From 1047c99bcacd145a209c40acd26f9251ec069789 Mon Sep 17 00:00:00 2001
From: Mathias Borowicz <149428595+mathiasborowicz@users.noreply.github.com>
Date: Thu, 11 Jun 2026 16:50:20 +0200
Subject: [PATCH] Update child process behavior in elevation rules

Clarify behavior of child processes under elevation rules.
---
 intune/epm/create-elevation-rules.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/intune/epm/create-elevation-rules.md b/intune/epm/create-elevation-rules.md
index e956035747..d01eba9663 100644
--- a/intune/epm/create-elevation-rules.md
+++ b/intune/epm/create-elevation-rules.md
@@ -68,6 +68,8 @@ Each elevation rule instructs EPM on how to:
     - **Deny all** – All child processes launch without elevated context.
 
     - **Allow child processes to run elevated** – Any child process launched by the elevated parent will automatically run elevated. When this option is selected, rule evaluation for the child process is skipped, including deny rules. This means a child process may run elevated even when an explicit deny rule exists for that process.
+      
+    - **Not configured** - No child process behavior is specified and the elevated parent falls back to the default Windows behavior, where any child process launched by the elevated parent automatically runs elevated. Rule evaluation for the child process is skipped, including deny rules, which makes this behavior equivalent to Allow child processes to run elevated.
 
     **Best practice:** Avoid creating overly broad elevation rules for applications that can start other processes (for example, command shells or script engines) to prevent unintended elevation.