How to avoid/skip the UAC while end user open an application which runs on devices in backend?

Vinod Survase 4,756 Reputation points
2023-10-18T14:26:08.2666667+00:00

How to avoid/skip the UAC while end user open an application which runs on devices in backend?

Here is the use case:

We have an app for Backup which keeps running on device in the backend but when we ask end users to open its app/agent on device it asks for User Access Control on device so we would want to skip/avoid via Intune.

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
446 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,953 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,390 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,364 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,649 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 50,676 Reputation points Microsoft Vendor
    2023-10-19T02:25:35.82+00:00

    @Vinod Survase, Thanks for posting in Q&A. From your description, it seems the application requests elevation when run. To avoid the UAC notifies, you can disable UAC prompts. Here is a link list the steps to do this via Intune. But this is not the best-recommended security practice.

    https://www.anoopcnair.com/disable-uac-secure-desktop-mode-using-intune/

    Note: Non-Microsoft link, just for the reference.

    In Intune, there's a new feature called Endpoint Privilege Management which allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. But it needs to purchase additional license. Here is a link with more details:

    https://zcusa.951200.xyz/en-us/mem/intune/protect/epm-overview

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


2 additional answers

Sort by: Most helpful
  1. Philippe Levesque 5,806 Reputation points
    2023-10-18T14:49:04.9233333+00:00

    Hi

    The app need admin right for what ? Most app I can see use a SQL or integrated type login, so any change done, or settings modified are validated from the app perspective and saved inside a database, thus it does not impact the local computer. (Action gave from the frontend are executed from the backend process)

    For your questions if you can't change your agent, you need to disable completly UAC as it's not a per-application settings.

    Select Devices > Windows > Configuration profiles > Create profile. Create Profile – Disable UAC Secure Desktop Mode using Intune In Create Profile, Select Platform

    1 person found this answer helpful.

  2. Roshan patil 0 Reputation points
    2024-11-22T05:48:43.5533333+00:00

    Can we use helper service for this? which will be integrated in the app itself. Is that a feasible solution?
    Or can we just write an installation command like this? installer.exe /silent /norestart

    Or can we upload any powershell script in ms intune apps to allow install as admin(if there is any way for this).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.