With the exciting release of Endpoint Privilege Management, I immediately went digging around in Graph to see just what’s happening behind the scenes.
It will come of no surprise that it is based on the ever-growing Settings Catalog so why not automate it? We all know I love avoiding a GUI
Here is the result, my latest script add-epmfilerule
As usual you can grab it from GitHub here
Or PowerShell gallery
Install-Script -Name add-epmfilerule
When running, the only required input is the Filepath you wish to allow (for example “c:\windows\system32\notepad.exe”)
The script will then grab the filename and filepath, extract the filehash and create your policy.
Without any other parameters, it will assign to All Users and require the User to approve with credentials.
If you pass the groupname parameter, it will assign to the group specified
If you want to auto approve set the elevationtype parameter to “Auto”
As with all of my scripts, you can pass tenant ID and app reg details to connect that way, or you can switch a variable within the script to hard-code them if required.