Protection where it matters most.

Protection for

The Endpoint

Admin By Request is built on the two core principles that form the basis of Privileged Access Management: POLP and JIT.
The Principle of Least Privilege (POLP) is the idea that users should only have the minimum privileges required on their devices in order to perform their job function; i.e., should not have around-the-clock administrator access.
JIT, or Just-In-Time access, refers to the idea of allowing users to obtain administrative access only when they absolutely need it. Once their need for elevated privileges is over, so should their admin access on the device be.

We take a layered approach to security.

At the application level, users and endpoints are protected with multiple security features.
Digital eye with a shield and keyhole as the pupil. » admin by request » admin by request

Approval Required for Access

Privileged access is dangerous, and therefore, not a given. You can configure settings so that each user request for elevated access requires approval from an IT admin before the access is provided - the first layer of defense against unauthorized access and cyber threats.

Malware File Scanning

Files downloaded from the internet are scanned by 37+ anti-malware engines before running on the endpoint. This is made possible through integration with OPSWAT's MetaDefender Cloud API. Call it the second line of security in our layered approach - or more appropriately, 37+ lines!

Audited Privileged Activity

Once approval is granted and malware checks have given the all-clear - that's not the end of the line. All privileged activity the user undertakes during an elevated session is logged in the Auditlog, which can be viewed from within the Admin By Request User Portal. Any significant or suspicious activity, such as disabling services or altering user accounts, can be flagged and alerted.

Tailor the level of protection to suit your organization.

Restriction levels for users can be adjusted to provide a level of security that suits your needs. Maximum security, or a focus on productivity?
Man explaining something on his tablet to people. » admin by request » admin by request
Restrictive Settings

You may have an Audit approaching, new compliance regulations introduced, or handle a heap of sensitive data on a daily basis. Your organization may have 200,000+ employees of varying age and skill level, who you don't want to be able to elevate at any point in time without thorough vetting of each case, or may have recently implemented Admin By Request and are still in the process of establishing the best settings for your enterprise.


With Admin By Request, you can prioritize security by applying restrictive settings, such as always requiring Approval prior to elevation, Authentication with either credentials or Endpoint SSO/MFA, and Alerts configured to ping you via email for every software install. You may only allow the most trusted apps on your Pre-Approved list, and disable AI and Machine Learning Auto-Approval altogether.

Lenient Settings

If you're big on employee-education and confident in your users' abilities, or your company is the workplace of predominantly senior staff and/or IT-minded personnel, cybersecurity may not be as much of concern (other than for meeting compliance requirements and implementing the core Privileged Access Management principles). On the other hand, let's say you've been using Admin By Request for several months and are in the process of gradually relaxing restrictions.


To prioritize productivity, you might allow elevated activity without requiring approval or a reason. Your Pre-Approval and AI/Machine Learning Auto-Approval lists will likely include a ton of applications that your users elevate regularly, and Alerts are only set up for suspicious activity.

Protection for

The Network

With a range of Administrator tools.
Admin by request dashboard on a mac. » admin by request » admin by request


The Dashboard contains a selection of widgets that provide an overview of key data, including licensing info, Auditlog activity, trending blogs, and recent alerts.

Portal Users

This page lists all users who have access to the Admin By Request User Portal, including how they log in (credentials, SCIM, etc.), and the specifics of their access.


This page holds all pending, approved, denied, and quarantined Requests for up to two weeks. It's here that IT admins can approve elevation Requests, if configured.


The Inventory page lists all of your computers, along with a ton of hardware and software info about each device, including local admins, geo location, and installed apps.

Instant Revoke

This handy feature is where it all begins: revoke all of your users' local admin rights in one fell swoop. The get to configuring settings so that users can gain admin privileges securely.

Clean Up Admins

Losing track of rogue local admin accounts is an easy thing to do. This feature provides a bird's-eye view and management capabilities for all of them across your entire network.


The Auditlog lists in detail all privileged activity, including user and session info, installed and uninstalled files, and provides the ability to undertake actions, such as scan for malware or Pre-Approve the app.


Reports cover everything from endpoints, users, and settings, to email notifications and system activity. They can be tailored to display data from a specific period, and emailed or exported as desired.

An orange hologram of menu icons in settings. » admin by request » admin by request
Global Settings

In most cases, users need admin rights to install or update software, such as Adobe Reader, Visual Studio or VPN software. The tricky part about revoking local admin rights is doing it in a way that doesn't hinder your user’s productivity, but does lock down local admin rights. That's what Admin By Request can do for you.


In most cases, users need admin rights to install or update software, such as Adobe Reader, Visual Studio or VPN software. The tricky part about revoking local admin rights is doing it in a way that doesn't hinder your user’s productivity, but does lock down local admin rights. That's what Admin By Request can do for you.

Protection for

All Operating Systems

With versions for Windows, macOS, and Linux.

Windows v8.0

A black window's keyboard with orange backlighting. » admin by request » admin by request

Admin By Request version 8.0 for Windows is out now, and jam-packed with some of our most epic features to date: Endpoint MFA/SSO, Machine Learning Auto-Approval, AI Auto-Approval, and Intune Policy Support
It’s time to get started with the most comprehensive PAM solution on the market.

We’ve also added a handy new availability feature to our mobile app: Do Not Disturb and Out of Office functions.

macOS v4.0

A tablet with the calendar open next to a mac. » admin by request » admin by request

Today, macOS holds around a 14% market share in desktop operating systems according to Statcounter Global Stats – up from 7% ten years ago.

The number of macOS devices in enterprise is increasing, and when it comes to Admin By Request local admin rights solution, we want to provide just as much protection, customization, and features for our Mac users, that we provide for our Windows users.

Version 4.0 for macOS is now live, bringing four more key features into the fold and getting the macOS feature set closer than ever before to that of our Windows solution.

Linux v2.2

A row of 6 computers in an office. » admin by request » admin by request
Think you don’t need cybersecurity solution on Linux? Think again. There’s lots to love about our latest Linux update – not least, support for Fedora 36 Linux and Red Hat Enterprise Linux 9 (RHEL9). Support for more Linux OSs coming soon!