Windows Defender Application Control deployment

Copper Contributor

Has anyone embarked on deploying WDAC?


Unfortunately, due to the nature of our estate, rather than trying to build a single device will "all" the apps on it, we've deployed audit mode to all our devices.

Using Windows Defender Security Center and advanced hunting -

| where Timestamp > ago(7d) and
ActionType startswith "AppControl"

We're hoping to be able to convert the output of advanced hunting into the WDAC xml policies.
Has anyone taken this approach?
0 Replies