Microsoft Intune: Intune Suite - Endpoint Privilege Management Virtual Account Support

🚨 The Signal: Intune Endpoint Privilege Management (EPM) now allows elevated apps to run with the original user's identity, preserving user context. This enhances user experience but requires careful rule configuration to prevent privilege abuse.

The Impact

Security teams and Intune admins are affected, with a risk of unintended privilege escalation if EPM rules are not precisely configured.

• Security teams: Risk of privilege escalation if EPM rules are misconfigured.
• Intune admins: Increased complexity in EPM rule design and testing.
• End users: Improved application experience, but potential for unintended data exposure if not secured.

The Action

1. Review existing EPM policies for applications that could benefit from user context.
2. Create new EPM rules with the 'run with original user's identity' option for specific applications.
3. Thoroughly test new EPM rules to ensure intended functionality and prevent privilege abuse.
4. Update documentation for EPM policies to reflect the new configuration options and security considerations.
5. Communicate changes to relevant stakeholders, including security and help desk teams.

Domain: Intune · Impact: high · Workload: Intune · Essential Eight: Restrict Administrative Privileges, User Application Hardening · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1412, ISM-1485, ISM-1486, ISM-1507, ISM-1508, ISM-1509, ISM-1542, ISM-1585, ISM-1647, ISM-1648, ISM-1650, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1686, ISM-1688, ISM-1689, ISM-1823, ISM-1824, ISM-1859, ISM-1860, ISM-1883, ISM-1897, ISM-1898