Microsoft Intune: Application Control for Business

🚨 The Signal: Intune's Application Control for Business now allows granular targeting of Managed Installer policies. This enhances application whitelisting, reducing attack surface by preventing unauthorized software execution on managed endpoints.

The Impact

Security teams and Intune admins are affected, gaining enhanced control over endpoint application execution, significantly reducing malware and unauthorized software risks.

• Security Teams: Reduced risk from unauthorized software execution.
• Intune Admins: Improved flexibility and precision in deploying application control policies.
• End Users: Enhanced protection against malicious applications.
• Compliance Officers: Stronger attestation for application whitelisting controls.

The Action

1. Navigate to Microsoft Intune admin center > Endpoint security > Application control.
2. Create or edit a Windows Defender Application Control (WDAC) policy.
3. Configure the policy to include Managed Installer.
4. Assign the WDAC policy to specific user or device groups, rather than 'All Users' or 'All Devices'.
5. Monitor policy deployment and application behavior on targeted endpoints.

Domain: Intune · Impact: high · Workload: Intune · Essential Eight: Application Control · ISM: ISM-0843, ISM-1490, ISM-1544, ISM-1582, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1870, ISM-1871