deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-10 03:27:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
Alekhya Jupudi b3ef0445f1 Defender App Guard Link text correction-02 
Change to Learn more about the Windows Defender Application Control feature availability
2021-09-30 11:30:16 +05:30

2.7 KiB
Raw Blame History

title, description, keywords, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, audience, ms.collection, author, ms.reviewer, ms.author, manager, ms.date, ms.technology
title description keywords ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority audience ms.collection author ms.reviewer ms.author manager ms.date ms.technology
Deploying Windows Defender Application Control (WDAC) policies (Windows) Learn how to plan and implement a WDAC deployment. security, malware 8d6e0474-c475-411b-b095-1c61adb2bdbb m365-security deploy library security medium ITPro M365-security-compliance jsuther1974 jogeurte dansimp dansimp 05/16/2018 mde

Deploying Windows Defender Application Control (WDAC) policies

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the WDAC Design Guide, do so now before proceeding.

Plan your deployment

As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Decide what devices you will manage with WDAC and split them into deployment rings so you can control the scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next.

All WDAC policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints.

Choose how to deploy WDAC policies

There are several options to deploy WDAC policies to managed endpoints, including:

  1. Deploy using a Mobile Device Management (MDM) solution, such as Microsoft Intune
  2. Deploy using Microsoft Endpoint Configuration Manager (MEMCM)
  3. Deploy via script
  4. Deploy via Group Policy