Using Windows Application Control via an Intune template
ฝัง
- เผยแพร่เมื่อ 19 มิ.ย. 2023
- In this video you'll see how to apply Windows Application Control using a standard Intune Endpoint Protection policy. You'll also see how you can use the Microsoft Intelligent Security Graph to also allow 'trusted applications' to run in your environment. Finally, there are are some tips and tricks with this process that will also be shared.
- วิทยาศาสตร์และเทคโนโลยี
![[TH] 2024 PMWC x EWC Group Stage Day 3 | PUBG MOBILE WORLD CUP x ESPORTS WORLD CUP](http://i.ytimg.com/vi/VnOqutfqWqU/mqdefault.jpg)
Thanks Robert, nice and easy to understand
Great explanation! Any idea how one configures WDAC to be able to override it with a local admin account? e.g. install one single application for a single machine. Similar to what is possible with AppLocker.
WDAC is a device NOT user policy. If you want a user policy use AppLocker. WDAC because it is a device policy is far more secure.
Hi Robert, can we allow only notepad to a user and apply only to the user's group
Yes
How can you enable Windows Application Control, plus allow your LOB apps, be it either 32bit or 64bit?
You will probably need to use a more granular control like custom WDAC policies. But it can be done but custom apps probably need a custom WDAC policy, which can still be deployed via Intune. See my other videos on that here.
@directorcia might be worth a video?
@@GregThomson sorry, far too complicated. Besides that’s WDAC and I have already done a video on that.
awesome video guide, how can we manage to control on specific application to block only?
Create a custom policy
@@directorcia awesome thanks, do you have any guide sir, like for example we only want to block only specific apps like brave browser or we can specify which app is block, and not only the trusted Microsoft apps is it possible?
@@jameseduard2092 Sorry, no. I suggest you consult the MS docs.
Can you do a white list of trusted apps for your organization?
Yes
@@directorcia how would I do this?
@@clivebuckwheatI suggest you review the MS docs. Basically instead of a line in the XML file blocking an app you'd have one allowing the app. Provided the software has a cert you could do it by public cert.
@@directorcia So blocking Apps would be much easier I have too much to white list, on your opinion?
@@clivebuckwheat I block known/unknown bad apps rather than allowing good apps. Far easier yes.