As of March, Microsoft has released new Intune updates aimed at enhancing endpoint security. With more slated to drop throughout the year, Intune continues to grow in maturity as an endpoint management solution.
In the content below, we examine the new features of Intune in 2023 and how administrators can leverage the updates.
Endpoint Privilege Management
Endpoint Privilege Management (EPM) addresses the concern of end-user app access and is a component in the new Intune features for 2023. It enables administrators (or help desk agents) to grant employees temporary elevated privileges – removing the need for a local admin account.
When thinking about Endpoint Privilege Management, we should consider where the need for such an enhancement comes from. Every company needs to make a difficult decision at some point between giving employees local admin privileges for productivity reasons – or denying employees admin privileges and opting to rely on their service desk agents to resolve requests. Permitting local admin defies the principles of Zero Trust and presents a significant security risk. Specifically, lateral movement and the installation of malicious software.
EPM eliminates this problem as it enables IT admins to allow time-bound admin privileges or task-specific time-bound admin privileges for users.
With EPM, there are two ways companies can achieve this:
1. Via a File Hash
2. Via certificate – signed applications through distinct vendors
You can then define the applications that you choose to run as an administrator while specifying how you’d like the elevation experience to look for users. Endpoint Privilege Management allows you to permit selected applications for users to run as an admin while promoting others to ask for a business justification to use. Further, it adds logging and audit capabilities so you can trace back threats, should one occur.
This solves the issue of making a difficult decision between giving users local admin accounts or impacting productivity. EPM allows users to remain standard users without administrative access and simply right-click on an application to run the application as an elevated user. Users are then checked against the established rule sets, and if permitted, the application will be run one time as an administrator.
There are three ways this can happen:
1. Automation – contingent on the application and how it has been signed
2. User Initiated – the user will request app privilege in order to deliver an executable or task
3. Approved by Support – the request will go to the IT service desk where the request will be approved or denied
In the near future, there will be additional capabilities in the elevation process like asking a user to go through MFA or workflows that send a request to a service desk person to approve an app request.
An additional feature of EPM that will be arriving soon, is reporting capability. Instead of administrators manually auditing the applications that are run in an environment, Endpoint Privilege Reporting will show IT administrators the applications running in the estate, allowing them to create rules based on what is actually happening. This will be extremely helpful for security audits. IT administrators will also be able to use the report to create rules and revoke admin access knowing that there will be no negative impact on productivity.
Advanced Application Management
The advanced application management feature allows administrators to streamline the deployment of apps and updates. It eliminates the need for excessive app packaging and grants IT administrators enhanced visibility and workflows to update applications.
Advanced Application Management addresses two key issues:
1. Application packaging – a cumbersome process that often necessitates the use of third-party software to deliver
2. Application updates – knowing when updates are available, which devices need updating, and how to go about updating. This component of advanced app management delivers greater visibility of available updates and the machines in which updates need to be installed.
Advance Application Management delivers a curated application catalog within Intune for apps that are commonly installed. This allows IT administrators to gain easy access to a list of apps that are tested, vetted for security vulnerabilities, and deemed ready for deployment. Microsoft will continuously keep the list of apps up-to-date from the OEM in the curated catalog.
Cloud Certificate Management
The cloud certificate management advancement is slated to release later in 2023 and promises to eliminate the necessity for on-prem infrastructures to manage VPN and Wi-Fi certs from Intune.
What Microsoft is building with the cloud certificate manager is a way to make the experience a SaaS service where Microsoft looks after a complex infrastructure and builds it straight into Intune. This allows IT administrators to deploy certificates securely to endpoints for resource access. Intune will create a certificate lifecycle within the tool eliminating the need to deploy additional infrastructure.
Cloud Certificate Management will work as a cross-platform solution covering iOS, iPadOS, Windows, Android, and MacOS.
Conclusion
The new Intune security features are taking endpoint management to the next level. With the new advanced features in 2023, we can look forward to a future where companies will be able to publish and deploy certificates to their devices, dynamically apply privileged access when needed, and automate their app patching.
