Application Control

Application control is a crucial scenario that enables an organization to create a lockdown experience. Windows IoT Enterprise, includes two technologies, Windows Defender Application Control (WDAC) and AppLocker, which can be used for application control to meet your organization's specific scenarios and requirements.


When it comes to choosing between WDAC or AppLocker it is generally recommended that customers who are able to implement application control using WDAC rather than AppLocker, do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.

Windows Defender Application Control (WDAC)

WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows devices. WDAC is designed as a security feature under the servicing criteria defined by the Microsoft Security Response Center (MSRC). To learn more about if WDAC can work for your organization, check out the following documentation.


AppLocker advances the app control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps. Since AppLocker rules specify which apps are allowed to run on the device, you can leverage AppLocker to create a Windows IoT kiosk that runs multiple apps. AppLocker is ideal for organizations that currently use Group Policy to manage their PCs. To learn more about if AppLocker can work for your organization, check out the following documentation.

Additional Resources