Support Approved Elevations for Microsoft Endpoint Privilege Management (EPM)
Вставка
- Опубліковано 1 тра 2024
- In this video I walk through how to setup Support Approved elevations as the latest feature added to Microsoft Endpoint Privilege Management. You will find content for setting up and testing Support Approved settings within Microsoft Intune and view the results for a deployed user.
Your reference points for this video include:
1 - Microsoft - learn.microsoft.com/en-gb/mem...
2- Rudy Ooms for EPM deep dive - call4cloud.nl/2024/03/do-not-...
Andy Jones is a Microsoft Technical Architect at BT and Organiser at CloudManagement.Community. He's on Twitter @Andy_69Jones. Any views or opinions expressed here are his own. - Наука та технологія
Great video and explanation 👍
Hello, thank you for the clear explanation. In our case, all our end users have admin access to their computers. Will this process work to prevent users from installing unauthorized applications on their computers?
support approved elevations alone won’t prevent unauthorized installations of applications. with local admin accounts, users can still install applications outside of the Intune-managed process. You can look at using Intune App Control though to help prevent undesired apps from running on managed Windows devices by managing allowed apps through the Windows ApplicationControl CSP
Nice video, but I couldn't see any difference between the default policy and the specific app policy, they looked the same at the end user level and back in Entra Endpoint.
Also, does this work for apps that have already been installed but still require an admin to *run*?
Thanks 👍🏻
Thanks for the feedback. In my tests it shows the 2 different ways of using support approved. But the experience comes down to the combination of the default settings together with app rules. If the default is set to deny approval but app rule has support approved set then only apps with these settings will receive elevated requests. Hopefully that makes sense
Should work for existing apps assuming the device meets the pre-reqs
Nice one, thanks for the quick reply.