Microsoft Intune · Endpoint Privilege Management
Endpoint Privilege Reader
Views Endpoint Privilege Management (EPM) policies and elevation requests. Cannot make changes.
Scope: Read-only access to EPM
Permissions
- Endpoint Privilege Management Policy Authoring - Read + View reports
- Endpoint Privilege Management Elevation Requests - View only
- Managed devices - Read
- Organization - Read
Common use cases
- Auditing EPM policies and rules
- Viewing elevation request history
- Compliance monitoring for least privilege
- Reporting on elevation activity
Best practices
- Use for audit and oversight roles
- Assign to security reviewers without approval authority
- Combine with other read-only roles as needed