Event banner
Event details
153 Comments
- When I try to apply Endpoint Privilege Managment to my device it says Not applicable. I meet all the requirements and it doesn't apply at all. Any Idea what can cause this issue?
JaminAlmondMicrosoft
Did you configure your default elevation settings to "deny all request"? I've seen this happen when you have settings policy set to deny all and you don't have an EPM policy targeting an application. https://learn.microsoft.com/en-us/mem/intune/protect/epm-policies#about-windows-elevation-settings-policy- I have it set to Require User Confirmation, Business Justification and send elevation data for reporting "Yes". We only have Windows 10 devices. So not sure if it's a Windows 11 only policy or if I have to create another policy to have Applicable instead of Not Applicable.
- How does App Management deal with installations that require reboot? We don't want a bunch of angry end users whose devices rebooted in the middle of a call because an application got an update installed.
- Heather_Poulsen
Community Manager
Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 03:00.
- Rachelle_Blanchard
Moderator response: This question was answered live. Please refer to the session recording for the response.
Hi. Really looking forward to all these new capabilities. About App Management and updates, Will the Advanced App Management solution only be able to update apps coming from the new catalog? What if I have deployed Adobe Reader as a win32app. Will it be able to update this?
On a sidenote: Is Defender for Endpoint a requirement for Advanced App Management?Hello! On a recent video with Intune.Training, Matt Call mentioned a new Intune policy channel / pipeline that EPM is the first to use. Do you have any more information/docs/etc on this new channel/pipline and perhaps future plans for it? Thanks for the great work!
How to revoke elevation rights quickly in Endpoint Privilege Management?
We plan to use Endpoint Privilege Management for our users to get temporary rights to elevate access on their local client via my access packages. I have created 2 settings policies to achieve this: One that denies all elevations with all users assigned to and a second one that allows elevation for a specific group of users. This specific group of users is excluded from the "deny" group in the corresponding deny-policy. When a user is in the "grant" group he/she is able to elevate, perfect. But when I remove the corresponding user from the "grant" group, it takes hours until the elevation access is revoked. Any ideas what I can do to speed up this? Sometimes, a reboot helps, but not always.
Thanks for your feedback!
- Heather_Poulsen
Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 08:55.
- Any build-in methods to import/export tenant profiles? Currently can only duplicate select configuration profiles. However, testing and production tenant maintenance gets complicated pretty quickly.
- Is there a way to force Intune to only enroll iPads (BYOD). The only thought I had was a conditional access policy, using a device filter with negative operators (because they are unknown device, not enrolled in AAD). However, it seemed to only work for a few days, and now my test iPhone and another users iPhone are requiring enrollment into Intune.
- Is there plan to implement the ability to locate Android and iOS devices like Miradore MDM can? We have a lot of remote users and utilize this feature fairly often to track orders.
With the new capability to ‘Block device use until required apps are installed if they are assigned to the user/device’, are there any plans for features to stop specified required apps from being installed during the Autopilot process completely.
For example, an app that is required on the device, but not necessarily straight away when the user starts using it.
By blocking certain apps from installing during the ESP process, the Autopilot process can be sped up, whilst ensuring apps that are required straight away will be installed during the ESP process, whilst leaving apps that are required, but not immediately to come down when the user starts using the device.
- Could I get some clarity on whether the ability to run Proactive Remediations on Windows endpoint will be part of the Advanced Endpoint Analytics feature set or whether it will be part of Intune Plan 1
- Heather_Poulsen
Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 14:15.
- Zach DvorakHey Tyler, you can find more info about Proactive remediations license requirements here: https://learn.microsoft.com/mem/analytics/proactive-remediations#licensing.
