Revoking elevated privileges in Endpoint Privilege Management
I found a thread from last year asking this question. When I revoke someone's elevated access in Intune Endpoint Privilege Management (removing them from the AD group linked to an Intune EPM policy) the "run with elevated access" option remains in the right click context menu. The post from last year said it can take hours for access to be removed but that the app was still in preview mode. This was over a year ago so I'm wondering if anyone from Microsoft or anyone can advise if this is now quicker or if there is a way to speed it up? We want to start a secondary proof of concept with multiple policies with different levels of access, but testing this would take so long if we're waiting 8+ hours each time we remove access. Thanks all
Endpoint Security shows clients as unhealthy and device name not shown after Update 2303
Hi together, Endpoint Security shows almost all clients as unhealthy and the device name is not shown after Update Config Manager Version 2303. Any ideas? On SCCM and Security Center everthing is working fine and displayed as normal. Thanks for support and a happy weekend to all. Peter
Replacing Win 10 Security Profile with another creates conflict
Hi all, I've created a new test profile under Endpoint Security -> Antivirus for Defender, lets call it "AV-New". I've created a new device group called TestDevices and excluded the group from the current "AV-Current" policy. So, AV-NEW assigned to only TestDevices and AV-Current assigned to All, excluding TestDevices. Checking in on my AV-New policy, I can see there is a conflict. Going to Device Status -> Selecting the Device -> Windows Defender Antivirus, I can see each setting seems to have 2 entries. (screenshots attached) Selecting a setting with a conflict, i.e. scan emails shows two profiles assigned, AV-New and AV-Current. The profiles/device has been in this state for over a week. Why is this the case, even though I've excluded the device from AV-Current? How can I remove a profile - i.e. AV-Current for this device? Thanks heaps.
When is a configuration profile not a configuration profile?!
Apologies if this has been asked here before, I'm starting to setup our endpoint security workloads as part of M365 and have found multiple points of crossover in the Intune console where precedence or differentiation isn't clear. For example, You seem to be able to describe Bitlocker settings in multiple ways: 1) Create a standard Windows Encryption configuration profile under Devices 2) Create a Device Compliance policy under Devices > Compliance Policies 3) Create a Disk Encryption policy under Endpoint Security>Manage 4) Create a Windows 10 Security Baseline under Endpoint Security>Security Baselines Am I right in thinking that 1) and 2) are the original workflows for doing 3) and 4)? So that any work I start doing now should be done in the Endpoint Security node? Does a compliance policy or security baseline actually affect the settings on a device or is it just giving you the non-compliant/compliant flag and it's the Disk Encryption and Configuration Profiles that actually change the settings on the device? Finally has anyone else noticed that when you edit a Disk Encryption policy a bunch of the settings are missing and can't be seen or changed?? Thanks in advance