Endpoint Privilege Management (EPM) Solution

A staff member in the Compliance Division reports that they cannot install an urgently required data analysis tool needed for a time-sensitive project. As a standard user without local administrator rights, the installation is blocked. The user opens the application as normal, and Microsoft Endpoint Privilege Management (EPM) automatically recognises it as software covered by a controlled elevation rule. Because the application requires approval, the system prompts the user to submit a short justification. This request is instantly routed to the Department’s Service Desk through the EPM approval dashboard, allowing analysts to view the user’s details, device compliance status and identity risk level provided by Entra ID Protection.

A Service Desk analyst reviews the request. Conditional Access and identity risk checks confirm that the user has authenticated with a phishing-resistant passkey and is operating from a compliant, Department-managed device. The analyst approves the elevation with a single click, triggering a time-bound elevation window on the user’s device. Within seconds, EPM elevates only the specific installer—without giving the user admin credentials or exposing any privileged account passwords. The user completes the installation successfully, while the analyst maintains full visibility of the action.

In another scenario, a user is experiencing issues with a legacy application that requires elevated access to modify configuration files. Instead of taking remote control or using a shared admin account, the Service Desk triggers a Just-in-Time elevation directly on the user’s endpoint. The elevation is restricted to the single executable required for troubleshooting and automatically expires once the task is completed. At no point does the user or analyst gain broad local administrator privileges.

All actions—user requests, approvals, elevations, risk assessments and Service Desk interventions—are automatically logged in Microsoft Sentinel and exported to Splunk for compliance and reporting. This provides the Department with a fully auditable record of every privileged operation, ensuring transparency, accountability and alignment with ISM, PSPF and IRAP PROTECTED requirements. Through this workflow, the Service Desk is able to support users quickly and securely, without compromising least-privilege principles or exposing the Department to credential misuse risks.