Hey folks,
We've got a fully cloud-based team using email accounts like [email protected], predominantly working on Macs (about 95% of our devices are Apple). However, we do have around 90 Windows machines managed by Intune.
With so many of our users working remotely, they often run into issues when they need to urgently install printer drivers or update apps because they lack admin privileges. On our MacBooks, we use Jamf to allow temporary administrative rights through a button in the Self Service portal that lasts for 30 minutes. This also lets us keep track of when these rights are elevated.
I'm looking for advice on how to achieve something similar for our Windows devices, maybe using Intune or some other solution? I appreciate any help!
5 Answers
We actually use AutoElevate—it lets you approve one-time requests without frequent interruptions. For emergencies, we rely on LAPS; it’s handy when we encounter issues like network card failures.
You might want to check out Admin by Request; it works really well for granting temporary admin rights without the hassle of permanent access.
If you set your Intune policies correctly, you may not even need to grant temporary admin access. You can allow specific updates and block others. Just as a note, some might argue that giving out admin rights temporarily is not the best practice. But if you feel it’s necessary, Admin by Request can be a good option.
MakeMeAdmin has a Windows version too, which might suit your needs! Check it out [here](https://github.com/pseymour/MakeMeAdmin).
You could consider using LAPS (Local Administrator Password Solution) combined with password rotation through Intune. This gives you more control while keeping your users secure.
This looks interesting! Do you have experience using it, or are you just suggesting it based on what you've heard?