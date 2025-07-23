ManageEngine announced identity risk exposure management and local user MFA features in AD360, its converged identity and access management (IAM) platform.

The release enables security teams to detect privilege escalation risks and secure unmanaged local accounts, two common identity attack vectors that attackers continue to exploit at scale.

Identity remains the primary attack vector in modern enterprises, as shown by Verizon’s 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22% of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches.

“With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we’re helping customers make IAM the first line of defense, not a check box,” said Manikandan Thangaraj, VP of ManageEngine.

While most IAM tools focus on provisioning and policy enforcement, AD360 adds risk exposure mapping via attack path analysis as well as local MFA enforcement, helping enterprises close attack paths that often go undetected. This marks a key step in identity management evolving from an access control layer into an active security control.

New capabilities

Identity risk exposure management: Graph‑based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically prioritizing risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multi‑step attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths.

Graph‑based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically prioritizing risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multi‑step attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths. Local user MFA: This feature extends adaptive MFA to local accounts on non‑domain‑joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques.

This feature extends adaptive MFA to local accounts on non‑domain‑joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques. ML‑driven access recommendations: During provisioning and access review campaigns, machine learning analyzes permission patterns and suggests adjustments to implement least privilege access, helping prevent excess entitlements.

Additionally, ManageEngine has enhanced AD360’s access certification module, which now includes expanded entitlements for comprehensive review coverage, and the risk assessment capabilities feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments.

These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP 800-207 on Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls.