From 1a8058fe21ccf0ab46e13cd1aaa32c87fe34c90a Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 29 Jul 2021 14:18:25 -0700
Subject: [PATCH 1/2] Update feature-availability.md
---
.../feature-availability.md | 30 +++++++++----------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 16dd454c61..2116fe20d2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -14,7 +14,7 @@ author: denisebmsft
ms.reviewer: isbrahm
ms.author: deniseb
manager: dansimp
-ms.date: 04/15/2020
+ms.date: 07/29/2021
ms.custom: asr
ms.technology: mde
---
@@ -26,18 +26,18 @@ ms.technology: mde
- Windows 10
- Windows Server 2016 and above
-| Capability | WDAC | AppLocker |
-|-----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Platform support | Available on Windows 10 | Available on Windows 8+ |
-| SKU availability | Cmdlets are available on all SKUs on 1909+ builds.
For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. | Policies deployed through GP are only effective on Enterprise devices.
Policies deployed through MDM are effective on all SKUs. |
-| Management solutions | - [Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)
- [Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)
- [Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md)
- PowerShell
| - [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
- MEMCM (custom policy deployment via Software Distribution only)
- [Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)
- PowerShell
|
-| Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ |
-| Kernel mode policies | Available on all Windows 10 versions | Not available |
-| Per-app rules | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) | Not available |
-| Managed Installer (MI) | [Available on 1703+](./configure-authorized-apps-deployed-with-a-managed-installer.md) | Not available |
-| Reputation-Based intelligence | [Available on 1709+](./use-windows-defender-application-control-with-intelligent-security-graph.md) | Not available |
-| Multiple policy support | [Available on 1903+](./deploy-multiple-windows-defender-application-control-policies.md) | Not available |
-| Path-based rules | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions are not supported. Runtime user-writeability check enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
-| COM object configurability | [Available on 1903+](./allow-com-object-registration-in-windows-defender-application-control-policy.md) | Not available |
-| Packaged app rules | [Available on RS5+](./manage-packaged-apps-with-windows-defender-application-control.md) | Available on Windows 8+ |
+| Capability | WDAC | AppLocker |
+|-------------|------|-------------|
+| Platform support | Available on Windows 10 | Available on Windows 8+ |
+| SKU availability | Cmdlets are available on all SKUs on 1909+ builds.
For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. | Policies deployed through GP are only effective on Enterprise devices.
Policies deployed through MDM are effective on all SKUs. |
+| Management solutions | - [Intune](./deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)
- [Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)
- [Group Policy](./deploy-windows-defender-application-control-policies-using-group-policy.md)
- PowerShell
| - [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
- MEMCM (custom policy deployment via Software Distribution only)
- [Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)
- PowerShell
|
+| Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ |
+| Kernel mode policies | Available on all Windows 10 versions | Not available |
+| Per-app rules | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md) | Not available |
+| Managed Installer (MI) | [Available on 1703+](./configure-authorized-apps-deployed-with-a-managed-installer.md) | Not available |
+| Reputation-Based intelligence | [Available on 1709+](./use-windows-defender-application-control-with-intelligent-security-graph.md) | Not available |
+| Multiple policy support | [Available on 1903+](./deploy-multiple-windows-defender-application-control-policies.md) | Not available |
+| Path-based rules | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions are not supported. Runtime user-writeability check enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
+| COM object configurability | [Available on 1903+](./allow-com-object-registration-in-windows-defender-application-control-policy.md) | Not available |
+| Packaged app rules | [Available on RS5+](./manage-packaged-apps-with-windows-defender-application-control.md) | Available on Windows 8+ |
| Enforceable file types | - Driver files: .sys
- Executable files: .exe and .com
- DLLs: .dll and .ocx
- Windows Installer files: .msi, .mst, and .msp
- Scripts: .ps1, .vbs, and .js
- Packaged apps and packaged app installers: .appx
| - Executable files: .exe and .com
- [Optional] DLLs: .dll and .ocx
- Windows Installer files: .msi, .mst, and .msp
- Scripts: .ps1, .bat, .cmd, .vbs, and .js
- Packaged apps and packaged app installers: .appx
|
\ No newline at end of file
From 52ee33f68692148a4caa489df5b708182d3b897d Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Thu, 29 Jul 2021 14:20:17 -0700
Subject: [PATCH 2/2] Update feature-availability.md
---
.../feature-availability.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 2116fe20d2..0f9af0978c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -37,7 +37,7 @@ ms.technology: mde
| Managed Installer (MI) | [Available on 1703+](./configure-authorized-apps-deployed-with-a-managed-installer.md) | Not available |
| Reputation-Based intelligence | [Available on 1709+](./use-windows-defender-application-control-with-intelligent-security-graph.md) | Not available |
| Multiple policy support | [Available on 1903+](./deploy-multiple-windows-defender-application-control-policies.md) | Not available |
-| Path-based rules | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions are not supported. Runtime user-writeability check enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
+| Path-based rules | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions are not supported. Runtime user-writeability checks enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
| COM object configurability | [Available on 1903+](./allow-com-object-registration-in-windows-defender-application-control-policy.md) | Not available |
| Packaged app rules | [Available on RS5+](./manage-packaged-apps-with-windows-defender-application-control.md) | Available on Windows 8+ |
| Enforceable file types | - Driver files: .sys
- Executable files: .exe and .com
- DLLs: .dll and .ocx
- Windows Installer files: .msi, .mst, and .msp
- Scripts: .ps1, .vbs, and .js
- Packaged apps and packaged app installers: .appx
| - Executable files: .exe and .com
- [Optional] DLLs: .dll and .ocx
- Windows Installer files: .msi, .mst, and .msp
- Scripts: .ps1, .bat, .cmd, .vbs, and .js
- Packaged apps and packaged app installers: .appx
|
\ No newline at end of file