A new mode for MACD of explicit items in the Console. This "Dual Authorization" or "Secondary Approval" would be a Global setting for the creation/deletion/change of any EndPoint (note, in order to turn it off, the secondary would have to approve too). This could also extend to creation of services on flagged EndPoints.
The reason this is significant is that...
- Some endpoints may be critical to operation or security and changes to their capabilities would affect a large group of people.
- Addition of a new endpoint to a system could give a malicious user/device the ability to infiltrate a secure network.
- If Global "Dual Authorization" mode is on, an endpoint can be created/deleted, but a secondary admin must approve of the creation/deletion.
- When creating an EndPoint, a checkbox appears that states "Require Dual Authorization for Changes". This would mean that any changes to services, appwans, or endpoint associations on this EndPoint must have a secondary admin approval for the change to take effect.
- When creating an AppWAN, a checkbox appears that states "Require Dual Authorization for Changes". This would mean that any changes to associated EndPoints or EndPoints groups in/out of attachment to the AppWAN would require secondary admin approval for change to take effect.