This post covers how to test a Windows Defender Application Control (WDAC) policy.
Windows Defender Application Control (WDAC) is a security feature that controls what is allowed to run on a Windows OS. This post describes creating a basic policy that allows Windows to boot and function. It is the first step in creating a WDAC policy for production.
Windows Defender Application Control (WDAC) is the native Windows 10 security feature to control what files can be executed on the desktop. In Windows 1903, Microsoft has added support for file path rules as a basis for whitelisting. Before this, implementing a WDAC policy for the desktop in production was very difficult, almost impractical. File path rules allow applications in the Windows and Program Files folders to run without first specifying what they are. This is one of a series of posts about how to create and implement a WDAC policy for the desktop, with file path rules, and using Intune to deliver it.
Windows Defender Application Control (WDAC) is a complicated security feature to implement on the Windows 10 desktop. It’s worth taking a look at why we need to do it.