Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

EPM not showing Elevation Denials in the Elevation Report

Brass Contributor

In our testing, we were expecting to see elevation denials shown in the Elevation Report - but that hasn't been our experience so far. We see successful elevations with business justification and credentials, but when the Settings policy is set to "Deny all requests" or "Not Configured", and we get an elevation denial, it doesn't show up in the report after 24 hours (over 48 hours now). 

 

I can't find anything in the docs about whether or not denials are in the reports, but I assumed they would be. Any ideas?

5 Replies
To add onto this - all of our elevation attempts are no longer being reported on. We have the Elevation Settings Policy properly configured and assigned, and we have one rule which is allowing for one app to be elevated with justification and one app to be auto-elevated. These elevations are not showing up in our reports.
We're seeing similar behavior in this implementation, as well as when the settings are explicitly enforced.
In our ticket with Intune, they also seem to be experiencing the issue, so reporting seems broken. It's certainly not showing up within 24 hours as promised. Some of our elevations are taking days or weeks to show up in reports.
Thanks for sharing this information. We're trying to test this out and this isn't a good look for Microsoft.
Denied elevations do not show up in admin reports today. You should expect to see reports for (successful) managed elevations, and unmanaged elevations (those which occur without EPM, such as if traditional Windows UAC is used to elevate to administrator).