@Mhedrick439 

 

No, unfortunately this is not possible.
If the app only has permissions in one folder, you could try to give the users rights to the folder, but usually the apps also need access to the registry etc., so unfortunately this isnt a solution.

But there are tools with which you can do this, e.g. in Intune there is the Endpoint Privilege Management. With this it is possible, for example, to allow certain exe files so that a normal user can execute them as admin.

Here is the documentation

https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview

but the whole thing is only available in the Intune Suite license or as a separate addon license.

The alternative would of course be to put the software cleanly into Intune so that the users get the update via the Company Portal, which is very time-consuming I know we have the same problem with us.

We have also implemented LAPS and some users, e.g. users from development, can independently read out the LAPS password to install apps as admin.

Hi,

Do you have some examples of applications, that you have in your enviroment?

It is time consuming to update apps manually through Intune. However, there is multiple options available.

EPM (Endpoint Privilege Management) is available, but has some limitations at the moment, with this add-on you can remove local admin rights from the users.

https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview

Enterprise app management is also available, which can keep your 3rd party applications updated. The catalog is limited at the moment, but I believe it will be expanded quick :)

https://learn.microsoft.com/en-us/windows/client-management/enterprise-app-management

I would definitely recommend you to test out the Intune suite, it has a lot of great features available.