Microsoft Intune Admin Tasks GA for EPM and MAA

Introduction: why this matters

Intune administrators make constant, high-stakes decisions—approving privilege elevations, responding to security remediation requests, and validating sensitive configuration changes. When these decision points are scattered across multiple consoles, response time slows, audit trails become harder to maintain, and risk increases. With admin tasks now generally available (GA), Microsoft is consolidating these approvals and remediation workflows into a single, prioritized queue—designed to reduce noise today and provide an oversight layer for emerging AI-assisted operations.

Admin tasks is available in the Intune admin center under Tenant administration.

What’s new in Intune Admin Tasks (GA)

Admin tasks brings together three key workflow types into one experience:

1) Endpoint Privilege Management (EPM) elevation requests

EPM helps standard users run approved apps with elevated rights without granting permanent local admin access.

• Review and approve/deny elevation requests from the centralized queue
• Create reusable rules from file details (publisher, hash, command-line)
• Add files to reusable settings for consistent governance
• Audit-friendly logging for compliance and investigations

If you use Security Copilot, Intune can surface contextual risk signals to inform EPM approval decisions.

2) Microsoft Defender for Endpoint (MDE) security tasks

When Defender detects threats or configuration gaps, it can generate remediation tasks surfaced directly in Intune.

• Track and complete remediation work from the same admin tasks queue
• Mark tasks complete or reject them, and review impacted device lists
• Leverage recommended endpoint security profiles, including newer configuration support for EDR and AV exclusions on Linux
• Maintain activity logging for audit and compliance

3) Multi Admin Approval (MAA) requests

MAA enforces a second set of eyes for high-impact actions (for example, scripts, role changes, remote actions, and device wipes).

• Approve/reject requests and complete changes from a centralized view
• Capture requester/approver notes to strengthen audit readiness
• Reduce blast radius from compromised admin accounts by preventing single-actor execution

With Security Copilot, the Change Review Agent can analyze MAA script requests for impact and provide recommendations.

Also included: Device Offboarding Agent tasks (public preview)

Admin tasks now incorporates actions from the Device Offboarding Agent (part of Microsoft Security Copilot, currently in public preview). It helps identify unused/outdated devices using signals across Intune and Microsoft Entra, and supports guided remediation such as disabling Entra ID device objects.

• Download a CSV list of affected devices
• Apply repeatable cleanup processes to reduce attack surface

Impact for IT admins and end users

• Faster response to critical requests via a single, prioritized queue
• Improved governance and audit readiness through consistent workflows and logging
• Stronger Zero Trust posture (least privilege + controlled approvals)
• Better user productivity when EPM reduces the need for permanent admin rights and lowers help desk escalations

Action items / next steps

1. In the Intune admin center, navigate to Tenant administration > Admin tasks and validate visibility and role assignments.
2. Review your EPM elevation policy model (automatic, user-confirmed, support-approved) and standardize rule creation criteria.
3. Align Defender security tasks handling with your incident/remediation SLAs and confirm Linux security profile coverage where applicable.
4. Enable/expand Multi Admin Approval for your highest-risk actions and document approver workflows for audits.
5. If piloting Security Copilot, evaluate the Device Offboarding Agent preview and Copilot-driven contextual analysis for EPM/MAA to improve decision quality without losing human oversight.