and help admins respond to unexpected changes.For IT teams managing large Mac fleets, these updates mean less time chasing down security issues and more confidence that elevated access is being used appropriately.
For end users, it keeps the process simple and predictable while staying out of the way until it is needed.Some of my favorite gear Aqara Smart Lock U50 Upgrade your doors with Apple Home Key and the Aqara U50.Wrap up One of the things I love most about working in the MacAdmins and Apple IT space is how much of it is built on community effort.
Privileges is open source, which means all companies can benefit from it and anyone can help make it better.It is a great example of how this industry works together to solve problems and share solutions.Those of us who have been in Apple IT for a long time remember when Apple was barely a factor in the enterprise outside of graphic design.
The fact that there is now such a strong community around managing and improving the Apple experience for IT shows how far things have come.Privileges 2.4 is another win that everyone in the Apple IT ecosystem can share and benefit from..
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day.Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop.Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
