From a18b4700c79899290051fa7a9b6213877fa0e74e Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Wed, 22 Feb 2023 18:27:33 -0500 Subject: [PATCH 1/3] Updated feature requirements and support matrix for Applocker after changes for KB 5024351 --- .../applocker/requirements-to-use-applocker.md | 12 ++++++++---- .../feature-availability.md | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 642b8ea960..e85703aa05 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -25,8 +25,8 @@ ms.technology: itpro-security - Windows 11 - Windows Server 2016 and above ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). +> [!NOTE] +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. @@ -38,7 +38,8 @@ To use AppLocker, you need: - For Group Policy deployment, at least one device with the Group Policy Management Console (GPMC) or Remote Server Administration Tools (RSAT) installed to host the AppLocker rules. - Devices running a supported operating system to enforce the AppLocker rules that you create. ->**Note:**  You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md). +>[!NOTE] +>As of [KB 5024351](https://support.microsoft.com/help/5024351), Windows 10 versions 2004 and newer and all Windows 11 versions no longer require a specific edition of Windows to enforce AppLocker policies ## Operating system requirements @@ -46,7 +47,7 @@ The following table shows the on which operating systems AppLocker features are | Version | Can be configured | Can be enforced | Available rules | Notes | | - | - | - | - | - | -| Windows 10 and Windows 11| Yes| Yes| Packaged apps
Executable
Windows Installer
Script
DLL| You can use the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) to configure AppLocker policies on any edition of Windows 10 and Windows 11 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, and Windows Server 2016. | +| Windows 10 and Windows 11| Yes| Yes| Packaged apps
Executable
Windows Installer
Script
DLL| Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).

Windows versions older than version 2004, including Windows Server 2019:
| | Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012| Yes| Yes| Packaged apps
Executable
Windows Installer
Script
DLL| | | Windows 8.1 Pro| Yes| No| N/A|| | Windows 8.1 Enterprise| Yes| Yes| Packaged apps
Executable
Windows Installer
Script
DLL| | @@ -65,6 +66,9 @@ The following table shows the on which operating systems AppLocker features are AppLocker is not supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature is not supported on the above operating systems. +>[!NOTE] +>You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md). + ## See also - [Administer AppLocker](administer-applocker.md) - [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md index 23e85b02c4..53ab972b90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md +++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md @@ -27,7 +27,7 @@ ms.topic: overview | Capability | Windows Defender Application Control | AppLocker | |-------------|------|-------------| | Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. | -| SKU availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later.
WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies deployed through GP are only supported on Enterprise and Server editions.
Policies deployed through MDM are supported on all editions. | +| SKU availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later.
WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).

Windows versions older than version 2004, including Windows Server 2019:
| | Management solutions | |