![]() ![]() Audit mode - For production purposes it's best practice to put this in Audit modes first, but for this demo I'm obviously turning Audit modes off. ![]() Managed installer - The option speaks for itself and is necessary for Part 2.Disable Script Enforcement - for Part 2 I'm going to set up Intune as a managed installer and I use a PowerShell script for that, but since I don't have a certificate seining script the option must be turned on otherwise my script won't be executed.Thanks to Supplemental, I can build additional polices on top of the Base Policy. Allow Supplemental Policies - This policy that I am making now is the basis and I will never change it.For a complete overview I refer you to this Microsoft website: Windows Defender Application Control - Policy Rules Description Couple of these policies I will elaborate on why I turned them on or off. In addition to the chosen template, options can be turned on or off. I activated ASR rules for 'Use advanced protection. Windows Defender Application control - App Managing Controlled Folder Access (with Dell Command update as a special guest) I realize this might not be a Intune problem as much as a Windows problem - but I am trying to solve it with Intune so hopefully it it ok to ask it here (and maybe anyone have experience with Dell command update). Create WDAC Policy - Configure Policy Template ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |