How to avoid/skip the UAC while end user open an application which runs on devices in backend?

Vinod Survase 4,711 Reputation points
2023-10-18T14:26:08.2666667+00:00

How to avoid/skip the UAC while end user open an application which runs on devices in backend?

Here is the use case:

We have an app for Backup which keeps running on device in the backend but when we ask end users to open its app/agent on device it asks for User Access Control on device so we would want to skip/avoid via Intune.

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
354 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,750 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,270 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,479 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,848 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 44,411 Reputation points Microsoft Vendor
    2023-10-19T02:25:35.82+00:00

    @Vinod Survase, Thanks for posting in Q&A. From your description, it seems the application requests elevation when run. To avoid the UAC notifies, you can disable UAC prompts. Here is a link list the steps to do this via Intune. But this is not the best-recommended security practice.

    https://www.anoopcnair.com/disable-uac-secure-desktop-mode-using-intune/

    Note: Non-Microsoft link, just for the reference.

    In Intune, there's a new feature called Endpoint Privilege Management which allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. But it needs to purchase additional license. Here is a link with more details:

    https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Philippe Levesque 5,701 Reputation points MVP
    2023-10-18T14:49:04.9233333+00:00

    Hi

    The app need admin right for what ? Most app I can see use a SQL or integrated type login, so any change done, or settings modified are validated from the app perspective and saved inside a database, thus it does not impact the local computer. (Action gave from the frontend are executed from the backend process)

    For your questions if you can't change your agent, you need to disable completly UAC as it's not a per-application settings.

    Select Devices > Windows > Configuration profiles > Create profile. Create Profile – Disable UAC Secure Desktop Mode using Intune In Create Profile, Select Platform

    1 person found this answer helpful.