Microsoft Intune: Intune Suite - Support approvals can now be requested by non-primary users of a device.

🚨 The Signal: Intune Endpoint Privilege Management now allows non-primary device users to request elevated privileges. This expands who can initiate support approvals, potentially increasing the attack surface if not properly managed.

The Impact

Security teams and Intune administrators are affected by an increased risk of privilege escalation if policies are not updated for non-primary user requests.

• Security Teams: Increased risk of privilege escalation if policies are not granular.
• Intune Administrators: Need to review and update Endpoint Privilege Management policies.
• End Users (non-primary): Can now successfully request elevated privileges, improving productivity.
• Compliance Officers: Must verify privilege management policies align with 'least privilege' principles.

The Action

1. Navigate to Microsoft Intune admin center > Endpoint security > Endpoint Privilege Management.
2. Review existing Elevation Rules and Elevation Settings policies.
3. Identify policies that grant 'support approved' elevations and assess their scope.
4. Modify or create new Elevation Rules to explicitly define which non-primary users or groups can request elevations and for which applications.
5. Implement 'Automatic' elevation types where possible to reduce reliance on 'support approved' requests.

Domain: Intune · Impact: high · Workload: Intune · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898