deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update windows-defender-application-control.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2019-11-18 15:12:59 -08:00
parent 4b8dff02e8
commit d64caa2b0d
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
View File

@ -12,9 +12,10 @@ audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
author: jsuther1974 author: jsuther1974
ms.reviewer: isbrahm ms.reviewer: isbrahm
ms.author: dansimp ms.author: deniseb
manager: dansimp manager: denisebmsft
ms.date: 01/08/2019 ms.date: 01/08/2019
ms.custom: asr
--- ---
# Application Control # Application Control
@ -79,18 +80,21 @@ AppLocker policies can be deployed using Group Policy or MDM.
Although either AppLocker or WDAC can be used to control application execution on Windows 10 clients, the following factors can help you decide when to use each of the technologies. Although either AppLocker or WDAC can be used to control application execution on Windows 10 clients, the following factors can help you decide when to use each of the technologies.
**WDAC is best when:** ### WDAC is best when:
- You are adopting application control primarily for security reasons. - You are adopting application control primarily for security reasons.
- Your application control policy can be applied to all users on the managed computers. - Your application control policy can be applied to all users on the managed computers.
- All of the devices you wish to manage are running Windows 10. - All of the devices you wish to manage are running Windows 10.
**AppLocker is best when:** ### AppLocker is best when:
- You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS. - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
- You need to apply different policies for different users or groups on a shared computer. - You need to apply different policies for different users or groups on a shared computer.
- You are using application control to help users avoid running unapproved software, but you do not require a solution designed as a security feature. - You are using application control to help users avoid running unapproved software, but you do not require a solution designed as a security feature.
- You do not wish to enforce application control on application files such as DLLs or drivers. - You do not wish to enforce application control on application files such as DLLs or drivers.
**When to use both WDAC and AppLocker together** ## When to use both WDAC and AppLocker together
AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where its important to prevent some users from running specific apps. AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where its important to prevent some users from running specific apps.
As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level.