Intune Endpoint Privilege Management Requires Add-on Licenses

• Intune EPM lets users run applications that require administrative privileges like software updates and other legacy applications.
• EPM can minimize the security risks of legacy applications by running only specific applications with elevated privileges as needed.
• Many organizations may find EPM too limited and will decide to wait for future updates to the service.
• Customers can license users for EPM with a stand-alone add-on or through the Intune Suite.

Intune Endpoint Privilege Management (EPM) is an add-on feature for Intune that allows legacy Windows applications to run with elevated privileges without requiring a user to sign in as an administrator. Elevating privileges for individual applications is more secure than granting users administrative rights. Microsoft is addressing a management gap that is currently filled by established market leaders in the hope that Intune customers will choose to add EPM to their existing licensing rather than pay for a third-party solution. Intune’s EPM as shipped will need additional features and development by Microsoft to scale in the enterprise without either increasing user friction or reducing security.