![]() All of my findings are suggesting that the actual behaviour of the product in this scenario is significantly different from what is documented. The "product feedback" is there as context for the documentation issue. Am I right in thinking this means the issue has been closed because it's been deemed to be product feedback only and therefore not a documentation issue?Īlthough my issue does include what you could describe as "product feedback", it was raised as it is also a significant documentation issue. However, I'm not sure why it has been closed without any action? I can see you added the product-feedback tag before closing it. Content Source: windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md.Content: Requirements to use AppLocker (Windows). ![]() It is required for ➟ GitHub issue linking. Also, the AppLocker CSP is apparently supported on Business edition as well. I doubt this is significant as Pro and Business are very similar. It was originally a Win 10 Pro image, but it is converted to Business edition upon enrolling it into an Intune tenant running M365 Business Premium (which this one is). As this is also a potential documentation issue, I have decided to raise it here with the hope you may have more luck getting clarification via your channels and the documentation can then be updated so that others aren't left wondering what's going on!ĮDIT: Just a small clarification - technically, the endpoint I am testing on is running Windows 10 Business rather than Pro. I have a support case open to try and get to the bottom of this, but it is looking like it will take some time before it is escalated to the necessary level to get a definitive answer. In fact, this article seems to suggest that all types of policies should be fully functional on Win 10 Pro if using Intune to manage, whereas the reality seems to be that there is potentially only limited support with a number of caveats. However, I cannot find anything within the official documentation that mentions this. This would makes sense based on the behaviour we are all seeing. These posts are suggesting that the AppLocker CSP in Win 10 is actually using a mixture of AppLocker and Software Restriction Policies (SRP) to apply the configuration you have defined in Intune. ![]() I have done some investigation online to see if anyone else has experienced similar issues and have come across a handful of interesting posts that describe similar behaviour to mine (they seem to have more luck with MSI, but still very similar): Microsoft support were also unable to find any issues with the configuration. The fact that my EXE policies are working without issue suggests I have done this correctly. As far as I am aware, I have correctly configured the Intune side using the documented process to produce and export the AppLocker XML from an existing machine and then import it into a custom OMA-URI policy within Intune. All users are licensed for Intune (M365 BP). The endpoint I am testing on is fully up to date with the latest feature and security updates. I cannot get MSI blocks to work at all and no events are present in the event log for this. In enforced mode, the event log still remains empty, but some types of scripts are blocked. ![]() In audit mode, the relevant AppLocker event log remains empty. Script and MSI checks do not work at all in audit mode and only partially in enforced mode.The relevant events can also be found in the AppLocker event log on the endpoint ![]() EXE checks work absolutely fine in either audit or enforced mode.However, when I have attempt to configure it, it seems to only partially work. Based on this and other articles (including the documentation for the AppLocker CSP) I determined that my scenario where all machines are fully Azure AD joined (not hybrid joined) and enrolled in Intune should be fine. However, this article states that AppLocker running on Win 10 Pro can be managed centrally if you are using an MDM solution to manage it (e.g. In the past, when using Group Policy, centralised management was only possible when using Win 10 Enterprise edition. I have a requirement to configure AppLocker EXE, script and MSI policies on a fleet of Windows 10 Pro machines. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |