This is a post about using PowerShell and Microsoft Graph to access data in Azure AD, Intune and Office 365. The GUI management of these Microsoft 365 technologies is constantly evolving, but there will always be things that can’t be done that way. Microsoft Graph approaches the problem from the other direction. It provides an […]
Signers are the identities of the certificates used by Windows Defender Application Control (WDAC) to allow or deny a signed file to run. If you open a policy XML file, you will see the list of signers. It is interesting that many of the files allowed to run by this method are not, in fact, […]
When we implement a Windows Defender Application Control (WDAC) policy, we need to allow or deny different types of executable file. Different methods of creating a policy handle file types differently. This post is an attempt to explain how it works in practice.
The new File Path rules in Windows Defender Application Control (WDAC) allow EXE and DLL files in the path, but not SYS, or MSI or script files. This is curious and, as far as I know, undocumented. And it means that we cannot simply allow all files in C:\Windows. If we do that, the system […]
The Application Control feature in Windows 10 was originally called Device Guard Code Integrity. This was brought under the Defender umbrella of security technologies as Windows Defender Application Control (WDAC). Microsoft earlier this year announced that Windows Defender would become cross-platform (with a version of Defender antivirus for macOS) and be renamed Microsoft Defender. In […]
Something went wrong. Please refresh the page and/or try again.