ManageEngine Enhances AD360 with Risk Exposure Management, Local User MFA Features

ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, has announced the general availability of identity risk exposure management and local user MFA features in AD360, its converged identity and access management (IAM) platform. The release enables security teams to detect privilege escalation risks and secure unmanaged local accounts, two common identity attack vectors that attackers continue to exploit at scale.

Identity remains the primary attack vector in modern enterprises, as shown by Verizon’s 2025 Data Breach Investigations Report, which found that credential abuse was the initial access vector in 22 % of breaches. The report also highlighted widespread abuse of poorly managed local accounts and privilege paths across over 12,000 confirmed breaches.

“With this release, ManageEngine AD360 moves beyond traditional IAM by embedding identity threat defenses into core identity operations. By turning identity data into actionable security insights, we’re helping customers make IAM the first line of defense, not a check box,” said Manikandan Thangaraj, Vice President of ManageEngine.

While most IAM tools focus on provisioning and policy enforcement, AD360 adds risk exposure mapping via attack path analysis as well as local MFA enforcement, helping enterprises close attack paths that often go undetected. This marks a key step in identity management evolving from an access control layer into an active security control.

New Capabilities of AD360

• Identity risk exposure management: Graph-based analysis maps lateral movement and privilege escalation paths in Active Directory (AD), automatically prioritising risky configurations and recommending remediation steps. The graph engine models AD objects as nodes and privilege inheritance as lines, revealing multistep attack chains in real time, with actionable suggestions that IT teams can implement to close exposed paths.
• Local user MFA: This feature extends adaptive MFA to local accounts on non-domain-joined servers, DMZ assets, and test environments, thwarting credential stuffing and persistence techniques.
• Machine Learning-driven access recommendations: During provisioning and access review campaigns, machine learning analyses permission patterns and suggests adjustments to implement least privilege access, helping prevent excess entitlements.

Additionally, ManageEngine has enhanced AD360’s access certification module, which now includes expanded entitlements for comprehensive review coverage, and the risk assessment capabilities feature new indicators for improved identity risk monitoring across AD and Microsoft 365 environments. These enhancements are designed to streamline compliance reporting and strengthen access governance across the enterprise. The new capabilities support NIST SP 800-207 on Zero Trust architecture, align with PCI DSS Version 4.0 Requirement 8, and facilitate SOX, HIPAA, and GDPR controls.

More About AD360

ManageEngine AD360 is a unified identity platform that seamlessly connects people, technology, and experiences while giving enterprises full visibility and control over their identity infrastructure. It offers automated life cycle management; secure SSO; adaptive MFA; and risk-based governance, auditing, compliance, and identity analytics—all from a single, intuitive console.

With extensive out-of-the-box integrations and support for custom connectors, AD360 easily integrates into existing IT ecosystems to enhance security and streamline identity operations. Trusted by leading enterprises across healthcare, finance, education, and government, AD360 simplifies identity management, fortifies security, and ensures compliance with evolving regulatory standards.

For more information, please visit https://www.manageengine.com/active-directory-360/.

Read about AD360’s identity risk exposure management at https://mnge.it/riskexposuremgmt and local user MFA capabilities at https://mnge.it/local-user-mfa