(171) Microsoft Intune - Using AppLocker to Block Roblox from running

A customer reached out to us about a few weeks ago, as their students had alternative ways to run Roblox on the shared devices and were looking for a way to block from running.

How to create OMA-URI Profile for ASR Rules?

Today we will create a rule using OMA-URI which is the 2nd option listed above. Navigate to https://intune.microsoft.com/ > Devices > Configuration > Create > New Policy > Platform: Windows 10 and later > Profile type: Templates > Custom

Under Basics, enter Name of Profile: Block Roblox AppLocker

Under Configuration Settings > select Add

Name: ASR Rules

Description: All ASR Rules Enabled

OMA-URI: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/apps/EXE/Policy

Data Type: String

Value:

<RuleCollection Type="Exe" EnforcementMode="Enabled">

<FilePathRule Id="ea064323-1096-40b4-9c65-61b967260a0e" Name="Allow all exes"

Description="Default rule to allow all exes" UserOrGroupSid="S-1-1-0" Action="Allow">

<Conditions>

<FilePathCondition Path="*" />

</Conditions>

</FilePathRule>

<FilePublisherRule Id="f9443a57-b8d8-44b6-a2ee-2f24c7d0e49b"

Name="Any exe from O=ROBLOX CORPORATION, L=SAN MATEO, S=CALIFORNIA, C=US"

Description="" UserOrGroupSid="S-1-1-0" Action="Deny">

<Conditions>

<FilePublisherCondition PublisherName="O=ROBLOX CORPORATION, L=SAN MATEO, S=CALIFORNIA, C=US"

ProductName="*" BinaryName="*">

<BinaryVersionRange LowSection="*" HighSection="*" />

</FilePublisherCondition>

</Conditions>

</FilePublisherRule>

</RuleCollection>

Once deployed, when running Roblox, you will get this pop-up.