Forum Discussion
editing a current app locker policy
Hi all,
I have ran a policy to devices which I thought worked locally but due to me leaving the "not configured" parts in the xml the policy has failed on devices. If I edit the app locker xml in intune to the correct one will this work?
Please help! I dont want to cause more issues in the long run as this is our first time managing intune devices
- Hi
First to answer your question, take a look at my blog. I noticed the same thing and create a blog about this
https://call4cloud.nl/2020/10/the-appocker-dilemma/
But just like nicklas is telling... there are of course always better options out there.. Device Guard/Applocker/Defender app control
But I prefer applocker.... when you need to exclude something... within my opinion, this can be done a lot quicker with applocker. Applocker is a good way to start into securing your devices.
Don't forget about PowerShell
2 Replies
- Hi
First to answer your question, take a look at my blog. I noticed the same thing and create a blog about this
https://call4cloud.nl/2020/10/the-appocker-dilemma/
But just like nicklas is telling... there are of course always better options out there.. Device Guard/Applocker/Defender app control
But I prefer applocker.... when you need to exclude something... within my opinion, this can be done a lot quicker with applocker. Applocker is a good way to start into securing your devices.
Don't forget about PowerShell Hello!
I recommend that you look at Microsoft Defender App Control instead of AppLocker. MDAC is the new version of AppLocker and is easier to manage. There are some really good guides and how to's at MS docs to get going with MDAC.You may read about the differences in MDAC and AppLocker here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview
//Nicklas Ahlberg
