Getting Endpoint Privilege Management working

If you are not aware yet, Endpoint Privilege Management is now available in public preview.

You can find it in https://intune.microsoft.com under the Endpoint Security menu option as shown above.

You’ll firstly need to use the Create Policy menu option, as shown to create a policy for your environment.

Select Windows 10 and later for the Platform (only option currently available).

Select Elevation settings policy for the Profile.

Select Create to continue.

As always, give the new policy a name and select Next to continue.

The most important thing here is to ensure that the option Endpoint Privilege Management is set to Enabled as shown above.

In this case, the Default elevation response is set to Require user confirmation.

Select Next to continue.

Continue through the rest of the policy as normal, ensuring you assign this policy to an appropriate group in your organisation.

You can then select on the new policy to view it and then select View report to see the results of how the policy has been applied in your environment.

It is important to ensure your workstations are at the appropriate update level. At the moment that is:

The policy will NOT work until you are at this level.

The above shows the client I used was Win 10 22H2 Build 19045.2788.

When the policy is applied successfully to the device you will find a new directory C:\Programs Files\Microsoft EPM agent is created as shown above.

If you look inside that directory you will see the above structure.

With these files now on the device, you can right mouse click on an executable and you should now see the option Run with elevated access as shown above.

When you select that option you will now be prompted, per the policy options, to enter a confirmation as shown above.

You can find documentation from Microsoft here:

Use Endpoint Privilege Management with Microsoft Intune