Forum Discussion
Block All Software Installs
Hi All
Is there a way to block all software installs on Windows devices except for those we push out via Intune?
I have have a look in the Device Config settings but there seems to be some confusing settings in there and some stating set as "Disabled" when disabled isn't an option.
Info appreciated.
9 Replies
Hi
Have you taken a look at the new Intune feature Intune just introduced as generally available called App Control for Business. I have not tested this feature, but this could be helpful.
Perhaps you can use this to control what apps are allowed to allow to install on the workstations.
Link below. https://techcommunity.microsoft.com/blog/microsoftintuneblog/what%E2%80%99s-new-in-microsoft-intune-august-2025/4445612
Hy,
App Control for Business?
Have a look at this:
https://webapp-wdac-wizard.azurewebsites.net/
Good luck!
Thank you.
You're welcome!
Third party tools like Airlock will be able to assist, but bit complex to setup and manage.
Hi StuartK73,
You can use EPM if u want yours users to install specific application with admin privilege.
Don’t mean to digress, but what kind of software installs are we talking about here? If it’s the kind that needs elevation then do your users have admin rights? If so, then I would probably start with that.
Hi Buddy
No, our users do not have admin rights, and while this is a security feature, it is not full proof ie some apps etc can install without elevation and I'd like to prevent that from happening.
SK
I see. Then your best bet is using app control policy where you define a whitelist of apps.
