Software Restriction Policies in Intune

David McBride 301 Reputation points
2021-10-08T21:25:44.273+00:00

I don't see Software Restriction Policies in Intune for Windows. For example: in local AD GP we have SRP like in path to block "%AppData%*.exe" from running. To help reduce chances of cryptolocker type malwares. Is there a way or maybe even a counter part component to implement similar policies in Intune?
Thanks

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,733 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,566 Reputation points MVP
    2021-10-08T22:07:13.333+00:00

    The closest policy that you can setup will be applocker.

    0 comments No comments

  2. Lu Dai-MSFT 28,366 Reputation points
    2021-10-11T02:26:35.817+00:00

    @David McBride Thanks for posting in our Q&A.

    For this issue, I agree with RahulJindal. I find that the following AppLocker article mentioned that AppLocker includes a number of improvements in manageability as compared to its predecessor Software Restriction Policies.
    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview

    This article describes that use AppLocker to create custom Intune policies for Windows 10 apps.
    https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create-custom-intune-policies-for/ba-p/364981

    Hope it will help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. David McBride 301 Reputation points
    2021-10-11T19:40:54.06+00:00

    Thank you for the input. I have been messing with AppLocker already. Because of circumstances I can not use an explicit Allow only approach. I am having problems making the transition from SRP to AppLocker. For example: I can not seem to stop a .cmd file from running in C:\Windows\temp folder using AppLocker. How would I go about keeping a .cmd running in C:\Windows\Temp using AppLocker?
    Thanks!!


  4. Rahul Jindal [MVP] 9,566 Reputation points MVP
    2021-10-12T07:38:21.217+00:00
    0 comments No comments

  5. Joseph Wagner 1 Reputation point
    2021-10-14T18:19:48.93+00:00

    The fact that something like this, that is easy to use, is not built in to Intune is absolutely insane. I have spent the last two days researching and troubleshooting solutions without much success while I have teachers yelling at me because we cannot prevent students from running applications on their local profiles. If anyone has any solutions, it would be so appreciated.

    0 comments No comments