deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
a857874b90dd32e9f9e57ebc84acb491a9c7cda1
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md

2.4 KiB
Raw Blame History

title, description, keywords, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, audience, ms.collection, author, ms.reviewer, ms.author, manager, ms.date
title description keywords ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority audience ms.collection author ms.reviewer ms.author manager ms.date
Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. whitelisting, security, malware 8d6e0474-c475-411b-b095-1c61adb2bdbb w10 deploy library security medium ITPro M365-security-compliance jsuther1974 isbrahm dansimp dansimp 05/17/2018

Note

For WDAC enhancements see Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update.

Deploy Windows Defender Application Control policies by using Microsoft Intune

Applies to:

  • Windows 10
  • Windows Server 2016

You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. By using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps as defined by the Intelligent Security Graph.

  1. Open the Microsoft Intune portal and click Device configuration > Profiles > Create profile.

  2. Type a name for the new profile, select Windows 10 and later as the Platform and Endpoint protection as the Profile type.

    Configure profile

  3. Click Configure > Windows Defender Application Control, choose from the following settings and then click OK:

    • Application control code integrity policies: Select Audit only to log events but not block any apps from running or select Enforce to allow only Windows components and Store apps to run.
    • Trust apps with good reputation: Select Enable to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps.

    Configure WDAC

To add a custom profile with an OMA-URI see, Use custom settings for Windows 10 devices in Intune.