From admin to standard user with Endpoint Privilege Management

1. Yes. See https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview#requirements
2. Not today, however, users always have the power to change the time zone (assuming you haven't forced a specific time zone by policy or enabled auto time zone detection by policy).
3. Approvals are covered in detail at Use EPM support approvals for file elevation requests with Intune | Microsoft Learn. Approvals are per request. There are no built-in notifications today to alert an admin of a pending approval request. See https://learn.microsoft.com/en-us/mem/intune/protect/epm-support-approved#manage-pending-elevation-requests.
4. Dano or Don can better answer this, however, resource usage impact is minimal to my knowledge as the agent doesn't really do much processing wise except watch for process launches and process them.

Glad you liked it and see you next time!👋

Once a rule is created, it will stay on the device until the policy is no longer assigned. The rule is only used when the elevation of the process is needed.
Would you mind sharing your use case for time sensitive rules?

Endpoint Privilege Management isn't for process run blocking, per se. You might want to look at App Control for Business < Manage approved apps for Windows devices with App Control for Business policy and Managed Installers in Microsoft Intune | Microsoft Learn > for determining conditions where apps should run or not.

Sorry, not fully understanding the question here and it's not really specific to this session either. However, are you referring to scripts already in production use that are unsigned? There is no way for the PowerShell execution policy to discriminate between when the scripts were put into production. The execution policy will apply to all scripts otherwise it's more or less useless, IOW, it's an all or nothing proposition otherwise it's meaningless. Is there reason you can't go back and sign your "venerable" scripts? This is the recommended path forward (along with setting the Execution Policy to All Signed and enabling constrained language mode.

Let's flip that around... if the certificate has been compromised, you should be able to update your reusable object or just remove the rule. 

There is a dedicated Remote Help session later this week - Thursday, March 6, 10:00 AM PST
Secure helpdesk support using Intune Remote Help - 

Not the subject of this session, but this is something under deep investigation currently and we intend to add at some point (although that's not a guarantee or commitment). There's nothing additional share though on possible timelines or delivery expectations.

Check out the session linked to by Dano as well for more info.

In your settings policy, make sure you're collecting elevations data. Then, after about 24 hours, you should start to see data in your EPM reports.

Yes. There are no additional steps required.

Yes. See https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview#requirements

The most specific rule will win: For more information on policy conflict: Configure policies to manage Endpoint Privilege Management with Microsoft Intune | Microsoft Learn