Block or Prevent user for installing any software without administration permission

%3CLINGO-SUB%20id%3D%22lingo-sub-2289646%22%20slang%3D%22en-US%22%3EBlock%20or%20Prevent%20user%20for%20installing%20any%20software%20without%20administration%20permission%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2289646%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20block%20user%20permission%20for%20installing%20any%20software%20without%20administrator%20permission.%20How%20do%20I%20implement%20this%20policy%20via%20Intune%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUsers%20have%20M365%20E3%20license%20and%20joined%20Azure%20AD%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20an%20appropriate%20solution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2289646%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApp%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2291707%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20or%20Prevent%20user%20for%20installing%20any%20software%20without%20administration%20permission%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2291707%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20a%20good%20start%2C%20use%20applocker.%20the%20zip%20contains%20a%20simple%20powershell%20script%20and%20a%20json%20file%20(with%20the%20applocker%20exe%20config%20in%20it)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2020%2F06%2Fapplocker-a-la-minute%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcall4cloud.nl%2F2020%2F06%2Fapplocker-a-la-minute%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20how%20to%20do%20it%20manually%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fintune-customer-success%2Fsupport-tip-using-applocker-to-create-custom-intune-policies-for%2Fba-p%2F364981%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fintune-customer-success%2Fsupport-tip-using-applocker-to-create-custom-intune-policies-for%2Fba-p%2F364981%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

I want to block user permission for installing any software without administrator permission. How do I implement this policy via Intune?

 

Users have M365 E3 license and joined Azure AD

 

I need an appropriate solution.

1 Reply

Hi,

 

I assume you want to restrict installing software on windows endpoints?

 

If yes. For a good start, use applocker. the zip contains a simple powershell script and a json file (with the applocker exe config in it)

https://call4cloud.nl/2020/06/applocker-a-la-minute/

 

And a blog about the whole adminless process if you are interestedted

 

Dude, Where’s my Admin? - Call4Cloud

And how to do it manually

 

Configuration Manager as a Managed Installer with Windows 10 | redkaffe


https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create...