Event banner
Event details
33 Comments
- Heather_Poulsen
Community Manager
- If wdac is in audit mode is it possible to automate a policy based on data fed into MDE over a time period into a online wizard for the policy?
- Jordan_Geurten
Microsoft
Audit mode policy and monitoring logs in MDE AH is the recommended approach. Automated feed back into policies is possible but will involve some scripting/tooling on your part. https://github.com/MicrosoftDocs/WDAC-Toolkit/ has 90% of the code you would need to automate that. Manually creating policies off the MDE events is fully support in the WDAC Wizard: aka.ms/wdacWizard
- Will per-user come to WDAC in the future? Right now we have to use applocker but I can see WDAC in some ways is more powerful?
- Jordan_GeurtenWDAC offers many more features and capabilities than AppLocker and is the recommended application control product over AppLocker. Per-user rules are on the roadmap for WDAC.
- Great session - lots of takeaways for me here and appreciate the investments in centralized management with Intune. Did I hear correctly that there is no additional licensing required to use the base WDAC functionality? It was clear to me that the Intune and MDE capabilities that add value would require licensing. Thanks!
- My understanding is it is feature of Windows rather than Intune. you can write a script and deploy WDAC policy without intune. It comes with Windwos
- Jordan_GeurtenThat is correct. WDAC is built right into Windows and does not require a license and there are no hardware restrictions.
- My first time seeing this. The pace was fast. Although we can rewatch and pause the video, professional IT trainers don't use this presentation style tbh
- Heather_Poulsen
We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back throughout the week. For bonus content, make sure to check out our Technical Takeoff Demo Channel!
Also, we’re so happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
k_alekhyaI am aware that WDAC is a Windows feature. Are there any plans to support application control on macOS or Linux platforms through an agent?- Jeffrey_SutherlandAs we bring more application control features to Intune and Microsoft Defender for Endpoint (MDE), we will also consider how we can bring those capabilities to our non-Windows endpoints. The team that developed the WDAC capabilities on Windows have also been contributing to bring similar platform capabilities to Linux that we hope to see accepted soon by the broader Linux ecosystem https://microsoft.github.io/ipe/.
- Is there any way to migrate from Applocker to WDAC?
- Jordan_GeurtenThere is an open-source tool which can be used to convert your AppLocker policies to WDAC policies at http://aka.ms/AppLockerPolicyConverter. I recommend parsing and testing the WDAC policy output.
- Heather_Poulsen
Don't be shy. This is a great forum to ask your questions, but also to share information about use cases and scenarios you need to support. Post now or anytime this week in the Comments.
Is there an advantage to configuring WDAC this way (manually) over using Intune or Configuration Manager?
- Jeffrey_Sutherland
The WDAC Wizard currently provides the best authoring experience. However, we will continue to improve the experience within Intune over time and further integrate with the WDAC client features to provide a more seamless and easier experience. You can also continue to deploy WDAC policy using ConfigMgr if that’s your preferred method.
- Heather_Poulsen
Welcome to Balancing security and flexibility when implementing Windows Defender Application Control (WDAC) at the Microsoft Technical Takeoff. Let's get started! Have a question? Post it here in the Comments. Subject matter experts will be answering during the session and throughout the week. We're looking forward to the conversation.
- Is there a private preview for the new management capabilities shown at approximately the 17 minute mark on the video?
- I can't seem to post in the comments, so will reply here. Re: the use of Managed Installer and the Intelligent Security Graph, contrary to the video and the WDAC documentation, MI and ISG only work on Enterprise, not Pro. Is this a bug, or documentation oversight?
- Jeffrey_SutherlandISG has always worked on Pro. Managed installer has historically been restricted to Pro (due to AppLocker restriction), but that Edition restriction is being removed with servicing updates coming out later this month as a preview update and with the December patch Tuesday updates.
