Has anyone embarked on deploying WDAC?
Unfortunately, due to the nature of our estate, rather than trying to build a single device will "all" the apps on it, we've deployed audit mode to all our devices.
Using Windows Defender Security Center and advanced hunting -
DeviceEvents
| where Timestamp > ago(7d) and
ActionType startswith "AppControl"
We're hoping to be able to convert the output of advanced hunting into the WDAC xml policies.
Has anyone taken this approach?