Zero Trust Access Management Platform Frequently Asked Questions

CyberQP currently supports the entire Microsoft stack, including Microsoft Active Directory, Microsoft 365, Microsoft Entra ID, and Microsoft Windows Local Accounts.

CyberQP does not directly integrate with RMMs and MDMs but includes pre-built deployment scripts for the CyberQP agent for the most popular RMMs, including ConnectWise Automate, DattoRMM, NinjaOne, N-Able RMM and N-Able N-Central as well as Microsoft Intune MDM. PowerShell and Command Line scripts are also available to be used with Group Policy and any other RMM or MDM platform.

CyberQP provides its own Technician Vault to store privileged credentials and also integrates with the Password Vaults for IT Glue and Hudu Documentation Systems.

Our knowledge base includes detailed step-by-step guides for setting up and configuring 3rd party integrations here. 

CyberQP currently integrates with ConnectWise PSA, Datto Autotask PSA, and Halo PSA.

Currently, end-user identity verification, sending a password reset link, manual password resets, unlocking accounts, and enabling/disabling an account are available for end-user accounts within the QDesk PSA integrations. More capabilities will be added in the future to add additional functionality.

Passwords and credentials are stored in CyberQP’s encrypted Technician Vault and optionally stored in password vaults for IT Glue or Hudu if these integrations are enabled.

Privileged Account passwords can be scheduled to automatically rotate as often as every day or can be configured to rotate in any number of days up to every 1 year.

Yes, QGuard can rotate both Windows Service accounts and Scheduled task passwords. After rotating a password for a Windows Service account, CyberQP will locate the windows service, update the password, and restart the service to ensure the change is processed. For Scheduled tasks CyberQP will locate the scheduled task and update the password.

CyberQP QGuard can rotate any Microsoft Active Directory, Microsoft 365, Entra ID, or Windows Local Account that you specify.

CyberQP is currently developing a Chrome Extension to access Just-in-Time access and, later on, any credential in the CyberQP Vault with an estimated release of Q3/Q4 2025.

QDesk Endpoint Privilege Management allows technicians to choose to elevate a single process or an end user with local admin rights.

Yes, QDesk Endpoint Privilege Management can both detect all the local administrators on an endpoint, in addition to the current UAC settings, and also remove local admin rights and enforce stricter UAC settings.

QGuards Passwordless Technician login works for Windows endpoints, including Windows Servers and workstations.

Yes, QGuards Passwordless Technician login includes number matching MFA that is registered with the QTech mobile app that runs on iOS and Android.

Yes, QGuard Passwordless Technician logins by default use Just-in-Time accounts for a seamless experience when logging into Windows Endpoints. When logging into Microsoft 365 or Entra ID, you can leverage Temporary Access Passwords, OTP, or Microsoft Authenticator Passwordless login flows.

Yes, in order for a technician to use Just-in-Time Access, a policy must be created that allows the technician to use a Just-in-Time account with a specific customer, a specific account type, the privileges allowed, and the time frames permitted.

Yes, passwords for Just-in-Time accounts are rotated after every use.

CyberQP offers multiple methods to verify the identity of an end-user contacting the service desk, including sending a 6-digit code via SMS and Email or sending a push notification via the CyberQP mobile or Microsoft Authenticator mobile app.

QDesk Self-Serve Password Reset app includes the ability for an end-user to reset their password, unlock their account, and be notified before their password expires.

Yes, CyberQP offers compliance framework control mappings to a number of frameworks, including CIS V8, CMMC 2.0, ISO 27001:2022, NIST 800-53, SOC2, and HIPAA.

Standing Privilege refers to admin accounts that are always enabled, even when not in use. These accounts provide persistent, always-on privileged access. 

• Active Directory Domain Administrator Accounts
• Entra ID Global Administrator Accounts
• Windows Local Administrator Accounts

JIT Privileged Access is a use case of Zero Standing Privilege. It involves creating admin accounts on the fly with the least privilege necessary for the job and disabling them when not in use. Typically, this includes: 

• A reason for access 
• A time frame for access 
• The least privilege necessary to perform the task 

• Rotate passwords frequently 
• Enforce Multi-Factor Authentication (MFA) with device registration 
• Minimize the number of accounts with standing privilege 
• Implement the principle of least privilege 
• Use dedicated privileged accounts for each technician 
• Avoid shared accounts where possible 
• Maintain a process to grant/revoke privilege access 
• Keep an inventory of all privileged accounts 

Eliminate Local Admin Rights Without Sacrificing Productivity: By removing always-on local admin privileges from endpoints while allowing just-in-time, policy-controlled elevation, Endpoint Privilege Management dramatically reduces the attack surface for malware, ransomware, and insider threats, without disrupting users’ ability to perform legitimate tasks.

The Principle of Least Privilege (PoLP) ensures that users are granted the minimum levels of access necessary to perform their job functions. 

Just-in-Time Accounts are created and provisioned on-demand when technicians need them, utilizing leading-edge security measures and eliminating standing privilege. 

MSPs can automate tasks and manage privileged, admin, and service accounts across various environments to enhance security and efficiency. 

QGuard Privileged Access Management (PAM) eliminates standing privileges and reduces attack surfaces while streamlining access. Technicians are granted just-in-time access without the need for standing privilege or credentials access. Break-glass and shared accounts are automatically rotated to prevent static credential risk. PAM also helps IT teams identify and uncover account-related risks such as unused, misconfigured, or over-privileged accounts, enabling proactive access control and automation to help your security posture.

End to End Help Desk Automation helps MSPs eliminate their most costly help desk tickets and empowers technicians of all skill levels to resolve tickets quickly. 

Organizations can gain full transparency into privileged accounts, including account creation, disabling, deletion, and password changes. 

Self-Service Password Reset enables end users to quickly, easily, and securely reset their passwords, potentially eliminating up to 95% of password reset tickets. 

Cyber Grade Vault allows IT teams to store, share, and access sensitive credentials with strict permissions and audit log tracking.