Then I run powershell.exe with EPM elevated access, and I was allowed to run powershell.exe with elevated access. I tried to run powershell.exe as administrator, and my standard user account got UAC prompt as expected. Finally dreams come true! This is Endpoint Privilege Management (EPM)! □įor a very long time, we wish we can have a “Just in time” method to allow standard users to install or run approved applications with elevated access without giving user administrator privileges. I believe many organizations understand the risk, but again why are we still giving admin rights? Hm…Because “Our developers need to install many applications”, “Some old and bad applications only work when running as elevated admin rights”, and “We don’t have enough IT to handle this kind of request”… Anyway, we know we always have some reasons, good or bad. I remember attending one of the security talks presented by the famous security expert Laiho Sami, he said “ Remove all admin rights from your device!“ I totally agreed he is 200% correct, we shouldn’t have admin rights in our devices, it’s a security risk. But before we go into details, let’s talk about what is Endpoint Privilege Management, short for EPM. I was curious about the feature, how to configure all the settings in Intune, and how it looks and works on users’ devices. If you need more details on EPM, please read more from the official doc Learn about using Endpoint Privilege Management with Microsoft Intune | Microsoft Learn The long waited for Endpoint Privilege Management is finally in public preview! This post is about my first look at this feature, so not a deep dive post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |