Published: Apr 09, 2024
Key Takeaways:
- Microsoft’s Intune Endpoint Privilege Management now offers a new support-approved elevations capability.
- This release lets standard users request temporary administrative privileges for specific tasks or applications.
- The new support-approved elevations feature ensures greater flexibility for end-users while maintaining security protocols.
Microsoft has introduced a new support-approved elevation feature within its Intune Endpoint Privilege Management solution. The new capability allows standard users to request temporary administrative privileges for specific tasks or applications.
Microsoft Intune Endpoint Privilege Management (EPM) is a solution that enables organizations to give end users the ability to complete tasks that require elevated privileges. These tasks include updating device drivers, application installs, and running Windows diagnostics. This service helps administrators to ensure that a broad user base is running with the least privileges. Endpoint Privilege Management is available as an add-on to Microsoft 365 subscriptions that include Microsoft Intune.
Previously, IT administrators were required to set up elevation rules for the most commonly used applications within their organizations. However, when end-users requested special permissions to access applications for which predefined rules had not been configured, their requests were automatically rejected. Consequently, they were forced to file a help desk ticket to proceed with the request.
According to Microsoft, the new feature allows IT admins to request support approval directly from the app’s context menu if a standard user wants to perform a task that requires elevated privileges. However, end users will be required to provide a justification and validate their identity before submitting the request. It will be up to the IT admins to approve or deny the request depending on the justification.
“Windows standard users can request approval to elevate an application that has no existing privilege elevation rule associated with it. Support-approved elevations require Intune administrators to review elevation requests on a case-by-case basis. The Intune administrator approves or denies the request, allowing the end user to proceed when deemed appropriate,” Microsoft explained.
Microsoft notes that administrators can manage support-approved elevations via the Microsoft Intune admin center. They can access detailed information about the elevation request, including user details, application name, and business justification.
Additionally, the Endpoint Privilege Management reporting capability can be used to track applications for which users are frequently requesting approved elevation requests. If you’re interested, you can request a free trial of Microsoft Intune Endpoint Privilege Management on this page.