Enterprise server access system

The invention claimed is: 1. A method comprising: receiving, by a broker component in an enterprise server, a rule set generated by an authorization server, wherein the rule set includes at least one rule with an input that is based on an action monitored by a second enterprise server for one or more first endpoint devices that control a first service for a user; receiving, by an agent component in an enterprise server, a request to perform a restricted action from a second endpoint device that controls a second service for the user, wherein the enterprise server is configured to control access to a physical location and the restricted action is access to the physical location; formatting, by the agent component, the request to perform the restricted action into a broker-formatted request; receiving, by the broker component from the agent component, the broker-formatted request; receiving, by the enterprise server, information associated with the action monitored by the second enterprise server, wherein the second enterprise server is configured to monitor an estimated location of the user; determining, by the broker component, that the second endpoint device is prohibited from performing the restricted action based on: the rule set, the information associated with the action monitored by the second enterprise server for the one or more first endpoint devices, an identity associated with the second endpoint device, and at least one past activity associated with the identity, wherein the rule set includes a rule that access to the physical location is not allowed if the estimated location of the user is more than a threshold distance from the physical location; receiving, by the agent component from the broker component, an instruction to prevent the second endpoint device from performing the restricted action; and preventing, by the agent component, the second endpoint device from performing the restricted action. 2. The method of claim 1 , wherein the rule set is managed by the broker on the enterprise server. 3. The method of claim 1 , wherein the rule set is based on a policy. 4. The method of claim 3 , wherein the policy is defined by a policy administrator. 5. The method of claim 1 , further comprising: observing, by an agent, the request from the second endpoint device; preparing an activity message based on the request; and reporting the activity to the authorization server. 6. The method of claim 1 , wherein the second endpoint device is an untrusted device. 7. The method of claim 1 , further comprising: comparing an attribute received from the second endpoint device to one or more known values; determining that the attribute does not correspond to one or more known values; and preventing the second endpoint device from performing the restricted action based on the determination. 8. The method of claim 7 , wherein the attribute is the identity. 9. The method of claim 7 , wherein determining that the attribute does not correspond to one or more known attributes comprises determining if the attribute is a member of a known group. 10. The method of claim 7 , wherein the attribute is an authentication credential. 11. The method of claim 7 , wherein the attribute is the past activity which is selected from the group consisting of an access request, an authentication activity, a network activity, and a policy violation. 12. The method of claim 7 , wherein the attribute is related to a unique device or category of devices. 13. The method of claim 7 , wherein the attribute is obtained by an agent component from an action selected from the group consisting of an enterprise server process, a session parameter and a communication activity. 14. The method of claim 1 , further comprising: generating, by the agent, a response formatted based on a protocol associated with the restricted action; and providing, by the agent, the response to the second endpoint device. 15. The method of claim 1 , wherein preventing the second endpoint device from performing the restricted action is based on a past activity associated with data associated with the restricted action. 16. The method of claim 1 , wherein preventing the second endpoint device from performing the restricted action is based at least in part on a data characteristic. 17. The method of claim 16 , wherein the data characteristic is selected from a group consisting of data content, data request location, past data request location, and data identification information. 18. The method of claim 1 , wherein preventing the second endpoint device from performing the restricted action is based at least in part on a system status. 19. The method of claim 18 , wherein the system status is selected from the group consisting of a system security state, a user defined policy, and a system processing load. 20. The method of claim 1 , further comprising: determining an amount of data accessed by the second endpoint device during a first time frame; determining that the amount of data accessed exceeds a data access threshold amount; and wherein the preventing the second endpoint device from performing the restricted action is based on the determination that the amount of data accessed exceeds a data access threshold amount. 21. The method of claim 1 , further comprising: determining a type of data accessed by the second endpoint device during first time frame; determining that the type of data accessed varies more than a threshold amount than a currently requested data; and wherein the preventing the second endpoint device from performing the restricted action is based on the determination that the type of data accessed varies more than a threshold amount than a currently requested data. 22. The method of claim 21 wherein the type of data is selected from a group consisting of a hash, a filename, and a signature. 23. The method of claim 1 , further comprising: determining a current characteristic for an endpoint device from which a second request for performing a second restricted action is received; and comparing the current characteristic with a previously determined characteristic for the endpoint device from which a first request for performing a first restricted action is received, wherein the preventing the endpoint device from performing the restricted action is based on the comparing the current characteristic with the previously determined characteristic for the endpoint device from which the first request for performing a first restricted action is received. 24. The method of claim 23 , wherein the comparison of the current characteristic to the previously determined characteristic is based on a characteristic selected from the group consisting of a device make, an operating system version, a device model, an application loaded on the device, the identity associated with the request, and a device location. 25. The method of claim 1 , wherein preventing the second endpoint device from performing the restricted action is based, at least in part, on a time restriction. 26. The method of claim 1 , wherein preventing the second endpoint device from performing the restricted action is based, at least in part, on a characteristic frequency. 27. The method of claim 1 , wherein the second endpoint device is prevented from performing the restricted action is while located in a restricted location.