Forum Discussion
Application Restrictions with Intune
Afternoon,
I work for a school and we have started the migration to Intune but come across a sticking point for locking shared windows devices down under exam conditions.
We require to prevent a specific exam user account from accessing all applications other than Word and Adobe DC Reader, therefor blocking access to apps such as maps, calculator, Edge, Chrome....
Currently this is achieved using AppLocker via Group Policy and set to apply to an AD user group that contains the exam user account.
I have replicated the Applocker policies in Intune but don't see a way to apply these to an EntraID group in the same way as AD groups. The Device Configuration Policy is assigned to the exam user and has applied when logged in to a Shared Windows Device, however if another user logs on to the shared device they are also blocked from using the apps.
Is there a way to ensure that only the specific user is restricted when signing in to shared windows devices ?
Regards
- JosvanderVaartIron Contributor
Jsalmond Hi, This behavior is indeed true. The policies in Intune only work device-based. Below is a screenshot from the following documentation: https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,