windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, ms.date

title	description	ms.assetid	ms.prod	ms.mktglfcycl	ms.sitesec	ms.pagetype	ms.localizationpriority	author	ms.date
Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10)	Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.	8d6e0474-c475-411b-b095-1c61adb2bdbb	w10	deploy	library	security	medium	justinha	05/17/2018

Deploy Windows Defender Application Control policies by using Microsoft Intune

Applies to:

• Windows 10
• Windows Server 2016

You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph.

1. Open the Microsoft Intune portal and click Device configuration > Profiles > Create profile.

2. Type a name for the new profile, select Windows 10 and later as the Platform and Endpoint protection as the Profile type.

   

3. Click Configure > Windows Defender Application Control, choose from the following settings and then click OK:

   • Application control code intergity policies: Select Audit only to log events but not block any apps from running or select Enforce to allow only Windows components and Store apps to run.
   • Trust apps with good reputation: Select Enable to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps.