deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6834 from isbrahm/patch-15

Browse Source 
Minor update to packaged app rules doc
This commit is contained in:
Denise Vangel-MSFT
2020-05-29 08:50:08 -07:00
committed by GitHub
parent 393b9d1bc3 d133597fc3
commit 85af9666ff
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
View File

@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm ms.reviewer: isbrahm
ms.author: dansimp ms.author: dansimp
manager: dansimp manager: dansimp
ms.date: 05/14/2019 ms.date: 05/29/2020
--- ---
# Manage Packaged Apps with Windows Defender Application Control # Manage Packaged Apps with Windows Defender Application Control
@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in
1. Get the app identifier for an installed package 1. Get the app identifier for an installed package
```powershell ```powershell
$package = Get-AppxPackage -name <example_app> $package = Get-AppxPackage -name *<example_app>*
``` ```
Where the name of the app is surrounded by asterisks, for example &ast;windowsstore&ast;
2. Make a rule by using the New-CIPolicyRule cmdlet 2. Make a rule by using the New-CIPolicyRule cmdlet
```powershell ```powershell
@ -119,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the
3. Copy the GUID in the URL for the app 3. Copy the GUID in the URL for the app
- Example: the GUID for the Microsoft To-Do app is 9nblggh5r558 - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558
- https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab - `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab`
4. Use the GUID in the following REST query URL to retrieve the identifiers for the app 4. Use the GUID in the following REST query URL to retrieve the identifiers for the app
- Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata - Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata`
- The URL will return: - The URL will return:
``` ```
@ -141,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined
$Rule = New-CIPolicyRule -Package $package -allow $Rule = New-CIPolicyRule -Package $package -allow
``` ```
Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules.