Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)

Block or Prevent user for installing any software without administration permission

Occasional Visitor



I want to block user permission for installing any software without administrator permission. How do I implement this policy via Intune?


Users have M365 E3 license and joined Azure AD


I need an appropriate solution.

1 Reply



I assume you want to restrict installing software on windows endpoints?


If yes. For a good start, use applocker. the zip contains a simple powershell script and a json file (with the applocker exe config in it)


And a blog about the whole adminless process if you are interestedted


Dude, Where’s my Admin? - Call4Cloud

And how to do it manually


Configuration Manager as a Managed Installer with Windows 10 | redkaffe