This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Hello, Windows devices are managed by Intune.
All users have standard user privileges. For IT department employees, the "Microsoft Entra Joined Device Local Administrator" role is assigned
However, to perform any administrative actions, you need to end the user session and log in as an administrator.
Running a process from another user or with elevated privileges does not work. Because the user input format "AzureAD******@contoso.com" no longer works.
It will not be possible to use LAPS, because the local administrator account is disabled.
What can you recommend to run processes with elevated privileges and using the Entra ID account, without ending the user session.
Suppose the user works via RDP and many sessions do not work.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Mountain Pond, Thanks for posting in Q&A. For your scenario, you can consider Endpoint Privilege Management (EPM). With it, your organization’s users can run as a standard user (without administrator rights) and complete tasks that require elevated privileges. Tasks that commonly require administrative privileges are application installs and running certain Windows diagnostics. Maybe this is a good option for you. You can read the following link to know more details.
https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview
Hope the above suggestion can give you some help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.