Enhanced Application Security with Copilot and Endpoint Privilege Management

Let’s discuss Enhanced Application Security with Copilot and Endpoint Privilege Management (EPM). This powerful solution helps protect organizations using Microsoft Intune’s EPM, Copilot AI, and Microsoft Defender Threat Intelligence.

Copilot and EPM help keep your applications secure, ensuring users can work efficiently while minimizing the risk of cyberattacks. Microsoft has enhanced EPM by integrating Microsoft Defender Threat Intelligence and Copilot AI capabilities, creating a powerful solution that detects vulnerabilities, evaluates risks, and proactively stops attacks.

Endpoint Privilege Management (EPM), a feature within Microsoft Intune, enables organizations to manage user privileges effectively while adhering to the Zero Trust security model. This approach minimizes risks by granting users the least privilege required for their tasks, ensuring productivity without compromising security.

This post will teach you about Enhanced Application Security with Copilot and Endpoint Privilege Management (EPM). This solution helps protect your organization’s devices and applications using Microsoft Intune’s EPM, Copilot AI, and Microsoft Defender Threat Intelligence.

Patch My PC

Enhanced Application Security with Copilot and Endpoint Privilege Management

The user, who works from home, wants to install a printer driver and needs elevated permissions. They submit a request through the Support-Approved Workflow in Endpoint Privilege Management (EPM).

Enhanced Application Security with Copilot and Endpoint Privilege Management - Fig.1 - Creds to MS
Enhanced Application Security with Copilot and Endpoint Privilege Management – Fig.1 – Creds to MS

Elevation Requests

This request then appears on the administrator’s side. The administrator reviews the request and decides whether to approve or deny it based on its security and legitimacy. If approved, the user gets temporary elevated permissions to install the driver. The request is blocked if denied, and the user cannot install the driver.

Adaptiva
  • Go to the Microsoft Intune admin portal.
  • Navigate through Endpoint Security> Endpoint Privilege Management > Elevation Requests.
  • And then Click on the InstallPrinter.msi.
Enhanced Application Security with Copilot and Endpoint Privilege Management - Fig.2 - Creds to MS
Enhanced Application Security with Copilot and Endpoint Privilege Management – Fig.2 – Creds to MS

Elevation Request Properties

The Elevation request shows some details about the printer driver, but we can’t tell if it’s risky yet. We’ll use Copilot to analyze the information with Microsoft Defender Threat Intelligence to find out. This will help us check if the app has any vulnerabilities or security issues. Based on the analysis, we can decide whether to approve the request (if it’s safe) or deny it (if it’s risky).

Elevation Request PropertiesDetails
FileInstallPrinter.msi
PublisherUnknownPublisher
Username[email protected]
DeviceCPC-User1-19PLN
Intune complianttrue
StatusPending
Last Modified11/09/24, 3:55 PM
User’s justificationI need to install printer
Approval expiration11/09/24, 3:55 PM
File pathC:\Users\User1\Downloads
Hash value94795fd89366e01bd6ce6471ff27c3782e2e1637
Version24.08.00.0
Product namePrinter Installer
Enhanced Application Security with Copilot and Endpoint Privilege Management – Table 1
Enhanced Application Security with Copilot and Endpoint Privilege Management - Fig.3 - Creds to MS
Enhanced Application Security with Copilot and Endpoint Privilege Management – Fig.3 – Creds to MS

Analyze with Copilot

As we can see, this app is malicious, so it’s not safe to approve. It will go into the denial box. We are excited to bring this capability to life because it’s powerful. A customer was able to stop a nation-state attack using EPM and Microsoft Defender Threat Intelligence (MDTI). This shows how effective this system can be in protecting against serious threats.

Analyze with CopilotDetails
Score100
ClassificationMALICIOUS
Last seen2024-10-17T13:37:58Z
NameIndicator related to a known Malware campaign
DescriptionThis file has traits consistent with hacking
tool.
NameIndicator related to a known Malware campaign
DescriptionThis file has traits based on Microsoft
Windows Defender engine.
MITRE TechniquesT1106
Enhanced Application Security with Copilot and Endpoint Privilege Management – Table 2
Enhanced Application Security with Copilot and Endpoint Privilege Management - Fig.4 - Creds to MS
Enhanced Application Security with Copilot and Endpoint Privilege Management – Fig.4 – Creds to MS

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Resources

Enhance IT expertise and efficiency with Copilot in Microsoft Intune

Author

Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.