Windows Defender Application Control (WDAC) is a technology available to use with multiple modern management solutions on Windows 10 and Windows 11 platforms, as well as on Windows Server 2016 and later. Note: You’ll soon find it under its new name, App Control for Business. Our earlier Skilling snack: Windows application security gave you a taste for what’s out there, and today you get to try the house special.
Time to learn: 78 minutes
READApplication Control for Windows Explore the motivation for application control and the solutions available in Windows. What’s the difference between Windows Defender Application Control (WDAC) and Smart App Control? Find the answer and the requirements in this introductory documentation. WDAC + AppLocker + Smart App Control + Windows 11 + Windows 10 + Windows Server 2016 + Pro + Enterprise + Education |
READChoose when to use Windows Defender Application Control (WDAC) or AppLocker. Read about the design of each solution, system requirements, rules, and additional considerations to keep your organization protected and productive. The general recommendation is WDAC. WDAC + AppLocker + Windows 11 + Windows 10 + MDM + Group Policy + ConfigMgr +PowerShell |
|
READCreate a WDAC policy for lightly managed devices If your organization is new to application control, you might want to start with this scenario and harden your policy over time. Learn about the “circle-of-trust” for lightly managed devices. Use an example scenario to create a custom base policy with sample PowerShell script. Learn more about users with administrative access, unsigned policies, and other security considerations before getting started. Windows 11 + Windows 10 + WHQL + ConfigMgr + PowerShell + ISG + Administrator |
READCreate a WDAC policy for fully managed devices If you manage all software deployed to devices at your organization and users can’t install arbitrary apps, this article is for you. First, define the “circle-of-trust" for fully managed devices. Then, create a custom base policy using an example WDAC base policy. Finally, review some security considerations for this scenario. Windows 11 + Windows 10 + WHQL + ConfigMgr + PowerShell + ISG + Administrator |
|
READDeploy WDAC policies using Mobile Device Management (MDM) See how to use Microsoft Intune or another cloud solution to deploy WDAC policies. Learn about Intune’s built-in WDAC support and what you need to use it. Follow step-by-step guidance to deploy or remove policies with custom OMA-URI. MDM + Intune + CSP + Policy + OMA-URI + AppLocker |
READDeploy Windows Defender Application Control policies with Configuration Manager Another way to deploy WDAC policies is with Microsoft Configuration Manager. Configure Windows 10 and Windows 11 client devices with built-in policies. Follow the steps to create and deploy a WDAC policy in Configuration Manager. Additionally, learn about Software Distribution Packages and Programs or task sequences to customize policies. ConfigMgr + Windows 11 + Windows 10 + Audit + Endpoint Protection + Policy |
|
READIn public preview today, you can now configure both the Intune Management Extension as a managed installer and endpoint security App Control for Business policies. Read about the prerequisites and guidance to get started. Learn how to monitor or delete App Control for Business policies. Finally, browse special considerations for Education tenants and answers to commonly asked questions. Intune + Management Extension + Managed Installer + CSP + RBAC + Government + Education + Cloud + AppLocker + AVD + Log Analytics |
WATCHBalancing security and flexibility when implementing Windows Defender Application Control (WDAC) What's changed in WDAC across Windows, Intune, and Microsoft Defender for Endpoint? Learn about that and find best practices for creating and deploying app control policies with WDAC. Watch demos on application control events, advanced hunting for querying, Managed Installer, reputation, and more. WDAC + Intune + Defender for Endpoint + Policy +Rule + Wizard + MDE + M365 + Managed Installer |
|
EXPERIENCEWindows Defender Application Control Wizard Read about and download a WDAC Wizard. It’s an open-source Windows desktop application that helps you create, edit, and merge Application Control policies. (2 mins) WDAC + MSIX + ConfigCI + PowerShell + cmdlets + GitHub |
||
Take your application security to the next level with the capabilities of WDAC or App Control for Business. Use it with your favorite management solution and for lightly or fully managed devices. It’s like your favorite seasoning that goes with anything and makes everything taste better!
Hungry for more? Check out Windows skilling snacks: bite-sized learning for IT pros and leave us a comment below to share your experience with peers!
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft
