Getting Endpoint Privilege Management working

If you are not aware yet, Endpoint Privilege Management is now available in public preview.


You can find it in under the Endpoint Security menu option as shown above.


You’ll firstly need to use the Create Policy menu option, as shown to create a policy for your environment.

Select Windows 10 and later for the Platform (only option currently available).

Select Elevation settings policy for the Profile.

Select Create to continue.


As always, give the new policy a name and select Next to continue.


The most important thing here is to ensure that the option Endpoint Privilege Management is set to Enabled as shown above.

In this case, the Default elevation response is set to Require user confirmation.

Select Next to continue.

Continue through the rest of the policy as normal, ensuring you assign this policy to an appropriate group in your organisation.


You can then select on the new policy to view it and then select View report to see the results of how the policy has been applied in your environment.

It is important to ensure your workstations are at the appropriate update level. At the moment that is:


The policy will NOT work until you are at this level.

Screenshot 2023-04-04 153526

The above shows the client I used was Win 10 22H2 Build 19045.2788.

Screenshot 2023-04-04 153056
When the policy is applied successfully to the device you will find a new directory C:\Programs Files\Microsoft EPM agent is created as shown above.

Screenshot 2023-04-04 153137

If you look inside that directory you will see the above structure.

Screenshot 2023-04-04 153323

With these files now on the device, you can right mouse click on an executable and you should now see the option Run with elevated access as shown above.

Screenshot 2023-04-04 153409

When you select that option you will now be prompted, per the policy options, to enter a confirmation as shown above.

You can find documentation from Microsoft here:

Use Endpoint Privilege Management with Microsoft Intune

3 thoughts on “Getting Endpoint Privilege Management working

  1. Bob, I am on Windows 10 Version 21H2 (19044.2364) and have not been updated since then. What do I need to do to get KB 5023773 and install it? Do I need to install 22H2? Very truly yours, Jonathan Handler


    1. Per the article, you’ll need that specific KB for your OS. No you don’t specifically need 22H2 but you need your base + that additional KB article detailed in article.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s