Event banner

Balancing security and flexibility when implementing Windows Defender Application Control (WDAC)

Event Ended
Wednesday, Oct 26, 2022, 08:30 AM PDT
Online

Event details

With the growing sophistication in info sec compromises, organizations are sharply increasing adoption of application control. Windows Defender Application Control has had significant changes over th...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
mbhmirc's avatar
mbhmirc
Brass Contributor
Oct 28, 2022
If wdac is in audit mode is it possible to automate a policy based on data fed into MDE over a time period into a online wizard for the policy?
Jordan_Geurten's avatar
Jordan_Geurten
Icon for Microsoft rankMicrosoft
Oct 28, 2022
Audit mode policy and monitoring logs in MDE AH is the recommended approach. Automated feed back into policies is possible but will involve some scripting/tooling on your part. https://github.com/MicrosoftDocs/WDAC-Toolkit/ has 90% of the code you would need to automate that. Manually creating policies off the MDE events is fully support in the WDAC Wizard: aka.ms/wdacWizard
Date and Time
Oct 26, 20228:30 AM - 9:00 AM PDT