Contact Us Free Resources Atlas Login
Become a Member
Insights
Training
Mary Jo Foley’s Blog
CIO Blog
Lane’s Lens
Contact Us
Free Resources
Advisory
About Us
Search
Become a Member

Updated: October 14, 2024 (October 14, 2024)

  Sidebar

EPM Infrastructure Limited for Now

My Atlas / Sidebar

330 wordsTime to read: 2 min
Wes Miller by
Wes Miller
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

The current version of the Intune Endpoint Privilege Management (EPM) add-on service supports elevation of individual executable files, MSI-based installers, and PowerShell scripts. In the latter scenarios, the host processing the installer or script is elevated, not the MSI or PS1 file itself. (Note that EPM does not support elevation of WSH scripts or any other arbitrary file types; it supports only the three file types listed above.)

EPM requires that administrators specify the individual file to be elevated, and the digital certificate used to sign that file can also be applied to the rule to ensure that the executable file has not been modified or compromised since it was approved (the digital signature must also match in order to run).

The approach to elevate applications can be assigned in each rule: 

  • Automatic, in which no UI is shown to the user and the operation happens transparently
  • User acknowledged, in which the user must approve the elevation (most users will likely

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now

Not a member but want to see the full content? Contact us.