deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 21:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
Daniel Simpson c4e79e54fe mega metadata update
2021-10-28 11:16:23 -07:00

4.0 KiB
Raw Blame History

title, description, keywords, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, audience, ms.collection, author, ms.reviewer, ms.author, manager, ms.date, ms.custom, ms.technology
title description keywords ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority audience ms.collection author ms.reviewer ms.author manager ms.date ms.custom ms.technology
Windows Defender Application Control Feature Availability Compare WDAC and AppLocker feature availability. security, malware 8d6e0474-c475-411b-b095-1c61adb2bdbb m365-security deploy library security medium ITPro M365-security-compliance denisebmsft isbrahm deniseb dansimp 07/29/2021 asr windows-sec

Windows Defender Application Control and AppLocker feature availability

Applies to:

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.

Capability WDAC AppLocker
Platform support Available on Windows 10 and Windows 11 Available on Windows 8+
SKU availability Cmdlets are available on all SKUs on 1909+ builds.
For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.		 Policies deployed through GP are only effective on Enterprise devices.
Policies deployed through MDM are effective on all SKUs.
Management solutions
  • Intune (custom policy deployment via OMA-URI only)
  • MEMCM (custom policy deployment via Software Distribution only)
  • Group Policy
  • PowerShell
    Per-User and Per-User group rules Not available (policies are device-wide) Available on Windows 8+
    Kernel mode policies Available on all Windows 10 versions and Windows 11 Not available
    Per-app rules Available on 1703+ Not available
    Managed Installer (MI) Available on 1703+ Not available
    Reputation-Based intelligence Available on 1709+ Not available
    Multiple policy support Available on 1903+ Not available
    Path-based rules Available on 1903+. Exclusions are not supported. Runtime user-writeability checks enforced by default. Available on Windows 8+. Exclusions are supported. No runtime user-writeability check.
    COM object configurability Available on 1903+ Not available
    Packaged app rules Available on RS5+ Available on Windows 8+
    Enforceable file types
    • Driver files: .sys
    • Executable files: .exe and .com
    • DLLs: .dll and .ocx
    • Windows Installer files: .msi, .mst, and .msp
    • Scripts: .ps1, .vbs, and .js
    • Packaged apps and packaged app installers: .appx
    • Executable files: .exe and .com
    • [Optional] DLLs: .dll and .ocx
    • Windows Installer files: .msi, .mst, and .msp
    • Scripts: .ps1, .bat, .cmd, .vbs, and .js
    • Packaged apps and packaged app installers: .appx