From c651c96ef4514eeb32aba1771903306860d36e15 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Thu, 21 Dec 2023 14:50:36 -0800 Subject: [PATCH] Update configure-an-applocker-policy-for-audit-only.md --- ...gure-an-applocker-policy-for-audit-only.md | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 6e62bb3ccd..a55c47bca5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -1,27 +1,24 @@ --- title: Configure an AppLocker policy for audit only -description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. +description: This article for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 06/08/2018 +ms.date: 12/21/2023 --- # Configure an AppLocker policy for audit only ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +This article for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker. -This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker. +After AppLocker rules are created within the rule collection, you can configure the enforcement mode setting to **Enforce rules** or **Audit only**. -After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only**. +When AppLocker policy enforcement mode is set to **Enforce rules**, rules are enforced for the rule collection and all events are logged to the AppLocker event logs for that rule collection. When AppLocker policy enforcement mode is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker event logs. -When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log. - -You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). +To create an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To create an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker). -**To audit rule collections** +## To audit rule collections -1. From the AppLocker console, right-click **AppLocker**, and then click **Properties**. -2. On the **Enforcement** tab, select the **Configured** check box for the rule collection that you want to enforce, and then verify that **Audit only** is selected in the list for that rule collection. -3. Repeat the above step to configure the enforcement setting to **Audit only** for additional rule collections. -4. Click **OK**. +1. From the AppLocker console, right-click **AppLocker**, and then select **Properties**. +2. On the **Enforcement** tab, select the **Configured** check box for the rule collection that you want to enforce, and then verify that **Audit only** is selected in the list for that rule collection. +3. Repeat the above step to configure the enforcement setting to **Audit only** for other rule collections. +4. Select **OK**.