MDAC FilePath Rules and Drivers

The new File Path rules in Microsoft Defender Application Control (MDAC) allow EXE and DLL files in the path, but not SYS, or MSI or script files. This is curious and, as far as I know, undocumented. And it means that we cannot simply allow all files in C:\Windows. If we do that, the system will not boot because the drivers will still be blocked. We will need to use another method to add drivers to an MDAC policy.

Continue reading

MDAC or WDAC

The Application Control feature in Windows 10 was originally called Device Guard Code Integrity. This was brought under the Defender umbrella of security technologies as Windows Defender Application Control (WDAC). Microsoft earlier this year announced that Windows Defender would become cross-platform (with a version of Defender antivirus for macOS) and be renamed Microsoft Defender.

In my blog posts I have called it Microsoft Defender Application Control (MDAC). You can see in the screenshot below that all the Defender technologies for Windows 10 Endpoint Protection, in Intune, are now Microsoft Defender.

Intune Endpoint Protection Policies

Deliver an MDAC Policy with Intune

This post covers how to deliver an MDAC policy with Intune. It is part of a series about MDAC (formerly WDAC) policies. To perform this step, we need to have previously created a policy and tested it manually. The Microsoft documentation on delivering an MDAC policy with Intune is confusing and incorrect. This is how to do it.

Continue reading