By: Luke Ramsdale – Sr. Customer Escalation Engineer | Microsoft Intune
In Microsoft Intune, admins can deploy application control policies to Windows devices to help prevent unauthorized appli...
Updated Aug 05, 2024
Version 3.0
Blog Post
Hi Jason, I am still getting WDAC blocking installs during autopilot.
My test:
- enable managed installer via intune gui
- configure app control,
Enable App Control for Business policy to trust Windows components and Store apps:
Enforce
Select additional rules for trusting apps: Trust apps from managed installers
- assign Adobe Acrobat Reader DC ms store app (new)
(then perform wipe and autopilot build)
During autopilot, the app install is blocked.
When I did troubleshooting previously, MS support said that either the applocker policy which delivers the managed installer feature needs a reboot before it takes effect or there was no way to guarantee that the applocker policy applied before WDAC took effect. Either way, managed installer wasn't really going to work with autopilot.
Can you confirm if a reboot is needed for the applocker policy to take effect? (or better yet, duplicate my test)