Forum Discussion
neilcarden
Apr 14, 2020Brass Contributor
Disable/Block installation of all apps
Hi, I am trying to replicate a group policy that back when I was using on-prem AD etc, we could set the policy to disable windows installer for all users, hence not allowing them to install anything....
Moe_Kinani
Apr 15, 2020Bronze Contributor
I have been evaluating E5 license ( Windows Enterprise), you can actually achieve your objective by using Surface attack Reduction in Intune under Security Baseline + Microsoft Defender ATP. Still in Preview but you can give it try.
Otherwise you have to use some 3rd party app like ‘CensorNet’ to block executables, zip etc.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
Otherwise you have to use some 3rd party app like ‘CensorNet’ to block executables, zip etc.
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
neilcarden
Apr 15, 2020Brass Contributor
Thanks for the responses. I was hoping for something with little to no config in regards to the ASR, due to the fact I don't have time to spend looking into this.
The InTune appstore only route causes havoc for those apps we use that are not in the store...
I think i will need to set some time aside and look into the ASR route at some point.
Thanks
Neil