deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated feature requirements and support matrix for Applocker after changes for KB 5024351

Browse Source
This commit is contained in:
Jordan Geurten
2023-02-22 18:27:33 -05:00
parent b849272088
commit a18b4700c7
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
View File

@ -26,7 +26,7 @@ ms.technology: itpro-security
- Windows Server 2016 and above
> [!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
@ -38,7 +38,8 @@ To use AppLocker, you need:
- For Group Policy deployment, at least one device with the Group Policy Management Console (GPMC) or Remote Server Administration Tools (RSAT) installed to host the AppLocker rules.
- Devices running a supported operating system to enforce the AppLocker rules that you create.
>**Note:**  You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md).
>[!NOTE]
>As of [KB 5024351](https://support.microsoft.com/help/5024351), Windows 10 versions 2004 and newer and all Windows 11 versions no longer require a specific edition of Windows to enforce AppLocker policies
## Operating system requirements
@ -46,7 +47,7 @@ The following table shows the on which operating systems AppLocker features are
| Version | Can be configured | Can be enforced | Available rules | Notes |
| - | - | - | - | - |
| Windows 10 and Windows 11| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) to configure AppLocker policies on any edition of Windows 10 and Windows 11 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, and Windows Server 2016. |
| Windows 10 and Windows 11| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul> |
| Windows Server 2019<br/>Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
| Windows 8.1 Pro| Yes| No| N/A||
| Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
@ -65,6 +66,9 @@ The following table shows the on which operating systems AppLocker features are
AppLocker is not supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature is not supported on the above operating systems.
>[!NOTE]
>You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md).
## See also
- [Administer AppLocker](administer-applocker.md)
- [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)

2
windows/security/threat-protection/windows-defender-application-control/feature-availability.md
View File

@ -27,7 +27,7 @@ ms.topic: overview
| Capability | Windows Defender Application Control | AppLocker |
|-------------|------|-------------|
| Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. |
| SKU availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies deployed through GP are only supported on Enterprise and Server editions.<br>Policies deployed through MDM are supported on all editions. |
| SKU availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul>|
| Management solutions | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>[Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)</li></ul> | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
| Per-User and Per-User group rules | Not available (policies are device-wide). | Available on Windows 8+. |
| Kernel mode policies | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |