While AppLocker has been around since Windows 7 and Windows Server 2008 R2, I have rarely found the solution in enterprises. The main reason was always that the implementation is very time and resource consuming and that you must constantly maintain a whitelist. This is a bummer, because the security gain is enormous when a solution like AppLocker is used. If you deal with the AppLocker rules intensively and have developed a good concept at the beginning, you will realize that you do not have to adjust the rule regularly and that the operation is not as complex as you thought.

This blog article shows the important things to consider when implementing AppLocker, how to create a usable basic ruleset that requires minimal maintenance, and how to manage with Microsoft Intune.

1. Application whitelisting technology overview
2. AppLocker basic recommendations
3. AppLocker deployment considerations
4. AppLocker OS Requirements
5. AppLocker AppIDSvc Service Requirements
6. Configure AppLocker and start with Audit Only Mode
7. Configure Basic Ruleset
8. Exceptions
   1. Path Exeptions
   2. Publisher Exception
9. AaronLocker
10. AppLocker deployment with Microsoft Intune
11. Event monitoring
    1. AppLocker Event IDs
    2. _PSScriptPolicyTest*. PowerShell Scripts
    3. Azure Log Analytics / KQL
       1. Check for Audit Mode Events with KQL
       2. Check for Enforce Mode Events with KQL
    4. AppLocker Microsoft Intune Rules Storage Location
12. Configure Enforce Mode