Microsoft Intune: Intune Suite - Endpoint Privilege Management on single session Azure Virtual Desktop

🚨 The Signal: Intune Endpoint Privilege Management now supports Azure Virtual Desktop single sessions. This allows granular privilege elevation for standard users on AVD, reducing the need for full administrator rights and enhancing least privilege principles.

The Impact

Security teams and AVD administrators are affected, gaining a new tool to reduce privilege escalation risks.

• Security Teams: Reduced risk of privilege escalation on AVD.
• AVD Administrators: New policy controls for user privileges.
• Standard Users: Improved experience with controlled elevation for necessary tasks.

The Action

1. Review existing AVD user privilege requirements.
2. Plan and test Endpoint Privilege Management policies for AVD.
3. Deploy EPM elevation rules to AVD single session hosts via Intune.

Domain: Intune · Impact: high · Workload: Intune · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898