With Endpoint Privilege Management, admins can set policies that allow standard users to perform tasks normally reserved for an administrator.
During the preview, you can enable it for free but when it will become generally available you will need to have the Intune Suite add-on.
You can configure policies for automatic and user-confirmed workflows that elevate the run-time permissions for apps or processes you select.
The Endpoint Privilege Management works on Windows 10/11 with the following requirements:
- Windows 11, version 22H2 with KB5022913
- Windows 11, version 21H2 with KB5023774
- Windows 10, version 22H2 (or later) with KB5023773
- Windows 10, version 21H2 (or later) with KB5023773
- Windows 10, version 20H2 (or later) with KB5023773
To enable it, logon to your Intune portal (https://intune.microsoft.com/) to access the Endpoint security\Endpoint Privilege Management blade
Once activated you can create the elevation policy using the Create policy
- Deploy an elevation settings policy – This policy allows to configure settings that are specific to the client but aren’t necessarily related to the elevation of individual applications or tasks. To configure this policy you will need to have the file hash which will require elevation.
- Deploy elevation rule policies – An elevation rule policy links an application or task to an elevation action. Use this policy to configure the elevation behavior for applications your organization allows when the applications run on the device.