Security: Application Whitelisting with Microsoft Intune and AppLocker

While AppLocker has been around since Windows 7 and Windows Server 2008 R2, I have rarely found the solution in enterprises. The main reason was always that the implementation is very time and resource consuming and that you must constantly maintain a whitelist. This is a bummer, because the security gain is enormous when a solution like AppLocker is used. If you deal with the AppLocker rules intensively and have developed a good concept at the beginning, you will realize that you do not have to adjust the rule regularly and that the operation is not as complex as you thought.

This blog article shows the important things to consider when implementing AppLocker, how to create a usable basic ruleset that requires minimal maintenance, and how to manage with Microsoft Intune.

  1. Application whitelisting technology overview
  2. AppLocker basic recommendations
  3. AppLocker deployment considerations
  4. AppLocker OS Requirements
  5. AppLocker AppIDSvc Service Requirements
  6. Configure AppLocker and start with Audit Only Mode
  7. Configure Basic Ruleset
  8. Exceptions
    1. Path Exeptions
    2. Publisher Exception
  9. AaronLocker
  10. AppLocker deployment with Microsoft Intune
  11. Event monitoring
    1. AppLocker Event IDs
    2. _PSScriptPolicyTest*. PowerShell Scripts
    3. Azure Log Analytics / KQL
      1. Check for Audit Mode Events with KQL
      2. Check for Enforce Mode Events with KQL
    4. AppLocker Microsoft Intune Rules Storage Location
  12. Configure Enforce Mode
Continue reading

Security: First impressions of the new Windows 11 22H2 security feature Smart App Control

This blog article covers the new Windows 11 22H2 security feature Smart App Control (SAC) and gives first impressions as well as recommendations.

  1. What is Smart App Control (SAC)?
  2. How does Smart App Control (SAC) work?
  3. How do I activate and configure Smart App Control (SAC)?
  4. What are the first impressions?
  5. My recommendations
  6. Summary
Continue reading