deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6834 from isbrahm/patch-15

Browse Source 
Minor update to packaged app rules doc
This commit is contained in:
Denise Vangel-MSFT
2020-05-29 08:50:08 -07:00
committed by GitHub
parent 393b9d1bc3 d133597fc3
commit 85af9666ff
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
View File

@ -14,7 +14,7 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 05/14/2019
ms.date: 05/29/2020
---
# Manage Packaged Apps with Windows Defender Application Control
@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in
1. Get the app identifier for an installed package
```powershell
$package = Get-AppxPackage -name <example_app>
$package = Get-AppxPackage -name *<example_app>*
```
Where the name of the app is surrounded by asterisks, for example &ast;windowsstore&ast;
2. Make a rule by using the New-CIPolicyRule cmdlet
```powershell
@ -119,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the
3. Copy the GUID in the URL for the app
- Example: the GUID for the Microsoft To-Do app is 9nblggh5r558
- https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab
- `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab`
4. Use the GUID in the following REST query URL to retrieve the identifiers for the app
- Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata
- Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata`
- The URL will return:
```
@ -141,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined
$Rule = New-CIPolicyRule -Package $package -allow
```
Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules.
Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules.