Forum Discussion
JamesMooney
Nov 22, 2023Brass Contributor
Endpoint Privilege Management Issue
We recently tested EPM via the trial. Created the deny all elevation settings policy detailed in most of the guides out there to deny all requests and then created Elevation rules policy for some apps to test using the hash to verify. All worked well on trial so we purchased the license for a Pilot group to test.
Now it no longer works, policy is applied to users under the report and all are licensed but I get the following error on elevation
If I change the deny all elevation settings policy to user confirmation the rules work again but this is not the behavior I experienced on the trial. Are you still required to block all requests as part of the initial setup?
- Deleted
Hello JamesMooney
Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.
- Ensure that the Endpoint Privilege Management licenses are correctly assigned to the users in your Pilot group. Sometimes, licensing issues can cause unexpected behavior.
- Confirm that the EPM policies are being successfully applied to the devices in your Pilot group. Check the Intune console for any errors related to policy enforcement.
- Double-check the configuration of your EPM policies. Ensure that the deny all elevation settings policy is configured correctly and is prioritized appropriately in relation to other policies.
- Verify the configuration of your elevation rules for specific applications. Check the hash values and ensure that they match the applications you are trying to allow.
If you still having issue, Please follow the below link
https://learn.microsoft.com/en-us/mem/intune/protect/epm-policies
If I have answered your question, please mark your post as Solved
If you like my response, please give it a Like
Appreciate your Kudos! Proud to contribute! 🙂
- terryhugillBrass ContributorI appreciate this is old, but how do you prioritise the policies? I have the same issue. It is either all denied, or all allowed regardless of the fact that I have a file policy to allow elevation of PowerShell ISE for testing.
- terryhugillBrass ContributorI think I found the answer. The user policies are given higher priority than the device policies so it means that I should apply a deny all scoped to the device(s) and then an allow elevation policy to the users. I am testing it now.