Endpoint Privilege Management and the Device Health Monitoring Reports: Quantumania

by: rudyoomsPosted on:

Last Updated on June 6, 2023 by rudyooms

This blog will be a small and simple one but will be about me looking at how the Endpoint Privilege Management reports will be delivered to Intune. Oww did I said simle? My bad…

I will divide this blog into multiple parts

  1. Introduction
  2. The reporting flow

1. Introduction

If you have enabled Endpoint Privilege Management (EPM) in your tenant and with it getting your device enrolled into MMPC (Microsoft Managed Platform – Cloud), I bet you also configured the Elevation Settings policy and defined the “Send Data to Microsoft” section.

Afbeelding met tekst Automatisch gegenereerde beschrijving

When you have configured this reporting section, the device its Telemetry data is sent over to Microsoft and the Device Health Monitoring Policy will be deployed to your device.

If you decide to elevate some stuff (or not) like PowerShell this information should be sent over to Microsoft once in a while…..(it should…really..)

As shown below the Endpoint elevation report should eventually end up on your tenant.

Somehow “Something went wrong” in the backend a couple of weeks ago and the data wasn’t there. As shown below, I am missing something in between….

Afbeelding met tekst, tafel Automatisch gegenereerde beschrijving

Of course, the product is still being worked on so no complaints here but somehow that “delay” got me triggered. I wanted to know the exact flow of what was happening between performing the Elevation itself and the data being sent over

2. The Flow

I started writing it all down but after a while, it was becoming too complex to even begin describing each step so I trusted in my magical MSPaint skills.

Please Note: I am not a Microsoft Engineer with inside knowledge so I am only trying to solve the puzzle and maybe it could help you understand what is happening behind the reporting curtains..

When looking at the Flow itself, I guess the most important parts are the WMI Autologger SensorFramework and the ListenerFramework which will get the EPM data and make it ready for transport.

Please leave me a note if I need to write the whole process down instead of showing you 1 big flow

Conclusion

I truly love the stuff the Endpoint Privilege Management brought us! The MMP-C, I love it! The EPM Agent, I love it!, the Windows Declared Configurations, I love it!, and the EPM Reports, I love them too!

LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

  +  27  =  30