There are a couple of options available. You can enforce applocker policy to restrict execution of executables, however this will not necessarily block the download. The other option is and which is also recommended is to onboard devices to Defender for Endpoint and configure all the endpoint security policies. Again, this will not necessarily block the download unless malicious, but will allow you to implement security hardening across the endpoints.
How to block the download of .exe files using Intune
Hello,
I want to block the download of executable files using Intune.
I have searched extensively, but I could not find a clear answer.
3 answers
Sort by: Most helpful
-
-
Marcin Policht 11,385 Reputation points MVP
2024-02-19T10:06:29.1133333+00:00 You can potentially leverage https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide , but this is not exactly what you want to accomplish (it doesn't block all executables, but only those which are deemed potentially harmful). However, you should be able to use the Defender for Cloud Apps as described in https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-proxy-block-session-aad#create-a-block-download-policy-for-unmanaged-devices to target specific file types
hth Marcin
-
Pavel yannara Mirochnitchenko 11,716 Reputation points MVP
2024-02-19T10:51:15.6433333+00:00 There is no way to do that directly. You can look into Defender for Endpoint features which will restrict going to torrent / porn / gampling sites and more. You can also add Security Baseline which will configure Smart Filter for you or configure it yourself from scratch.