This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 44%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXB%3C/text%3E%3C/svg%3E)
Hi guys,
A tech in a company deployed Windows devices protection via Intune and died without leaving any documentation.
What happens now, any attempt to install any software is blocked and this warning pops up.
Despite it says that the app installation is blocked by Windows Defender Application Control indeed it is blocked somewhere in Intune.
I only have this screenshot which doesn't shed much light on what exactly was configured.
If for someone it make any sense for could you please point me where I can temporarily unblock or disable devices protection to install software.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@X-Box-11-2021, Thanks for posting in Q&A. From the information you provided, it seems there's Windows Defender Application Control policy which deployed via Intune block the software installation. To make the installation working, you can replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This deletion will prevent anything from being blocked and fully remove the WDAC policy on the next reboot.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Do I need to do anything in Microsoft Intune?
Like delete the device under Windows Devices.
@X-Box-11-2021, Thanks for the reply. For your question, I would like to say there's no need to delete the device via Intune. But you need to find the WDAC policy in Intune and change the configuration setting to other setting like allow, audit. After the policy applied, unassign the policy from the group which the device or user in.
@X-Box-11-2021, Hope things are going well. If there's any update, feel free to let us know.