Part 9 – Configure Microsoft Intune – Windows Defender Application Control

Windows Defender Application Control is one of the security features in Windows 10. Windows Defender Application Control (WDAC) can help mitigate security threats by restricting the applications that users are allowed to run and the code that runs in the kernel. WDAC policies also block unsigned scripts and MSIs. WDAC is like AppLocker. WDAC is can be managed by MS Intune. By default, Windows components and all apps from Windows store are trusted to run. So if you enable this feature Windows 10 will still running without crashing or blocking the important apps/components. So, it’s safe to enable this. With AppLocker is this different. You had to be very careful with blocking files and processes with AppLocker. The requirement for this feature is you must use Windows 10 Enterprise only.

More information about Windows Defender Application Control: https://docs.microsoft.com/nl-nl/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control

Before deploying this profile to your test device, download and install 7zip on the device. We need this application to test WDAC.

Open MS Intune portal -> Device configuration -> Profiles

Click on the button Create Profile

Enter a name. The platform is Windows 10 and later. Profile type is Endpoint Protection. Click on Windows Defender Application Control. You will get more settings on the right side.

Change the setting Application control code integrity policies to Enforce. You can also enable Trust apps with a good reputation, but then you can’t test the simple famous applications like 7Zip anymore. So I have this one on not configured. I’m going to test 7Zip with this profile. Click Ok (twice) and click on Create to create the profile.

Click on assignment and search for the group. Select the group and click on the Save button. The policies will now be deployed on the device. You have to wait a few seconds. To check the status of the deployment go to the MS Intune portal -> Devices -> All Devices -> Name of the devices -> Device Configuration.

Go to your Windows 10 device and try to start 7zip from the start menu. You get this message.

WDAC is working and is blocking unknowing applications or Store apps. Only the default Windows applications and Windows store apps are trusted and will not block by WDAC.

Advertisements

2 thoughts on “Part 9 – Configure Microsoft Intune – Windows Defender Application Control

    1. Hi Ben, thanks for your comment. Your question is correct. You can make a whitelist in WDAC. Read this blog:https://blogs.technet.microsoft.com/matt_hinsons_manageability_blog/2018/08/21/blocking-apps-with-intune-and-applocker-csp/

      You will need applocker for that, configure applocker on the reference computer(where also the business apps are installed) and export the configuration. In Intune, you have to import the exported XML file into a custom policy (OMA-URI based). These steps are all explained in that blog.

      Good luck!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.