Endpoint Privilege Management Issue

Brass Contributor

We recently tested EPM via the trial. Created the deny all elevation settings policy detailed in most of the  guides out there to deny all requests and then created Elevation rules policy for some apps to test using the hash to verify. All worked well on trial so we purchased the license for a Pilot group to test.

Now it no longer works, policy is applied to users under the report and all are licensed but I get the following error on elevation



If I change the deny all elevation settings policy to user confirmation the rules work again but this is not the behavior I experienced on the trial.  Are you still required to block all requests as part of the initial setup?



1 Reply

Hello @JamesMooney 


Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.


  • Ensure that the Endpoint Privilege Management licenses are correctly assigned to the users in your Pilot group. Sometimes, licensing issues can cause unexpected behavior.
  • Confirm that the EPM policies are being successfully applied to the devices in your Pilot group. Check the Intune console for any errors related to policy enforcement.
  • Double-check the configuration of your EPM policies. Ensure that the deny all elevation settings policy is configured correctly and is prioritized appropriately in relation to other policies.
  • Verify the configuration of your elevation rules for specific applications. Check the hash values and ensure that they match the applications you are trying to allow.

If you still having issue, Please follow the below link




If I have answered your question, please mark your post as Solved

If you like my response, please give it a Like :smile:

Appreciate your Kudos! Proud to contribute! :)