editing a current app locker policy

Super Contributor

Hi all, 


I have ran a policy to devices which I thought worked locally but due to me leaving the "not configured" parts in the xml the policy has failed on devices. If I edit the app locker xml in intune to the correct one will this work? 


Please help! I dont want to cause more issues in the long run as this is our first time managing intune devices

2 Replies


I recommend that you look at Microsoft Defender App Control instead of AppLocker. MDAC is the new version of AppLocker and is easier to manage. There are some really good guides and how to's at MS docs to get going with MDAC.


You may read about the differences in MDAC and AppLocker here:

//Nicklas Ahlberg

best response confirmed by AB21805 (Super Contributor)

First to answer your question, take a look at my blog. I noticed the same thing and create a blog about this

But just like nicklas is telling... there are of course always better options out there.. Device Guard/Applocker/Defender app control

But I prefer applocker.... when you need to exclude something... within my opinion, this can be done a lot quicker with applocker. Applocker is a good way to start into securing your devices.
Don't forget about PowerShell