Enable Windows Defender Application Control with Microsoft Intune

Подписаться 6 тыс.

Просмотров 14 тыс.

50% 1

Microsoft have just made it easier to get started with Windows Defender App Control, the next iteration of Applocker
I’m a big fan of WDAC - it’s one of the most effective security controls to prevent ransomware attacks, as it ensures only approved apps can be run on devices.
In this video we walk through how WDAC can be implemented directly from Microsoft Intune's Endpoint Security blade.

Опубликовано:

30 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 26

@pocketman5510 9 месяцев назад

What's the difference between this, and a device configuration profile > endpoint security template? Do I need to configure it this was first?

@jujigatame4800 3 месяца назад

Thanks for the video. Can you advise where to view the reports when configured in audit mode?

@markp8564 Год назад

Awesome content. Is there any other way to see audit events without using local or advanced threat hunting? i cant see where they are reported in intune/defender

@andrewmccallum5699 Год назад

Thanks Dean, WDAC is a complex & tricky area to work on, appreciate you going through the changes (it's very much a tough nut to crack) top effort!

@DeanEllerbyMVP Год назад

Thanks Andrew!

@jbreezecoleman5345 Месяц назад

Hey Dean! Can you please help me with something if you can please. I am asked to block users from being able to download/install games/gaming applications on their window devices, whether its from the MSFT store, the web, online, etc. How do I block this in Intune?

@ifmclaren Год назад

Thanks for this. I enabled IME as the managed installer in our tenant last night (previously there's been no managed installer configured), and today I'm seeing roughly 50/50 successful and failed assignments. I'm hoping the failed ones will fix themselves in due course.

@Hichken Год назад

Hi can you talk about Defender app guard

@RobertCollinson-rt7lc Год назад

I like that you can deploy the XML with Intune to give more of a centralised deployment, but I can't say I'm a fan of having to use an XML really. It would be nice to add the rules directly into Intune like you can with ASR rules. What's the cleanest way of keeping on top of your XML files

@DeanEllerbyMVP Год назад

I agree, it's not perfect but it's good to see some investment being made in WDAC. As for managing XML, that's usually decided on a case-by-case basis. I work with many customers who all have their own repositories or preferences when it comes to maintaining consistent code.

@HenkStoop 2 месяца назад

Hi! you are talking about security risks of deploying the managed installer of Intune, which allows apps from Intune. What are those security risks?

@gauravmohanty1674 Год назад

I uploaded XML policy(Created from WDAC wizard) and Company Portal as Managed Installer also success. Still Apps installed from Company Portal are getting blocked. Any Suggesations?

@DeanEllerbyMVP Год назад

Only apps installed after the policy applied will be reported as installed by a managed installer. Does that help?

@hamzamir786 Год назад

@@DeanEllerbyMVP i tried installing app after forcing the policy via Company Portal which was only made available (packaged) via Intune before policy was pushed. But its still saying those are voilating the Code integrity policy in audit mode. However, i have gone through and chose least possible controls when creating XML via WDAC wizard i guess its just because there may have some tricks and tips while using WDAC for (Multiple) creating Base and Supplimental policies to deploy via Intune. Have been following you and other online platforms to see if thers a brief tutorial on how to create correct XML via WDAC wizard or what to keep in mind when deploying App control policy via Application control in Endpoint Security. I am assuming i am just one step behind to make it scuccessful. Thank you for your assistance like always.

@abhishekhavanur3865 2 месяца назад

Hi Dean, Thanks for this video, However i would like to know your inputs on how to notify users about unused apps on windows set to specific days in Microsoft defender

@DanL57 6 месяцев назад

I also installed WDAC with the signed and reputable mode using the wizard. If the settings button is clicked on the wizard the Microsoft recommended block rules can be added to the policy.

@Nobody_Cares_In_Brazil Год назад

Thanks for sharing 👍

@DeanEllerbyMVP Год назад

Thanks for watching!

@alanrahal7306 Год назад

You are awesome, Thanks

@DeanEllerbyMVP Год назад

Thanks!

@Artakra2008 5 месяцев назад

Thanks Dean. Question. If we want to also look at implementing Endpoint Priviledge Management, is there a way to integrate this with WDAC, so that for example certain departments that require a specialised application use, we would be able to set up an EPM rule allowing them to run their specialised programs as evaluated users, that would then bypass the block policy? Or allow them to run the application. Trying to avoid having an exclude list on our companies universal block policy in WDAC, but come up with a solution to allow departments to run their specialised software without throwing it on the allowed XML list so that any user can run the software.

@DeanEllerbyMVP 5 месяцев назад

You're welcome. No, that's not possible - yet. I have no firm information on this, but the interface and structure they've used for EPM would work very well for a future version of WDAC. I'm guessing, but that's what I'd be looking for in the next year or so!

@ToTCaMbIu 8 месяцев назад

Great explanation! Any idea how one configures WDAC to be able to override it with a local admin account? e.g. install one single application for a single machine. Similar to what is possible with AppLocker.

@DeanEllerbyMVP 8 месяцев назад

Sure - WDAC was designed as an 'addon' to AppLocker to solve the workaround where an Admin could override the protections, so no - there doesn't appear to be that option in WDAC.