Really looking forward to this. Does this only work for new program installs that require admin rights, or does it also include running an already installed program that requires admin rights to open and use? (e.g. something like Win32disk imager or RSAT - Regression Suite Automation Tool) Also, after you added the rule policy, did you change the settings policy back to deny all? As you had "require user confirmation" which you still had from previous. If you have specific apps in the rule policy, wouldn't you change the settings policy back to "deny all" so all other programs are blocked except the one in the rule policy?
Hi, to my knowledge at this early preview stage it works with new installs and any existing apps or files that require admin rights to open/run. Good spot on the settings policy I should have made it clear. Yes I switched back to deny all.
I am kind of lost, I followed your video. Everything worked on a test system I created. I made the Elevation rule. And I created a policy that worked with certificates to check if it was allowed to run the application. I had re-set the system on which I had tested this all. No I am using a different system. Its still a dell and running windows 11 with all the latest updates. I deployed the EPM rules and policy's. They all deployed successfully as shown in azure. And when I go to C:\Programfiles I can see the EPM Agent folder looking good. Somehow when I right click on installers (the same I used to test on the other device that is now wiped) the "Run with elevated access" button is just not coming up. Any ideas to what this could be? I am kind of lost!!
Hi great video! but, I cant Accept o Denied on Console a program that a user tries to install, only can run reports about how was istalled by elevated rights? Thats correct?
I also got a VM on VMWare on my Win11 machine and so far it has not taken the policy on the endpoint side, Intune shows the device succeeded but the prompt to block does not come up.
Rasmus its available as an add-on or part of the full Intune suite license. pricing was unclear at the time of recording. www.microsoft.com/en-us/security/business/microsoft-intune-pricing?rtc=1
Nice video - please keep on top of this, I expect more functionality will be added overtime
I agree, thanks
Excellent videos about EPM setup.
Really looking forward to this.
Does this only work for new program installs that require admin rights, or does it also include running an already installed program that requires admin rights to open and use? (e.g. something like Win32disk imager or RSAT - Regression Suite Automation Tool)
Also, after you added the rule policy, did you change the settings policy back to deny all? As you had "require user confirmation" which you still had from previous. If you have specific apps in the rule policy, wouldn't you change the settings policy back to "deny all" so all other programs are blocked except the one in the rule policy?
Hi, to my knowledge at this early preview stage it works with new installs and any existing apps or files that require admin rights to open/run. Good spot on the settings policy I should have made it clear. Yes I switched back to deny all.
Thank you!
Great video, thank you!
Thank you for this guide:
Must in a Co-Management Env. a Workload-Type point to Intune? I have the issue that my device is showing "not applicable"
I am kind of lost,
I followed your video. Everything worked on a test system I created.
I made the Elevation rule. And I created a policy that worked with certificates to check if it was allowed to run the application.
I had re-set the system on which I had tested this all.
No I am using a different system. Its still a dell and running windows 11 with all the latest updates. I deployed the EPM rules and policy's. They all deployed successfully as shown in azure. And when I go to C:\Programfiles I can see the EPM Agent folder looking good.
Somehow when I right click on installers (the same I used to test on the other device that is now wiped) the "Run with elevated access" button is just not coming up.
Any ideas to what this could be? I am kind of lost!!
👌🏻 Like it! 🚀
Great scenes!
Hi great video! but, I cant Accept o Denied on Console a program that a user tries to install, only can run reports about how was istalled by elevated rights? Thats correct?
Can you elevate as a different user? Say to give the IT team to run installs etc.?
Jamie, you need the right permissions which can be added to your role. Endpoint Privilege Management Policy Authoring
What reason would there be to not install this on “all devices”?
I also got a VM on VMWare on my Win11 machine and so far it has not taken the policy on the endpoint side, Intune shows the device succeeded but the prompt to block does not come up.
Great walkthrough - only thing missing would be license/ price info :)
Rasmus its available as an add-on or part of the full Intune suite license. pricing was unclear at the time of recording.
www.microsoft.com/en-us/security/business/microsoft-intune-pricing?rtc=1
so , the feature that make the user to send a request and then an admin aproves to install something still doesnt exist, right?
Correct. Still in development I believe.
🙏 thank you
Do you know from when on it will be added to the Intune suite add on and how much that costs?
jerfy try this. www.microsoft.com/en-us/security/business/microsoft-intune-pricing?rtc=1
Excellant
Thank you
la característica que hace que el usuario envíe una solicitud y luego un administrador aprueba instalar algo todavía no existe, ¿verdad?
My issue is there an error for “allow device health Monitoring” error code 6500
Great video, thanks!
Thanks