I have been learning the ropes with MS Intune over the last few weeks. Today, I ran into an issue while setting up a device for a new staff member that required them to use specific software. However, the software only works if it’s run as an administrator.
Here I am, scratching my head, as the device is managed via Intune, which I am still learning, and I really don’t want to give the user full administration rights. So, I did some quick Googling where I came across Endpoint Privilege Management. After a little bit of reading, I knew that it would do what I wanted.
I signed into my M365 account, purchased a year’s license for the add-on, which was just over $10, and got to work. I watched a great video on YouTube that clearly explained the key points (even though it was showing the service in preview).
I began by creating the settings that would control the basic principles of Endpoint Privilege Management. You can have multiple settings that you can scope in the same way as you do policies and preferences.
Next up, I created the rules; this is where you state what you are trying to control. If it’s an application, then you need to specify the name, i.e., example.exe and the hash. You also have the option to include any child dependencies. Once again, you scope the rules as you would a policy.
Once that’s done, and you have confirmed it’s been pushed through to the device, you can test it by right-clicking on the said item, and you will need an elevated privileges option. As it currently stands, this is the only method for using this feature. Hopefully, in the future, we will see a checkbox like the “Run as administrator” option.
As this feature is still fairly new, I will write up a guide explaining the basic configuration and add it to my guides page.