Revoking elevated privileges in Endpoint Privilege Management
I found a thread from last year asking this question. When I revoke someone's elevated access in IntuneEndpoint Privilege Management (removing them from the AD group linked to an Intune EPM policy) the "run with elevated access" option remains in the right click context menu. The post from last year said it can take hours for access to be removed but that the app was still in preview mode. This was over a year ago so I'm wondering if anyone from Microsoft or anyone can advise if this is now quicker or if there is a way to speed it up? We want to start a secondary proof of concept with multiple policies with different levels of access, but testing this would take so long if we're waiting 8+ hours each time we remove access. Thanks all
EPM Service Account Breaks User Context In Apps
Hi, I am working with a customer who is wanting to make use of EPM for their developer team to run some applications with elevated permissions. They have noticed that when elevating certain applications with EPM that a service account is used (see MEM\AzureAD_AdeleVance_$ below), which therefore runs the app with a new user profile, removing things like user preferences, context and also breaks some apps that rely on domain permissions/credentials. From my testing, this service account only seems to be used by EPM when elevating already installed applications, not application installers. Is this by design and is there a possible workaround that avoids EPM using this service account?
