Forum Discussion

AaronDurber's avatar
AaronDurber
Copper Contributor
Feb 06, 2025

Blocking Installation of Software via Intune

Hi We are trying to block users installing software and browser apps once a device is set up. Can we do this via a configuration policy in Intune or do we need a third party app or do we need to inc...
Intune
mobile device management (mdm)
rahuljindal's avatar
rahuljindal
Bronze Contributor
Feb 07, 2025

How are the users to install themselves? Do they have admin rights?

  • Joseph Kilonzo's avatar
    Joseph Kilonzo
    MCT
    Mar 01, 2025

    Standard users are not allowed to have the admin access rights to control what or the applications to run on their computers, only the admins are entitled to do that unless PIM is deployed for certain users.

    Also adhering to the practice of least privilege and zero trust across the organization for security purpose.

    • Jerome Wink's avatar
      Jerome Wink
      Copper Contributor
      May 30, 2025

      That's not really true and that's the problem.  Chrome Browser and other applications can install "User-based" and in doing so bypass the administrator requirements.  I get that this calls into question the symantics of what "installed" is as it's not installed to the system.  But It registers to add/remove programs if I remember correctly so I consider that "installed".

Resources