How to revoke elevation rights quickly in Endpoint Privilege Management?

Copper Contributor

We plan to use Endpoint Privilege Management for our users to get temporary rights to elevate access on their local client via my access packages. I have created 2 settings policies to achieve this: One that denies all elevations with all users assigned to and a second one that allows elevation for a specific group of users. This specific group of users is excluded from the "deny" group in the corresponding deny-policy.

When a user is in the "grant" group he/she is able to elevate, perfect. But when I remove the corresponding user from the "grant" group, it takes hours until the elevation access is revoked. Any ideas what I can do to speed up this? Sometimes, a reboot helps, but not always.


Thanks for your support!

2 Replies
Hi Samuel,

That’s expected behaviors for now, you might be luck if takes few hours, I have seen it taking few days. The feature is still in preview and may improve in the future.

yep 4.... hours ... not the 8 hours that we could get with the default intune sync...but with the mmpc sync we got 4 hours :)