Blog Post

Microsoft Intune Blog
5 MIN READ

Enable Windows standard users with Endpoint Privilege Management in Microsoft Intune

Matt_Call's avatar
Matt_Call
Icon for Microsoft rankMicrosoft
Mar 01, 2023
The landscape for cyberattacks has become more complex in recent years. In 2022, Microsoft security researchers tracked a 130% increase in organizations that encountered ransomware over the last yea...
Updated Mar 02, 2023
Version 4.0
microsoft intune
FishingNotPhishing's avatar
FishingNotPhishing
Icon for Microsoft rankMicrosoft
Oct 12, 2023

GeorgeF- 

1) This depends on how the allow rule is configured.  If it uses the certificate that signed the app, then doesn't specify a version, then a new version of the same app (presuming it is signed by the same certificate), a new rule would not be required.

 

2) The only way I know would be testing.  If you allow an installer to elevate because the installer requires elevation to install, the actual app executable can be a different file.  If they are signed by the same signing cert, you can create a certificate based rule that allows anything signed by that certificate.  But you should be careful with this, as it can allow anything singned by the cert to elevate, and you may not know what other applications are signed by the same cert, and they may be dangerous to allow to elevate.