5,571 questions
The closest policy that you can setup will be applocker.
Software Restriction Policies in Intune
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 74%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
David McBride
301
Reputation points
I don't see Software Restriction Policies in Intune for Windows. For example: in local AD GP we have SRP like in path to block "%AppData%*.exe" from running. To help reduce chances of cryptolocker type malwares. Is there a way or maybe even a counter part component to implement similar policies in Intune?
Thanks
Microsoft Security | Intune | Other
5 answers
Sort by: Most helpful
-
-
Lu Dai-MSFT 28,501 Reputation points2021-10-11T02:26:35.817+00:00 @David McBride Thanks for posting in our Q&A.
For this issue, I agree with RahulJindal. I find that the following AppLocker article mentioned that AppLocker includes a number of improvements in manageability as compared to its predecessor Software Restriction Policies.
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overviewThis article describes that use AppLocker to create custom Intune policies for Windows 10 apps.
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create-custom-intune-policies-for/ba-p/364981Hope it will help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
David McBride 301 Reputation points
2021-10-11T19:40:54.06+00:00 Thank you for the input. I have been messing with AppLocker already. Because of circumstances I can not use an explicit Allow only approach. I am having problems making the transition from SRP to AppLocker. For example: I can not seem to stop a .cmd file from running in C:\Windows\temp folder using AppLocker. How would I go about keeping a .cmd running in C:\Windows\Temp using AppLocker?
Thanks!!-
Lu Dai-MSFT 28,501 Reputation points
2021-10-12T06:48:49.87+00:00 @David McBride Thanks for your update.
Please understand that Applocker is a feature of windows security. To get accurate help, it is better to contact windows support. Here is the Global Customer Service phone numbers:
https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2Hope it will help.
-
David McBride 301 Reputation points
2021-10-12T13:16:24.24+00:00 Thanks for your replay but I am posting in the forums to avoid having to call support.
-
Lu Dai-MSFT 28,501 Reputation points
2021-10-13T03:09:00.637+00:00 Honestly, for the specific usage of Applocker, I have no idea about it. So, I suggest to call Windows to get more help. Don't worry, our Q&A is an open platform. Let's wait for someone else who will provide any helpful idea.
Thanks for understanding.
Sign in to comment -
-
Rahul Jindal [MVP] 10,911 Reputation points MVP2021-10-12T07:38:21.217+00:00 Maybe this can help. how-to-whitelist-apps-using-applocker.html
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 59%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Joseph Wagner 1 Reputation point2021-10-14T18:19:48.93+00:00 The fact that something like this, that is easy to use, is not built in to Intune is absolutely insane. I have spent the last two days researching and troubleshooting solutions without much success while I have teachers yelling at me because we cannot prevent students from running applications on their local profiles. If anyone has any solutions, it would be so appreciated.