Endpoint Privilege Management and the Device Health Monitoring Reports: Quantumania

by: rudyoomsPosted on:

Last Updated on July 27, 2024 by rudyooms

This blog will be small and simple, but it will be about me looking at how the Endpoint Privilege Management reports will be delivered to Intune. Oww did I said simle? My bad…

I will divide this blog into multiple parts

1. Introduction

If you have enabled Endpoint Privilege Management (EPM) in your tenant and, with it, getting your device enrolled into MMPC (Microsoft Managed Platform – Cloud), I bet you also configured the Elevation Settings policy and defined the “Send Data to Microsoft” section.

Afbeelding met tekst Automatisch gegenereerde beschrijving

When you have configured this reporting section, the device its Telemetry data is sent over to Microsoft and the Device Health Monitoring Policy will be deployed to your device.

If you decide to elevate some stuff (or not) like PowerShell this information should be sent over to Microsoft once in a while…..(it should…really..)

As shown below the Endpoint elevation report should eventually end up on your tenant.

Somehow “Something went wrong” in the backend a couple of weeks ago and the data wasn’t there. As shown below, I am missing something in between….

Afbeelding met tekst, tafel Automatisch gegenereerde beschrijving

Of course, the product is still being worked on so no complaints here but somehow that “delay” got me triggered. I wanted to know the exact flow of what was happening between performing the Elevation itself and the data being sent over

2. The Flow

I started writing it all down, but after a while, it became too complex to describe each step, so I trusted in my magical MSPaint skills.

Please Note: I am not a Microsoft Engineer with inside knowledge, so I am only trying to solve the puzzle. Maybe it will help you understand what is happening behind the reporting curtains.

Endpoint Privilege Management Reporting Flow

When looking at the Flow itself, I guess the most important parts are the WMI Autologger SensorFramework and the ListenerFramework which will get the EPM data and make it ready for transport.

Please leave me a note if I need to write the whole process down instead of showing you 1 big flow

Conclusion

I truly love the stuff Endpoint Privilege Management brought us! I love the MMP-C, the EPM Agent, the Windows Declared Configurations, and the EPM Reports, too!

LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

  +  73  =  77