Event details

Get ready to rethink what app control means on Windows. Get a behind-the-scenes look at the latest updates to App Control for Business—starting with the new script enforcement model that brings consistent behavior across script hosts (so you can move off those “vintage” APIs). Get a tour of Smart App Control policy options, plus a look at session locked signed policies—no more UEFI locks—perfect for ephemeral Windows endpoints like VMs that pop into existence, do their job, and vanish like they were never there. And because good things happen in threes, we’ll also touch on what’s changing in the Azure Arc management tooling for servers. We’ll also show you where to find update, prescriptive documentation designed to help you build strong, practical policy from day one.

 

This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, click Attend for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event.

Heather_Poulsen
Updated Mar 12, 2026
Technical Takeoff

7 Comments

  • danjb's avatar
    danjb
    Brass Contributor
    Mar 16, 2026

    Can you get looped in with the teams developing Intune features around: Windows app discovery, app deployment, app updating  - so the managed installer was a good step in the right direction, but I feel like more capability could be added including the option of importing app definitions as rules from existing apps that were discovered in Intune. 

    Just making it easier to go from a sort of "learning mode" to onboarding and moving towards locking down with App Control.

    • Per-Larsen's avatar
      Per-Larsen
      Icon for Microsoft rankMicrosoft
      Mar 16, 2026

      Thanks for the feedback - it is not the first time we hear this feedback.

      We do not have anyting to share public at the moment.


      Your can always provite Intune feedback here :  aka.ms/IntuneFeedback

    • Mahi_Choudhary's avatar
      Mahi_Choudhary
      Icon for Microsoft rankMicrosoft
      Mar 16, 2026

      Thanks for the feedback, that is a great recommendation. We encourage to share the feedback within aka.ms/IntuneFeedback and for early access to features and capabilities, join the Management Advisors community: https://aka.ms/JoinCommunity.

  • mijedanofficeit's avatar
    mijedanofficeit
    Copper Contributor
    Mar 16, 2026

    Could you explain how to get started, when customer is comming from applocker, and have a lot of 3rd party apps deployed, where many are autoupdating.

    • Jeffrey_Sutherland's avatar
      Jeffrey_Sutherland
      Icon for Microsoft rankMicrosoft
      Mar 16, 2026

      The best way to get started on a migration from AppLocker to AppControl is to use the AppLocker policy converter and convert your AppLocker XML into AppControl XML. Note that there are some significant differences between the two that you will need to consider when reviewing your converted policy. The two main ones are:

      1. AppLocker rules are scoped to a user or group by default. AppControl policies apply machine wide and don't allow for reduced scoping based on user.
      2. AppLocker signer rules don't actually chain up to the root certificate in the signature's certificate chain. AppControl, on the other hand, requires the complete chain. So, when we convert AppLocker rules, they end up chaining to our "Dummy Well-known root" for the certs that comprise the AuthRoot cert store. These are all of the cross-signed roots from certificate authorities which are members of Microsoft's Trusted Root Program.

      Generally, the conversion works quite well and gets you most of the way. But you'll want to test your converted policy thoroughly before deploying to your endpoints.

      Good luck on your migration!

      Jeffrey

  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 16, 2026

    Welcome to “App Control for Business: same roots, new playbook” at Microsoft Technical Takeoff. Q&A is open now and throughout the week. Please post any questions or feedback here in the Comments. [Note: If your organization’s policies prevent you from seeing the video on this page, you can also tune in on LinkedIn.]