top of page
Search

(95) Microsoft Intune - Enable Windows Defender Application Control (WDAC)

  • Writer: Mr B SOE way
    Mr B SOE way
  • Dec 12, 2023
  • 2 min read

Of late I have been super busy, so haven't had the time to post. As part of a current project I am working on, I am implementing this for a customer.


What is Windows Defender Appplication Control?

Windows Defender Application Control (WDAC) is the next iteration of AppLocker. WDAC is one of the most effective security controls to prevent ransomware attacks. It ensures only approved apps can be run on your devices.


What are the requirements?

Instructions:

1. Navigate to https://intune.microsoft.com then select Endpoint Security then select Application Control (Preview).

2. Then select Managed Installer then select Add and then click add again after reading the instructions as shown in the image.





3. Next it will populate as such, ensure to assign to 'All devices'











4. Next select 'Application Control' tab then select 'Create Policy'







5. Enter a name for the profile such as: App Policy.








6. There are a couple of options, in this case I will be using 'Enter XML Data'.










The other option with using 'built-in' does the following, which enforces Windows components and Store apps to be trusted or we can set to audit only.

Note: It is recommended that you use the audit only option if you are deploying this in your environment for the first time to gather telemetry on the applications you are using in your environment.











7. To use 'Enter XML', download the https://webapp-wdac-wizard.azurewebsites.net/ using the WDAC wizard. Once the wizard is downloaded, select 'Policy Creator'











8. Next Multiple Policy Format and Base Policy will be selected by default, so just click Next.








9. Select the radio button for Signed and Reputable Mode as the base template then click Next.








10. Make sure all options are selected. Also you have the option to set this in 'Audit mode'. For my case, I didn't set it to Audit.









11. Add any custom rules to allow or deny.










In this blog I have added two denys against file path for Chrome and Edge. Select Create Rule.

















12. Once done, click Save and it will save the .xml file to your saving directory.

13. Navigate back to step 6, under App Control for Business policy, select the .XML file and it will populate in the XML value. Save changes and assign to 'All Devices'









14. On your AVD or Intune device, login and when trying to open Chrome or Edge you get the following.




 
 
 

Comments

bottom of page