Endpoint Privilege Management

Question 1

What is Endpoint Privilege Management (EPM) ?

Answer 1

solution to allow organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges

Question 2

On which 2 OS can you use EPM?

Answer 2

Windows 10
Windows 11

Question 3

3

What are the EPM licensing prerequisites ?

Answer 3

• Intune Plan 1 minimum
• stand-alone license that adds only EPM,
• OR Microsoft Intune Suite

Question 4

What are the EPM prerequisites ?

Answer 4

• Microsoft Entra joined or Microsoft Entra hybrid joined
• Microsoft Intune Enrollment or Microsoft Configuration Manager co-managed devices
• Supported Operating System

Question 5

What are the 3 steps to complete the EPM configuration ?

Answer 5

1. License Endpoint Privilege Management
2. Deploy an elevation settings policy
3. Deploy elevation rule policies

Question 6

what is an elevation settings policy ?

Answer 6

activates EPM on the client device

Question 7

what is an elevation rule policies ?

Answer 7

links an application or task to an elevation action.
policy to configure the elevation behavior for applications your organization allows when the applications run on the device

Question 8

What is the purpose of the right-click context menu option when EPM is activated?

Answer 8

To check elevation rules policies for matching to determine file elevation to run in an administrative context

EPM stands for Enhanced Protected Mode.

Question 9

Fill in the blank: When EPM is activated, the right-click context menu option checks the device’s _______ to determine file elevation.

Answer 9

[elevation rules policies]

Question 10

What are the three types of elevation behavior in EPM?

Answer 10

• Automatic elevation rules
• User confirmed rules
• Support approved rules

Question 11

How do automatic elevation rules function?

Answer 11

They automatically elevate applications without user input

These rules can significantly impact the security posture.

Question 12

What is required for user confirmed rules to work?

Answer 12

End users must acknowledge the elevation through a context menu

This adds an extra layer of protection.

Question 13

What must end users do for support approved rules?

Answer 13

Submit a request to approve an application

An administrator must approve the request before elevation can occur.

Question 14

True or False: User confirmed rules do not require any additional user input.

Answer 14

False

User confirmed rules require users to acknowledge the elevation.

Question 15

Fill in the blank: EPM allows users without administrative privileges to run processes in the _______ context.

Answer 15

administrative

Question 16

What is the purpose of Windows elevation settings policy?

Answer 16

To enable Endpoint Privilege Management on devices.

Question 17

What happens when EPM is disabled on a device?

Answer 17

The client components immediately disable, with a delay of seven days before complete removal.

Question 18

What is the default elevation response for elevation requests of unmanaged files?

Answer 18

Deny all requests.

Question 19

Under what condition does the default elevation response take effect?

Answer 19

No rule exists for the application AND the user explicitly requests elevation.

Question 20

What happens if no setting is delivered for the default elevation response?

Answer 20

The EPM components fall back to their built-in default, which denies all requests.

Question 21

What does requiring user confirmation entail in the context of elevation requests?

Answer 21

Validation options must be set when this response is defined.

Question 22

What validation options are available when user confirmation is required?

Answer 22

• Business justification
• Windows authentication

Question 23

Fill in the blank: The default elevation response is not configured by _______.

Answer 23

default

Question 24

True or False: The option ‘Require support approval’ allows an administrator to approve elevation requests without a matching rule.

Answer 24

True

Question 25

What is the purpose of profiles for Windows elevation rules policy?

Answer 25

To manage the identification of specific files and how elevation requests for those files are handled ## Footnote Elevation rules configure details about the file being managed and requirements for it to be elevated.

Question 26

What types of files are supported by Windows elevation rules?

Answer 26

* Executable files with the .exe or .msi extension * PowerShell scripts with the .ps1 extension ## Footnote These file types can have specific elevation rules applied to them.

Question 27

What is the first step in configuring an elevation rule?

Answer 27

Identify the file using its name, certificate, or optional conditions ## Footnote Optional conditions can include minimum build version, product name, or internal name.

Question 28

What is the default elevation type set to in a Windows elevation rule?

Answer 28

User confirmed ## Footnote This option is recommended for elevations.

Question 29

What happens during a user confirmed elevation?

Answer 29

The user must select a confirmation prompt to run the file ## Footnote Additional confirmations can include organizational credential authentication or entering a business justification.

Question 30

What is an automatic elevation?

Answer 30

An elevation that occurs invisibly to the user without any prompt ## Footnote There is no indication that the file is running in an elevated context.

Question 31

What is required for a support approved elevation request?

Answer 31

Administrator approval for requests without a matching rule ## Footnote This is necessary before the application can run with elevated privileges.

Question 32

What can be configured regarding child processes in elevation rules?

Answer 32

The elevation behavior that applies to child processes created by the elevated process ## Footnote Options include requiring a rule, denying all, or allowing child processes to run elevated.

Question 33

Fill in the blank: The elevation type that allows child processes to always run elevated is called _______.

Answer 33

Allow child processes to run elevated ## Footnote This setting enables child processes to inherit elevated privileges.

Question 34

How to create a Windows elevation settings policy ( steps) ?

Answer 34

1. Go to **Endpoint security** > **Endpoint Privilege Management** > select the **Policies** tab > and then select **Create Policy** 2. Set the **Platform** to **Windows**, **Profile** to **Windows elevation settings policy**, and then select Create 3. Basics: name + description 4. **Configuration settings** : define default behaviors for elevation requests on a device 5. Scope 6. Assignments 7. Review + create

Question 35

For **elevation settings policy**, in **Configuration settings**, what are the 4 categories you need to define default behaviors for elevation requests on a device

Answer 35

1. **Endpoint Privilege Management**: Set to Enabled (default) 2. **Default elevation response** Options - Not Configured - Deny all requests - Require support approval - Require user confirmation (Business justification/Windows authentication) 3.Send elevation data for reporting 4.Reporting scope

Question 36

How to manually configure **elevation rules** for Windows elevation rules policy ( 8 steps) ?

Answer 36

1. Go to **Endpoint security **> **Endpoint Privilege Management** > select the **Policies** tab > and then select Create Policy. 2. Set the Platform to Windows, Profile to Windows elevation rules policy, and then select Create. 3. Basics: name + description 4. On **Configuration settings**, add a rule for each file that this policy manages. When you create a new policy, the policy starts includes a blank rule with an elevation type of User confirmed and no rule name. Start by configuring this rule, and later you can select Add to add more rules to this policy. 5. select Edit instance to open its Rule properties page 6. Scope 7. Assignments 8. review+create

Question 37

On elevation rules policy, when you edit the rule properties page, what are the 2 categories you must configure ?

Answer 37

* Elevation conditions * File information

Question 38

On elevation rules policy, when you edit the rule properties page, what are Elevation conditions ?

Answer 38

Elevation conditions are conditions that define **how a file runs**, and **user validations that must be met** before the file this rule applies to can be run.

Question 39

What are the 2 options for Elevation conditions in an elevation rules policy ?

Answer 39

* **Elevation type** : By default, this option is set to User confirmed, which is the elevation type MS recommends for most files. * **Child process behavior**

Question 40

On elevation rules policy, when you edit the rule properties page, what is File information?

Answer 40

where you specify the details that identify a file that this rule applies to. * File name * File path (optional) etc