How to restrict a user from installing a software (such as zoom, browser etc) in my Azure Active Directory domain server?

TechQ 236 Reputation points
2022-11-27T02:54:21.29+00:00

Hello everyone,
Please help me out with a solution, so recently I am trying to stop a user from installing a software in my domain server. I am using Azure Active Directory (not on premise), I have all the licenses assigned and everything, but I can't stop a user from installing a software. If there is any possible way to do it, please let me out. I also can't find a way to do software deployment from using Azure AD except Intune endpoint. Please send me all information you can to help me out. Thank you

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,192 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 9,491 Reputation points Microsoft Employee
    2022-11-27T16:19:48.193+00:00

    They usually need local admin to install, you can and should restrict access using RBAC.

    You can use an AppLocker policy: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview

    Defender for Cloud (Defender for Servers can alert you of unwanted software installs on servers using Adaptive Applicaiton Control.

    Defender for Endpoint can leverage Application Control policies to block installs form unwanted sources. There is also an MDAV option to block Potentially Unwanted Applicaitons.

    Endpoint Manager and Intune can be used to inventory software to cleanup after if needed.