Understanding the local diagnosing and troubleshooting options for Endpoint Privilege Management

This week is focused on creating some awareness around the EpmTools PowerShell module. That PowerShell module is available to be used to diagnose and troubleshoot issues with Endpoint Privilege Management (EPM). Besides that, it can also be used to get the required attributes directly from a file or application. The best part is that the EpmTools PowerShell module is included by default with the installation of the Microsoft EPM agent. That provides IT administrators with a set of cmdlets to easily retrieve information about the actual local configuration of the Microsoft EPM agent, including the received policies, the applied client settings, and more. This blog post will provide an overview of the available cmdlets in the EpmTools PowerShell module, followed the steps and examples for …

Read more

Working with support approved elevations

This week is all about highlighting some recent functionalities that have been introduced in Endpoint Privilege Management (EPM). The most important functionality is probably the newly supported file extensions of .msi and .ps1. That provides a larger footprint for EPM in the world of often elevated file extensions. The same experience as already known for executables. Besides that, there is more new functionality within EPM that might even be more powerful. That functionality is support approved elevations. Support approved elevations allow IT administrators to require approval before an elevation is allowed. That makes sure that when a user tries to run a file in an elevated context that the user is prompted to submit an elevation request. That request is sent to Intune for a …

Read more

Getting started with Endpoint Privilege Management

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Endpoint Privilege Management (EPM). At this moment EPM is still in preview, but once it becomes general available it will be licensed as part of the Microsoft Intune Suite. EPM enables organizations to provide standard user permissions to their users and still enable those users to complete tasks that require elevated permissions. Those tasks can include the installation of applications, updating device drivers, running diagnostics, and more. With that, EPM fits perfectly in the Zero Trust architecture of any organization. It enables the principle of using the least privilege, while still allowing users to run specifically approved tasks with elevated permissions. So, users remain productive and elevations are …

Read more