Forum Discussion
AppLocker GPO support on Windows 10 / 11 Professional SKU since 2022/10 Patchday?
After September Patchday there is no need of Enterprise or Education SKU for Win 10 / Win 11. The KB's got an update:
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker
- https://support.microsoft.com/en-us/topic/kb5024351-removal-of-windows-edition-checks-for-applocker-e3a763c9-6a3e-4d9c-8623-0ffe69046470
The Windows updates dated September 30, 2022, and later, made significant changes for AppLocker support. Before the updates, Windows tied policy enforcement to the Windows edition and the method used to manage its endpoints. For instance, systems managed by mobile device management (MDM) enforced AppLocker policies on all editions of Windows 10 and Windows 11. Also, systems managed by Group Policy only enforced AppLocker policies on Windows 10 and Windows 11 Enterprise or Education editions.
These updates removed the edition checks for Windows 10, versions 2004, 20H2, and 21H1 and all versions of Windows 11. You can now deploy and enforce AppLocker policies to all of these Windows versions regardless of their edition or management method.
HTH
Jan
After September Patchday there is no need of Enterprise or Education SKU for Win 10 / Win 11. The KB's got an update:
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker
- https://support.microsoft.com/en-us/topic/kb5024351-removal-of-windows-edition-checks-for-applocker-e3a763c9-6a3e-4d9c-8623-0ffe69046470
The Windows updates dated September 30, 2022, and later, made significant changes for AppLocker support. Before the updates, Windows tied policy enforcement to the Windows edition and the method used to manage its endpoints. For instance, systems managed by mobile device management (MDM) enforced AppLocker policies on all editions of Windows 10 and Windows 11. Also, systems managed by Group Policy only enforced AppLocker policies on Windows 10 and Windows 11 Enterprise or Education editions.
These updates removed the edition checks for Windows 10, versions 2004, 20H2, and 21H1 and all versions of Windows 11. You can now deploy and enforce AppLocker policies to all of these Windows versions regardless of their edition or management method.
HTH
Jan