This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
How to avoid/skip the UAC while end user open an application which runs on devices in backend?
Here is the use case:
We have an app for Backup which keeps running on device in the backend but when we ask end users to open its app/agent on device it asks for User Access Control on device so we would want to skip/avoid via Intune.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Vinod Survase, Thanks for posting in Q&A. From your description, it seems the application requests elevation when run. To avoid the UAC notifies, you can disable UAC prompts. Here is a link list the steps to do this via Intune. But this is not the best-recommended security practice.
https://www.anoopcnair.com/disable-uac-secure-desktop-mode-using-intune/
Note: Non-Microsoft link, just for the reference.
In Intune, there's a new feature called Endpoint Privilege Management which allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. But it needs to purchase additional license. Here is a link with more details:
https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi
Crystal-MSFT
Thanks for reply. Yeah I understand that its not best practice but this is and yes the it seems the application requests elevation permission when it runs on device.
Also currently we don't have the Endpoint Privilege Management license so we wont be able to do that or implement.
Thanks for sharing the link. I will test it.
@Vinod Survase, Thanks for marking our reply as answer and I am glad the information can help. I notice you will test, if there's anything we can help during test, feel free to let us know.
Thanks for your time and have a nice day!
Hi
The app need admin right for what ? Most app I can see use a SQL or integrated type login, so any change done, or settings modified are validated from the app perspective and saved inside a database, thus it does not impact the local computer. (Action gave from the frontend are executed from the backend process)
For your questions if you can't change your agent, you need to disable completly UAC as it's not a per-application settings.
Select Devices > Windows > Configuration profiles > Create profile. Create Profile – Disable UAC Secure Desktop Mode using Intune In Create Profile, Select Platform
Thanks for answer on this. I will try these steps and test it.