Part 9 – Configure Microsoft Intune – Windows Defender Application Control

Windows Defender Application Control is one of the security features in Windows 10. Windows Defender Application Control (WDAC) can help mitigate security threats by restricting the applications that users are allowed to run and the code that runs in the kernel. WDAC policies also block unsigned scripts and MSIs. WDAC is like AppLocker. WDAC is can be managed by MS Intune. By default Windows components and all apps from Windows store are trusted to run. So if you enable this feature Windows 10 will still running without crashing or blocking the important apps/components. So, it’s safe to enable this. With AppLocker is this different. You had to be very careful with blocking files and processes with AppLocker. Requirement for this feature is you must use Windows 10 Enterprise only.

More information about Windows Defender Application Control: https://docs.microsoft.com/nl-nl/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control

Before deploying this profile to your test device, download and install 7zip on the device. We need this application to test WDAC.

Open MS Intune portal -> Device configuration -> Profiles

Click on the button Create Profile

Enter a name. Platform is Windows 10 and later. Profile type is Endpoint Protection. Click on Windows Defender Application Control. You will get more settings at the right side.

Change the setting Application control code integrity policies to Enforce. You can also enable Trust apps with good reputation, but then you can’t test the simple famous applications like 7Zip anymore. So I have this one on not configured. I’m going to test 7Zip with this profile. Click Ok (twice) and click on Create to create the profile.

Click on assignment and search for the group. Select the group and click on the Save button. The policies will now deployed on the device. You have to wait few seconds. To check the status of the deployment go to the MS Intune portal -> Devices -> All Devices -> Name of the devices -> Device Configuration.

Go to your Windows 10 device and try to start 7zip from the start menu. You get this message.

WDAC is working and is blocking unknowing applications or Store apps. Only the default Windows applications and Windows store apps are trusted and will not block by WDAC.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.