This feature will be released with Admin By Request version 8.0 for Windows, coming December 12th.
There are two main reasons for enterprises to remove their users’ admin rights: one is to prevent them from installing unwanted applications on company devices, but the more important of the two is for security reasons – to prevent malware infection and spread.
History and experience tells us that malware often comes attached to unknown, ‘freebie’ applications which users download for one-off use. For example, a user who finds themself with an ISO file but no way to extract it, may do a quick Google search for a tool which will help them complete the job; download, install – and find that their system is now infected.
So how can an organization easily distinguish between which apps are safe for approval, and which should be blocked or looked at more closely? With the new Artificial Intelligence Auto-Approval feature coming soon in Admin By Request version 8.0, you can let our AI engine decide which files are safe for approval, and which should be considered potentially dangerous and handled manually instead.
AI Approval – What Is It?
Large enterprises with thousands of users need to carefully balance productivity with security – manually approving each request for elevation would consume extensive resources, as would figuring out which applications are most used and creating enormous Pre-Approved lists to cover all possibilities.
The AI Approval feature is the safer, more efficient alternative as it allows organizations to make a rule that says any applications that are popular / known / elevated frequently will be automatically approved.
Behind the Feature
The idea behind this feature came from looking at trends in our massive database of applications and concluding that most of the applications run with elevated privileges are the same across the board – and these common apps are generally safe for elevation. So, the question was, how could we use this data to help each customer?
We created a system which designates applications two scores between 0 and 100% based on both the application and its vendor’s popularity. A very well-known app from a reputable vendor (e.g., Microsoft Office) would score in the higher end of the scale, whereas a rarely used app from an unknown vendor would receive a low score.
The higher each of the scores, the more trustworthy the app is considered to be, and the less risk attached in allowing it to be automatically approved by the Admin By Request AI engine.
Very low scores (i.e., 0-1) indicate ‘exotic’ apps – rare software from unknown vendors which are much more likely to have malware attached. These exotic applications are those that you would not want to be auto-approved by the AI engine, and instead approved manually on a case-by-case basis.
How It Works
The idea with the scoring system is to allow customers to set a score of their choosing, and then enable AI Auto-Approval for every application which meets this score or higher – using the AI engine to approve applications that are very common, and therefore, likely safe.
E.g., if you set the App and Vendor scores to 10, and Enable auto-approvals for both, all applications that meet the threshold for one of the scores will be automatically approved.
Note that only one of the scores (i.e., App OR Vendor) has to be met in order for an application to be Auto-Approved, and it is possible to only have one or the other enabled for the feature to work.
Any apps that score below the set score value/s will not be AI Auto-Approved, and can be dealt with upon individual Request by users, or via Machine Learning – another new feature coming with version 8.0.
Configuring AI Approvals
Each organization can tailor the feature to suit their needs and preferences – but how do you know what to set your App and Vendor Auto-Approval scores to?
Within the Admin By Request User Portal, we’ve created a database of over 4 million known applications and their scores. This list can be used to gauge which applications have what score, and give each organization an idea of where to set their AI Auto-Approval thresholds to.
1. Navigate to Settings > OS Settings > Applications > AI Approvals and see the App and Vendor columns which show each application’s score. In the image below, the list is ordered based on highest App Score, and we can see that the top scoring applications are all well-known:
When we order the list by lowest scoring app Vendors, most of the low-scoring applications are not particularly common / unknown:
2. Configure you App and Vendor Enabled toggles and score values as desired:
Note that AI Approval will have no effect unless you have Require Approval toggled ON under Settings > OS Settings > Authorization:
3. When AI Auto-Approval is applied, you can view the App and Vendor score for the application in the User Portal Auditlog:
Like all Admin By Request features, you can set Global settings to apply to all users, and create Sub-Settings as ‘exceptions to the rule’. The same goes for AI Approvals.
A use case for a Sub-Settings could be for the IT Department who are more likely to require ‘exotic’ applications from time to time – not just the common apps used frequently by other users.
For this Sub-Setting, you could override Global Settings and set the Auto-Approve score to a lower value, e.g., 1, so that auto approvals include less-common applications. For all other users (outside of the Sub-Setting scope), the threshold would remain at 10.
Take away the manual work of figuring out which applications should be auto approved and let our latest AI Approval feature work it out for you. Get this feature and more with Admin By Request version 8.0 for Windows – coming in December.