Thank you! My only question is something I can never seem to find anywhere when working with OMA URI...Where do you get the value that starts with ".\Vendor\MSFT\"...etc?
thank you for this. i've surfed thru internet for whole day to see how Memory Integrity can be enabled and was able to do so using the tool you recommended. 👌👌
Thank you for your video. Can you please create a video to block all third party application but allow managed application (Pushed from intune). Is it possible?
While creating suplemental policy audit mode is off and i am unable to turn it on and lastly supplemental policy xml does not open nor I can see the policy in document folder. Please help
This needs an option to Allow all and block selected as in it's current state it is a destroyer of systems and usability. What are your thoughts on why it breaks so much stuff. Like Citrix clients...cmon, how can that not be on the graph, or many many utilities which people use everyday. Good luck to anybody attempting to actually roll this out. We gave up.
Good point; apologies! learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune#deploy-custom-wdac-policies-on-windows-10-1903
How do you deploy with the supplemental policy you created it but never showed how to include it in the video, when I create a base policy and add a custom rule it removes the policy ID from the xml so i cant deploy with in-tune what am I missing?
Hello! Any ideas why after allowing an app, I get the error windows ''your organization used device guard to block this app. Contact your support person for more info" This is not the big blue windows prompt from the WDAC but a rather legacy looking pop up? Thank you
I have the example files included with Win 10 Pro 64bit working fine, however WDAC is blocking apps I have installed and I used the wizard to add a custom rule but it continues to be blocked. Can this run on a standalone machine ? Just can’t seem to allow anything already installed
4:28 is such a classic Microsoft moment. Side-note, has anyone managed to run Windows Image Configuration Designer in the last 5 years?
yep! that had me confused for atleast 10 seconds.
Thanks for the video. And if I want to allow the execution of some win32 applications, how would they be added to the allowed list?
Thank you! My only question is something I can never seem to find anywhere when working with OMA URI...Where do you get the value that starts with ".\Vendor\MSFT\"...etc?
thank you for this. i've surfed thru internet for whole day to see how Memory Integrity can be enabled and was able to do so using the tool you recommended. 👌👌
Great to hear! You are very welcome to subscribe - we are full of useful tips like that! 👍
Thank you for your video. Can you please create a video to block all third party application but allow managed application (Pushed from intune). Is it possible?
@0:44 - can you show us how/why/when to create/enable an Endpoint protection policy for all that is listed under "2 - configuration settings" ???
While creating suplemental policy audit mode is off and i am unable to turn it on and lastly supplemental policy xml does not open nor I can see the policy in document folder. Please help
This needs an option to Allow all and block selected as in it's current state it is a destroyer of systems and usability. What are your thoughts on why it breaks so much stuff. Like Citrix clients...cmon, how can that not be on the graph, or many many utilities which people use everyday. Good luck to anybody attempting to actually roll this out. We gave up.
I was following along just fine until you reached the OMA-URI. Where did yo get the link that you pasted? Doesn't seem to be mentioned.
Good point; apologies!
learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune#deploy-custom-wdac-policies-on-windows-10-1903
@@theCMC thank you very much!
Hey! Does this integrate with Defender for Cloud Adaptive Application Control?
I have absolutely no idea what that is! Now I need to go look that up! Thanks for the question. /Dean
Good video but missing some important detail such as what to do with the supplemental policy.
Thanks - very true. I’ve learned a lot about this since creating the video so it certainly needs an update to be more accurate.
does the custom profile allows you to whitelist any application, publisher, etc .... ???
Yes
@@theCMC do you have a video showing how ? 7zip for example seems like an obvious thing to show
How do you deploy with the supplemental policy you created it but never showed how to include it in the video, when I create a base policy and add a custom rule it removes the policy ID from the xml so i cant deploy with in-tune what am I missing?
Did you ever find the answer to this?
Hello! Any ideas why after allowing an app, I get the error windows ''your organization used device guard to block this app. Contact your support person for more info"
This is not the big blue windows prompt from the WDAC but a rather legacy looking pop up? Thank you
I have the example files included with Win 10 Pro 64bit working fine, however WDAC is blocking apps I have installed and I used the wizard to add a custom rule but it continues to be blocked.
Can this run on a standalone machine ? Just can’t seem to allow anything already installed
Hello! have you find a way around this?