deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 18:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added intune topic

Browse Source
This commit is contained in:
Justin Hall 2018-05-04 09:19:04 -07:00
parent 2ceed808fb
commit 0a7ae92a7a
1 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md Normal file
View File

@ -0,0 +1,58 @@
---
title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10)
description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jsuther1974
ms.date: 02/28/2018
---
# Deploy Windows Defender Application Control policies by using Microsoft Intune
**Applies to:**
- Windows 10
- Windows Server 2016
You can apply Windows Defender Application Control (WDAC) to Windows 10 client computers using Microsoft Intune.
1. Open the Microsoft Intune portal and click **Create a compliance policy**.
![Create a compliance policy in Intune](images\wdac-intune-create-acompliance-policy.png)
2. Click **Create Policy**.
![Create a new policy](images\wdac-intune-create-new-policy.png)
3. Type a name for the new policy and for **Platform**, select **Windows 10 and later**.
![Select platform](images\wdac-intune-create-policy-name.png)
4. Click **Device Health**, select **Require** for the following settings and then click **OK**:
- **Require BitLocker**
- **Require Secure Boot to be enabled on the device**
- **Require code integrity**
![Device Health settings](images\wdac-intune-device-health-settings.png)
5. Click **Device Properties**, configure any operating system version requirements and then click **OK**.
![Device properties](images\wdac-intune-device-properties.png)
6. Click **System Security**, select any security options to include in the policy and then click **OK**.
![System security settings](images\wdac-intune-system-security-settings.png)
7. When you finish configuring settings, click **OK** and then click **Create**.
8. Click **Assignments**.
![Assignments](images\wdac-intune-assignments.png)
9. Select any mutually exclusive groups to include or exclude from the policy, or assign it to **All users**, and then click **Save**.
![Assign the policy to groups](images\wdac-intune-assignments-groups.png)