Share via

How to restrict a user from installing a software (such as zoom, browser etc) in my Azure Active Directory domain server?

TechQ 236 Reputation points
2022-11-27T02:54:21.29+00:00

Hello everyone,
Please help me out with a solution, so recently I am trying to stop a user from installing a software in my domain server. I am using Azure Active Directory (not on premise), I have all the licenses assigned and everything, but I can't stop a user from installing a software. If there is any possible way to do it, please let me out. I also can't find a way to do software deployment from using Azure AD except Intune endpoint. Please send me all information you can to help me out. Thank you

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 10,051 Reputation points Microsoft Employee
    2022-11-27T16:19:48.193+00:00

    They usually need local admin to install, you can and should restrict access using RBAC.

    You can use an AppLocker policy: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview

    Defender for Cloud (Defender for Servers can alert you of unwanted software installs on servers using Adaptive Applicaiton Control.

    Defender for Endpoint can leverage Application Control policies to block installs form unwanted sources. There is also an MDAV option to block Potentially Unwanted Applicaitons.

    Endpoint Manager and Intune can be used to inventory software to cleanup after if needed.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.