IT admins make daily, quiet decisions that determine whether an organization stays secure, compliant, and productive. They review privilege requests, security remediation actions, and high-impact configuration changes across multiple consoles. Given the growing breadth of their daily responsibilities, scattered decision points could lead to slower response times, increased risks, and make audit readiness harder to maintain.
Microsoft Intune already consolidates endpoint management into one place. And now with the general availability (GA) of admin tasks it aggregates high-impact approvals and remediation workflows, into a single, prioritized queue, giving admins a unified view of what needs action right now. Introduced at Microsoft Ignite, admin tasks brings together three essential decision points: Endpoint Privilege Management (EPM) elevation requests, Microsoft Defender for Endpoint (MDE) security tasks, and Multi Admin Approval (MAA) requests. And now, admin tasks also incorporates actions from the Device Offboarding Agent (part of Microsoft Security Copilot), currently in public preview, extending centralized decision-making to device lifecycle cleanup.
As organizations adopt Zero Trust principles and prepare for AI-assisted operations, IT teams need more automation without sacrificing oversight. As Intune expands automated and AI-assisted capabilities, admin tasks adds an oversight layer that helps ensure AI-driven recommendations remain under administrator control. Over time, additional task types will continually be integrated, consolidating even more high-impact operational decision points into a single experience.
“Admin tasks in Intune is a centralized, prioritized task view that cuts through the noise. The simplified processes boost our team’s ability to respond quickly and confidently to critical requests.” –Michael Meier, IT Workplace Design, Krones AG
Admin tasks is available in the Intune admin center under Tenant administration. The following sections outline what admins can access today.
Four ways to streamline IT operations with admin tasks
- Endpoint Privilege Management elevation requests
EPM enables standard users to run approved applications with elevated privileges without granting permanent local admin rights. In admin tasks, elevation requests appear in the same prioritized queue as other high-impact actions, so admins can review and approve requests from a single view.
Key actions to take in admin tasks: Approve or deny elevation requests, create reusable rules based on file details, or add files to reusable settings.
What EPM enables:
- Flexible elevation models: Supports automatic, user-confirmed, and support-approved workflows.
- Granular controls: Defines elevation rules based on publisher, file hash, or command-line arguments.
- Audit and compliance: Logs elevation activity for visibility, reporting, and compliance.
- Improved user experience: Helps standard users stay productive, while reducing help desk tickets and security exposure.
- Contextual risk analysis*: With EPM and Security Copilot, it enables admin tasks to surface contextual risk signals to help inform elevation approval decisions.
*Note: This capability requires Microsoft Security Copilot, get started here. Security Copilot will be included for Microsoft 365 E5 customers, roll out began for existing Security Copilot users and is continuing in the upcoming months, learn more here. EPM is also coming to M365 E5; learn more about the Intune capabilities coming to both the E3 and E5 bundle here.
Figure 1: View of granular controls for elevation requests in Intune Endpoint Privilege Management within admin tasks.
MDE requests for remediation generate security tasks that surface in the Intune admin center, when threats or configuration issues are detected on devices. Admins can track and complete security remediation work from the same queue used for other critical IT decisions.
Key actions to take in admin tasks: Mark tasks as complete or reject them, and review impacted device lists.
What MDE security task in Intune enables:
- Unified task management: View and act on security tasks from Defender in a single queue.
- Recommended endpoint security profiles: Supports new configurations for Endpoint Detection and Response (EDR) and Antivirus exclusions on Linux devices.
- Audit and compliance: Logs all task activities for visibility, reporting, and compliance.
- Integrated security settings management: Manage antivirus and EDR settings directly through Defender for Endpoint security settings management in Intune using security tasks recommendations.
Figure 2: View of Microsoft Defender for Endpoint with security tasks surfaced in admin tasks.
Admin tasks now incorporates the Device Offboarding Agent tasks. Admins can review and act on the cleanup of stale devices using the same flow used for other high-impact tasks. The preview supports Intune managed devices running Windows, iOS/iPadOS, macOS, Android, and Linux, and allows admins to disable Microsoft Entra ID objects with guided remediation.
Key actions to take in admin tasks: Download a CSV list of affected devices.
What the Device Offboarding Agent enables*:
- Routine reviews: Pre-packaged tasks reduce manual investigation and help make cleanup repeatable.
- Automated identification: Detects unused or outdated devices using automated signals across Intune and Microsoft Entra to help reduce the attack surface.
- Offboarding insights: Provides actionable recommendations and details requiring approval before offboarding.
*Note The Device Offboarding Agent requires Microsoft Security Copilot, get started here. Security Copilot will be included for all Microsoft 365 E5 customers, roll out began for existing Security Copilot users and is continuing in the upcoming months, learn more here.
Figure 3: View of potential devices identified for removal by the Device Offboarding Agent within admin tasks.
- Multi Admin Approval requests
Multi Admin Approval requires a second administrator to approve high-impact actions, such as scripts, remote actions, role changes, and device wipes before they are executed. MAA requests now appear in admin tasks, ensuring sensitive configuration changes follow a consistent, centralized review process.
Key actions to take in admin tasks: Approve or reject a request, complete a change, and add requester and approver notes for audit and compliance.
What MAA enables
- Alignment with access policies: Applies to protected configurations that require approvals, such as scripts, roles, settings, and remote actions.
- Audit and compliance: Logs all approval, rejection, and completion of activity for visibility, reporting, and compliance.
- Protection against compromised accounts: Helps ensure sensitive changes—such as script executions, device wipes, or role permission updates—cannot be performed by a single administrator.
- Contextual risk analysis*: The Change Review Agent (part of Microsoft Security Copilot) analyzes MAA script requests in context providing detailed insights on potential impact and clear recommendations.
*Note: The Change Review Agent requires Microsoft Security Copilot, get started here. Security Copilot will be included for all Microsoft 365 E5 customers, roll out began for existing Security Copilot users and is continuing in the upcoming months, learn more here.
Figure 4: View of Multi Admin Approval script requests displayed within admin tasks.
Simplify decisions and prepare for AI-assisted workflows today
Admin tasks in Intune offers a single, prioritized view to act quickly on what matters most—while building the secure foundation organizations need for agentic automation. As Intune continues to expand its AI-driven capabilities, this centralized model gives IT more control and deeper insights across the platform.
Explore admin tasks in Microsoft Intune today and see how the expanded Microsoft 365 E3 and E5 value helps organizations scale securely and confidently.
Microsoft