S04E12 - Microsoft Intune Suite - Endpoint Privilege Management with Special Host Matt Call (I.T)

Рет қаралды 9,390

Күн бұрын

00:00 - Intro
02:12 - Adam Gross intro
03:35 - Steven Hosking intro
04:51 - Lavanya Lakshman intro
/ lavanyal
05:40 - Endpoint Privilege Management overview
learn.microsoft.com/mem/intun...
15:19 - Trigger detections
16:04 - Elevation actions
17:28 - Automatic elevation
17:56 - User confirmed
23:57 - Support approved
27:10 - Handling child processes
29:57 - Key operational points
31:41 - EPM console
34:28 - Create elevation settings policy
learn.microsoft.com/mem/intun...
36:52 - Diagnostic and usage data
learn.microsoft.com/mem/intun...
45:52 - Create elevation rules policy
47:21 - Signature source - Certificates
54:00 - Office C2R installer
1:02:56 - New policy channel
1:05:39 - Policy conflict handling
learn.microsoft.com/en-us/mem...
1:14:09 - Wrap up
1:15:08 - Tech Accelerator: Microsoft Intune Suite
techcommunity.microsoft.com/t...
Special Guests:
Matt Call - / devicedeploy
Lavanya Lakshman - / lavanyal
Links:
aka.ms/Blog_EPM
learn.microsoft.com/mem/intun...
techcommunity.microsoft.com/t...
techcommunity.microsoft.com/t...
Visit our websites and social media for more or to get in touch with us
Steve Hosking - Microsoft MMD Team
/ onpremcloudguy
steven.hosking.com.au/
mvp.microsoft.com/en-us/Publi...
github.com/onpremcloudguy
Adam Gross - Microsoft MVP - Enterprise Mobility
/ adamgrosstx
www.asquaredozen.com
github.com/AdamGrossTX
mvp.microsoft.com/en-us/Publi...
Ben Reader - Microsoft MVP - Enterprise Mobility
/ powers_hell
www.powers-hell.com/
github.com/tabs-not-spaces
mvp.microsoft.com/en-us/Publi...
Jake Shackelford - Microsoft MVP - Enterprise Mobility
/ shackelfjaco
sysmansquad.com/author/jshack...
/ jacob-shackelford-a5bb...
mvp.microsoft.com/en-us/Publi...
Jóhannes Geir Kristjansson - Microsoft MVP - Enterprise Mobility
/ jgkps
/ j%c3%b3hannes-geir-kri...
mvp.microsoft.com/en-us/Publi...

Пікірлер: 25

@TechToTunes Жыл бұрын

When I first started with Intune, this series was what I began watching to kick it off. This specific video marks a first, though. I am actually on top of the feature (EPM / Intune Suite) that you cover prior to the video coming out! It only took 13 months hehe.

@Shloeb Жыл бұрын

Great stuff. Very detailed video. Thank you. Great job everyone.

@Tancread99 Жыл бұрын

I am really looking forward to this, it will be a big help.

@danzirulez Жыл бұрын

Was glad to hear about TS edit / read only :D haha. Gave EPM a test drive already, but could not get user groups assigned to say a set of apps I wanted to elevate for them e.g regedit, taskmgt, etc, for service desk or field staff. For their regular user account these could run elveated, but all rulles say - ALL USERS on the device...

@newsense6608 8 ай бұрын

good video, when kept to the technical aspects.

@Hans-gb4mv Жыл бұрын

Congrats on the promotion Adam, finally a job where no one knows what you do 😉. And where's the poll that Matt was going to put up, because I do agree, the default should be cancel when viewing from a security point of view! It certainly is an interesting tool and we are just in the process of looking for a tool like this as we want to start removing local admin. At least we now have a tool that can tell us how many people run something with their local admin account and how often. We can finally get an objective picture of how big our challenge will be. 😀 Also curious about what 8 seconds got removed from the video 😇

@seancornelius5507 Жыл бұрын

🔥🔥🔥

@tangyboi6420 Жыл бұрын

PLEASE PLEASE PLEASE give us an option on the base setting rule to allow for a business justification that does not auto elevate after a justification has been put in. Then throw those requests into a separate pane in EPM that us admins can review & create rules to allow once we've vetted the software. Another wish is to have an option when setting up a rule to post a toast notification saying the app has elevated. Keep up the good work.

@alazarg.3404 Жыл бұрын

Thanks guys. Great presentation. One question for Matt: on Assignment would it be better "Assigned to users groups or Devices groups"? or what difference does it have between assigned to users or devices group?

@martinzonderland1543 Жыл бұрын

Tested this feature, it's very nice and welcome. The only thing I see at this moment is that it has no relation with WDAC policies, so we have also to do whitelisting on WDAC, because it's blocked in our WDAC policy. Or it's maybe exactly what WDAC does :-)

@JessieS Жыл бұрын

Question, when the business justification is entered, where do you set who that justification goes to and where is it presented? Email or in Intune? EPM should also have Elevated Uninstall Access,. I've discovered that If you have Device Monitoring Deployed, you will need to exclude your EPM device from Device Monitoring or you would get an error in "Allow Device Monitoring" within your elevation policy.

@Hans-gb4mv Жыл бұрын

Haven't played around with it yet, but I would assume, from what I've seen, that it would go in the reporting in the EPM blade. Is that not the case?

@derekschartung7493 Жыл бұрын

Signatures are really cool. Cries in 3CX and d3dcompiler_47.dll

@mubashirjavaid Жыл бұрын

This is very good, question not sure if someone asked or not. When a request will be sent to support for application approval. Will we have approval window for support? like if they respond in 2 hours then ok otherwise request will be expire.

@samsthoughts6867 Жыл бұрын

Does anyone know how User vs Device based context will work? If i assign Users, will it apply to any enrolled device device the user signs into?

@jonathang8571 Жыл бұрын

Is Microsoft planning to include MacOS devices for their EPM at some point?

@eW91dHViZQ Жыл бұрын

There is no filtering so no capability to use a USER group if you also have BYOD in your enterprise and only want this policy to affect Corporate devices....or does EPM simply not run on BYOD enrolled devices?

@samsthoughts6867 Жыл бұрын

EPM is only supported on HAADJ or AADJ enrolled devices. WPJ is not supported which i'd assume your BYOD devices are.