Event banner
Limit your attack surface with Endpoint Privilege Management
Event details
Learn how to balance security and productivity by managing standard users more efficiently. Endpoint Privilege Management (EPM) in Microsoft Intune enables admins to set policies that limit the applications that can elevate, reducing attack surface, improving IT efficiency, and streamlining work for employees.
This session is part of the Microsoft Intune Suite Tech Accelerator. RSVP for event reminders, add it to your calendar, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- Ashok1996Copper ContributorI'm testing Endpoint privilege management on a few machines in a test environment. The elevation settings policy isn't deploying when "send data to microsoft" is selected, the error received mentions an "Allow Device Health Monitoring" error, but that settings is correctly deployed via configuration profiles. Also can't find any info about that in the logs. If I deselect "send data to microsoft" then the policy is deployed successfully, but in reality the app is not installed on the target devices (so no right click options about EPM).
- ShamiliinspiraCopper ContributorI'm also receiving the same error. I have tried installing the KB5022913 , KB5023733 &774 as well, but it' not helping. how to overcome this?
- Heather_PoulsenCommunity Manager
Hope you enjoy this session. What do you like about the Tech Accelerator so far? Share your feedback here in the Comments and help shape the direction of future Intune events on the Tech Community!
- Ashok1996Copper ContributorAllow Device Health Monitoring We are reciving the following error when we configure the EPM on end user devices even though user pc has a latest update as per pre-requisites what is the solution to over come this
- Drew_Bosworth750Occasional ReaderAre settings such as the ability to change your IP address covered by EPM?
- Olaf_ThyssenBrass ContributorIf you want to always allow it, just place the specific user or all potential users "Authenticated Users" to the local built-in group "Network Configuration Operators""
- Mark SilveyMicrosoft
Not specifically, but definitely on our short-term roadmap. Elevation rules can be authored for any process but realize this may not be scoped enough for this scenario.
- Ashok1996Copper ContributorStandard user elevation prompt behavior what happens tp standrad users devices ifw e configure this policy from Security baseline and set to automatically deny request does it over ride the EPM request
- Matt_CallMicrosoftUAC Behavior (what I think you're referring to here) is completely separate from EPM behavior. EPM adheres the rules/behavior you configure in the EPM policy set.
- Ashok1996Copper ContributorStandard user elevation prompt behavior what happens tp standrad users devices ifw e configure this policy from Security baseline and set to automatically deny request does it over ride the EPM request
- Matt_CallMicrosoftUAC Behavior (what I think you're referring to here) is completely separate from EPM behavior. EPM adheres the rules/behavior you configure in the EPM policy set.
- Heather_PoulsenCommunity Manager
Thanks for joining us! We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back through the end of the week. If you missed the live broadcast, don’t worry – you can watch it on demand.
And, if you’ll be in San Francisco for RSA 2023 later this month, join us at the Secure and Connected Endpoints Breakfast. - treestryderSteel ContributorWhat exactly needs to be licensed for EPM? Is the license per user, per device, per administrator?
- Joe_LurieMicrosoft
treestryder Like the rest o the Intune Suite. it's licensed per user. But EPM specifically is also able to be purchased as a stand-alone product, where you can purchase for the part of the estate that needs EPM. Check out our Plans and Pricing page for more information: Microsoft Intune Plans and Pricing
- Amjad1935Brass ContributorCan you please confirm platform version support as of today and road map for the others? ie Windows 10/11, MacOS, Linux etc...
- Matt_CallMicrosoftCheck out our doc's page for current supported platforms (https://aka.ms/IntuneEPMDocs)
- treestryderSteel Contributor
We have managed nearly everything with Intune (Intune is our local admin). So far, Visual Studio is unmanageable. This would be handy to give our developers the ability to "manage" their PCs through Visual Studio.
Can this be assigned as an intersection of a device and a user?
- Matt_CallMicrosoftToday it's possible - You can target the rules to a device to support developer workload to target those devices to allow elevation of those applications (including Visual Studio). In the future we plan on expanding our granularity allowing more complex user+device targeting/relationships.