M
Michael_Clifford
Effective management of user privileges and application lifecycles is key to enhancing IT security and efficiency in your digital estate. With the latest updates to the Microsoft Intune Suite, Microsoft Intune Endpoint Privilege Management (EPM) and Microsoft Intune Enterprise Application Management (Enterprise App Management) provide IT admins with the tools they need to simplify endpoint management and strengthen their organization’s security posture. Let’s explore some of the enhancements in EPM and Enterprise App Management and how they will benefit your IT and security teams.
With enhanced EPM and Enterprise App Management capabilities in the Intune Suite, IT admins can streamline security controls and minimize disruptions to workers’ productivity, ensuring seamless workflows and stronger security across the organization.
These features provide powerful, built-in tools for controlling user access and managing applications without the need for third-party solutions.
EPM in the Intune Suite enables IT admins to control user permissions and minimize security risks by managing when users can elevate privileges on Windows devices. The recent enhancements make the process even more efficient.
One of the major challenges with managing privilege elevations has been the manual entry of elevation rules. With this update, admins can now automatically create elevation rules directly from support approval requests or entries in the elevation report. This automation reduces the time spent inputting details manually and helps ensure consistent responses to requests. When a user requests temporary elevated access to install software, admins can now approve the request directly from the support ticket, automatically generating the elevation rule with all necessary details, ensuring quick and consistent access. Users no longer need to wait for lengthy manual approval processes for privilege elevations. With automatic rule creation from support tickets, admins can respond more quickly, providing users with the access they need without delay, improving overall productivity.
EPM now allows for more precise control by enabling administrators to specify allowed command parameters when setting elevation rules. This means that only the necessary commands are elevated while blocking potentially risky commands. For example, you can allow a specific script to run with elevated privileges but restrict other commands, enhancing security without sacrificing functionality.
EPM now also integrates with Personal Data Encryption (PDE) for Windows folders, providing an additional layer of security when managing sensitive files. This integration helps ensure that even if users temporarily gain elevated privileges, access to encrypted data remains restricted, safeguarding critical files from unauthorized access.
EPM has also expanded to support Azure Virtual Desktop single-session environments. This enhancement means that admins can apply privilege management consistently across single-session deployments, providing unified control in virtual desktop environments. Whether employees are working on individual or shared virtual desktops, the access controls for something like sensitive financial data remain consistent and secure. Additionally, EPM integrates with Windows attestation to verify the integrity of devices before granting elevation. This attestation process ensures that only trusted, compliant devices can gain temporary elevated privileges, reducing the risk of privilege escalation attacks and helping protect Azure Virtual Desktop sessions.
Enterprise Application Management, another critical component of the Intune Suite, simplifies searching, packaging, deployment, and updating of applications within your organization so you can keep your apps updated and secure. Since its introduction, Enterprise App Management has continued to evolve. With the latest enhancements, the Intune team is introducing enhanced automation for app updates, a broader selection in the Enterprise App Catalog, and streamlined processes for managing application lifecycles.
The newly introduced guided application upgrade feature allows admins to deploy updates for applications already installed through the Enterprise App Catalog with ease. Using Microsoft Graph, the system retrieves information about available app updates, including installation commands, detection rules, and supercedence settings. This new enhancement eliminates the need for manual updates, saving time and reducing errors.
We continue to expand our app catalog with more applications to ensure customers have the right tools to manage the apps that matter the most to them. The Enterprise App Catalog now includes more than 450 applications, providing IT teams with a broader selection for managing their app environments. Some of these applications also support self-updating, making it easier for admins to keep software current. Whether deploying new applications or updating existing ones, the expanded catalog offers greater flexibility and efficiency.
If your organization is already using the Microsoft Intune Suite, you can explore and implement these new EPM and Enterprise App Management features as they roll out in the coming months. Automated rule creation and guided application upgrades are currently available. These updates are crafted to simplify IT management while enhancing security, providing you with more control over user permissions and application deployments. With these updates to Endpoint Privilege Management and Enterprise Application Management, we’re empowering IT admins to focus on what matters most: maintaining a secure and efficient environment.
To learn more about how to take advantage of these new capabilities, visit the Microsoft Intune documentation.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Continue reading...
Why these updates matter for IT admins and teams
With enhanced EPM and Enterprise App Management capabilities in the Intune Suite, IT admins can streamline security controls and minimize disruptions to workers’ productivity, ensuring seamless workflows and stronger security across the organization.
- Increased automation: The automation of rule creation in EPM and guided application upgrades in Enterprise App Management significantly reduce manual intervention, streamlining IT operations.
- Granular control: The ability of EPM to control file arguments and support for Azure Virtual Desktop provides IT teams with precise management of user privileges, lowering security risks.
- Efficient app management: The expanding app catalog and automated update processes in Enterprise App Management help IT teams keep applications up to date with minimal effort.
These features provide powerful, built-in tools for controlling user access and managing applications without the need for third-party solutions.
Improved efficiency with EPM
EPM in the Intune Suite enables IT admins to control user permissions and minimize security risks by managing when users can elevate privileges on Windows devices. The recent enhancements make the process even more efficient.
Automated rule creation for faster approvals
One of the major challenges with managing privilege elevations has been the manual entry of elevation rules. With this update, admins can now automatically create elevation rules directly from support approval requests or entries in the elevation report. This automation reduces the time spent inputting details manually and helps ensure consistent responses to requests. When a user requests temporary elevated access to install software, admins can now approve the request directly from the support ticket, automatically generating the elevation rule with all necessary details, ensuring quick and consistent access. Users no longer need to wait for lengthy manual approval processes for privilege elevations. With automatic rule creation from support tickets, admins can respond more quickly, providing users with the access they need without delay, improving overall productivity.
File argument control for granular elevation
EPM now allows for more precise control by enabling administrators to specify allowed command parameters when setting elevation rules. This means that only the necessary commands are elevated while blocking potentially risky commands. For example, you can allow a specific script to run with elevated privileges but restrict other commands, enhancing security without sacrificing functionality.
Security with Personal Data Encryption in EPM
EPM now also integrates with Personal Data Encryption (PDE) for Windows folders, providing an additional layer of security when managing sensitive files. This integration helps ensure that even if users temporarily gain elevated privileges, access to encrypted data remains restricted, safeguarding critical files from unauthorized access.
Support for Azure Virtual Desktop single-session
EPM has also expanded to support Azure Virtual Desktop single-session environments. This enhancement means that admins can apply privilege management consistently across single-session deployments, providing unified control in virtual desktop environments. Whether employees are working on individual or shared virtual desktops, the access controls for something like sensitive financial data remain consistent and secure. Additionally, EPM integrates with Windows attestation to verify the integrity of devices before granting elevation. This attestation process ensures that only trusted, compliant devices can gain temporary elevated privileges, reducing the risk of privilege escalation attacks and helping protect Azure Virtual Desktop sessions.
Simplified oversight and app deployment with Enterprise App Management
Enterprise Application Management, another critical component of the Intune Suite, simplifies searching, packaging, deployment, and updating of applications within your organization so you can keep your apps updated and secure. Since its introduction, Enterprise App Management has continued to evolve. With the latest enhancements, the Intune team is introducing enhanced automation for app updates, a broader selection in the Enterprise App Catalog, and streamlined processes for managing application lifecycles.
Guided application upgrades
The newly introduced guided application upgrade feature allows admins to deploy updates for applications already installed through the Enterprise App Catalog with ease. Using Microsoft Graph, the system retrieves information about available app updates, including installation commands, detection rules, and supercedence settings. This new enhancement eliminates the need for manual updates, saving time and reducing errors.
Expanded app catalog for more choices
We continue to expand our app catalog with more applications to ensure customers have the right tools to manage the apps that matter the most to them. The Enterprise App Catalog now includes more than 450 applications, providing IT teams with a broader selection for managing their app environments. Some of these applications also support self-updating, making it easier for admins to keep software current. Whether deploying new applications or updating existing ones, the expanded catalog offers greater flexibility and efficiency.
Get started with EPM and Enterprise App Management in the Intune Suite
If your organization is already using the Microsoft Intune Suite, you can explore and implement these new EPM and Enterprise App Management features as they roll out in the coming months. Automated rule creation and guided application upgrades are currently available. These updates are crafted to simplify IT management while enhancing security, providing you with more control over user permissions and application deployments. With these updates to Endpoint Privilege Management and Enterprise Application Management, we’re empowering IT admins to focus on what matters most: maintaining a secure and efficient environment.
To learn more about how to take advantage of these new capabilities, visit the Microsoft Intune documentation.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Continue reading...