Event banner
Balancing security and flexibility when implementing Windows Defender Application Control (WDAC)
Event details
With the growing sophistication in info sec compromises, organizations are sharply increasing adoption of application control. Windows Defender Application Control has had significant changes over the years, so we share more on what's changed in WDAC across Windows, Intune, and Microsoft Defender for Endpoint plus best practices for creating and deploying app control policies with WDAC.
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- Rob de RoosIron Contributor
Can't wait for this one. Still looking into a solution where we are able to disable user installs of for example Google Chrome, etc. I believe WDAC could be a potential option to tackle that.
- Jordan_GeurtenMicrosoftHi Rob, I would be interested in hearing more about your scenario. At first glance, WDAC should meet your requirements. With WDAC, you can create a deny list to deny Chrome, for example, or an allow list to deny anything that is not explicitly on your list.
- Rob de RoosIron ContributorIf you create a Intune Managed AAD joined environment using autopilot where the user becomes a normal user and use for example the default security baselines with some additional policies you wish, a user is still able to do user installs (like chrome or firefox). In an Enterprise Environment that is an absolute no-go because we don't manage those browsers. We only manage Edge and Edge works in most cases. I would like to be able to disable user installs in any form. It would be so nice to have that as a simple "flip the switch" policy instead of having a giant learning curve and administrative hassle that you get with WDAC or AppLocker. Me manage 100's of customer environments and the administration burden those solutions bring to the table are fairly large and costly.
- PaulKlerkxIron ContributorWe use a third-party AV (Mcafee), is WDAC usable in this case or do we need to remove McAfee and switch to all defender to allow it to work?
- JavoMejiaCopper ContributorMost of WDAC features are part of Windows OS and those features are managed from Intune, Configuration Manager or GPO. You don't need to uninstall McAfee in order to work. Some Defender for endpoint (EDR) security remote tasks may use WDCA in order to enforce app execution restrictions.
- PaulKlerkxIron Contributorawesome, thankyou.
- mbhmircBrass ContributorWill per-user come to WDAC in the future? Right now we have to use applocker but I can see WDAC in some ways is more powerful?
- Jordan_GeurtenMicrosoftWDAC offers many more features and capabilities than AppLocker and is the recommended application control product over AppLocker. Per-user rules are on the roadmap for WDAC.
- Heather_PoulsenCommunity Manager
- Heather_PoulsenCommunity Manager
Welcome to Balancing security and flexibility when implementing Windows Defender Application Control (WDAC) at the Microsoft Technical Takeoff. Let's get started! Have a question? Post it here in the Comments. Subject matter experts will be answering during the session and throughout the week. We're looking forward to the conversation.
- bdelamotte_83Copper ContributorI can't seem to post in the comments, so will reply here. Re: the use of Managed Installer and the Intelligent Security Graph, contrary to the video and the WDAC documentation, MI and ISG only work on Enterprise, not Pro. Is this a bug, or documentation oversight?
- Jeffrey_SutherlandMicrosoftISG has always worked on Pro. Managed installer has historically been restricted to Pro (due to AppLocker restriction), but that Edition restriction is being removed with servicing updates coming out later this month as a preview update and with the December patch Tuesday updates.
- bdelamotte_83Copper ContributorIs there a private preview for the new management capabilities shown at approximately the 17 minute mark on the video?
- ZebulonSmithIron Contributor
Is there an advantage to configuring WDAC this way (manually) over using Intune or Configuration Manager?
- Jeffrey_SutherlandMicrosoft
The WDAC Wizard currently provides the best authoring experience. However, we will continue to improve the experience within Intune over time and further integrate with the WDAC client features to provide a more seamless and easier experience. You can also continue to deploy WDAC policy using ConfigMgr if that’s your preferred method.
- Heather_PoulsenCommunity Manager
Don't be shy. This is a great forum to ask your questions, but also to share information about use cases and scenarios you need to support. Post now or anytime this week in the Comments.
- jdbst56Brass ContributorIs there any way to migrate from Applocker to WDAC?
- Jordan_GeurtenMicrosoftThere is an open-source tool which can be used to convert your AppLocker policies to WDAC policies at http://aka.ms/AppLockerPolicyConverter. I recommend parsing and testing the WDAC policy output.
- Heather_PoulsenCommunity Manager
We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back throughout the week. For bonus content, make sure to check out our Technical Takeoff Demo Channel!
Also, we’re so happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
- k_alekhyaMicrosoftI am aware that WDAC is a Windows feature. Are there any plans to support application control on macOS or Linux platforms through an agent?
- Jeffrey_SutherlandMicrosoftAs we bring more application control features to Intune and Microsoft Defender for Endpoint (MDE), we will also consider how we can bring those capabilities to our non-Windows endpoints. The team that developed the WDAC capabilities on Windows have also been contributing to bring similar platform capabilities to Linux that we hope to see accepted soon by the broader Linux ecosystem https://microsoft.github.io/ipe/.
- Kurt-MICopper ContributorMy first time seeing this. The pace was fast. Although we can rewatch and pause the video, professional IT trainers don't use this presentation style tbh