Microsoft Intune · Endpoint Privilege Management
Endpoint Privilege Manager
Manages Endpoint Privilege Management (EPM) policies in the Intune console. Full control over elevation rules and requests.
Scope: EPM policy and elevation request management
Permissions
- Endpoint Privilege Management Policy Authoring - Full CRUD + Assign + View reports
- Endpoint Privilege Management Elevation Requests - Modify + View
- Managed devices - Read
- Organization - Read
Common use cases
- Creating EPM elevation rules
- Approving/denying user elevation requests
- Managing support-approved elevations
- Configuring default elevation behavior
Best practices
- Assign to security team managing least privilege
- Document elevation rules and business justification
- Review elevation reports regularly
- Use with file hash rules for known applications
Security considerations
- Controls which apps can run with admin rights
- Can approve elevation requests for any user
- Elevation rules affect device security posture