ManageEngine, a division of Zoho Corporation, has announced the general availability of new identity risk exposure management and local user Multi-Factor Authentication (MFA) features for its converged identity and access management (IAM) platform, AD360. These updates are designed to help security teams detect privilege escalation risks and secure unmanaged local accounts, addressing common identity-based attack vectors.
Identity remains a primary attack vector for enterprises, with Verizon’s 2025 Data Breach Investigations Report indicating that credential abuse was the initial access vector in 22% of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches.
Manikandan Thangaraj, vice president of ManageEngine, stated: “With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we’re helping customers make IAM the first line of defense, not a check box.”
While many IAM tools focus on provisioning and policy enforcement, AD360 now includes risk exposure mapping through attack path analysis and local MFA enforcement. This aims to help enterprises close attack paths that often go undetected, marking a step in identity management’s evolution into an active security control.
Key new capabilities include:
- Identity risk exposure management: This feature uses graph-based analysis to map lateral movement and privilege escalation paths within Active Directory (AD). It automatically prioritizes risky configurations and suggests remediation steps. The system models AD objects as nodes and privilege inheritance as lines, revealing multi-step attack chains in real time with actionable suggestions for IT teams.
- Local user MFA: This capability extends adaptive MFA to local accounts on non-domain-joined servers, DMZ assets, and test environments, aiming to thwart credential stuffing and persistence techniques.
- ML-driven access recommendations: During provisioning and access review campaigns, machine learning analyzes permission patterns and suggests adjustments to implement least privilege access, helping prevent excessive entitlements.
Additionally, ManageEngine has enhanced AD360’s access certification module with expanded entitlements for comprehensive review coverage. The risk assessment capabilities now feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments. These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP 800-207 on Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls.
