Using MacOS + Admin Approval (aka Application Launch + Challenge)

NOTE: See the Endpoint Policy Manager for Mac and Admin Approval video for an overview of this section.

You might want users to only be able to run applications (normally or those which require admin rights) only when approved. With the Admin Approval function you can do just that.

Refer back to the Application Launch section earlier and make a matching rule. For instance, you might want to make a matching rule for Firefox Browser.  You may need multiple rules if a product has multiple executables.

![A screen shot of a computer

Description automatically generated](/img/product_docs/endpointpolicymanager/endpointpolicymanager/mac/using_macos_admin_approval.webp)

![A computer screen with a screen showing a login page

Description automatically generated](/img/product_docs/endpointpolicymanager/endpointpolicymanager/mac/using_macos_admin_approval_1.webp)

NOTE: The Endpoint Policy Manager Least Privilege Admin Approval tool for Windows must be used to perform approval requests.

The following options are honored in the Mac (and Windows) client:

![A screenshot of a computer

Description automatically generated](/img/product_docs/endpointpolicymanager/endpointpolicymanager/mac/using_macos_admin_approval_2.webp)