Software Restriction Policies in Intune

David McBride 301 Reputation points

I don't see Software Restriction Policies in Intune for Windows. For example: in local AD GP we have SRP like in path to block "%AppData%*.exe" from running. To help reduce chances of cryptolocker type malwares. Is there a way or maybe even a counter part component to implement similar policies in Intune?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,733 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,566 Reputation points MVP

    The closest policy that you can setup will be applocker.

    0 comments No comments

  2. Lu Dai-MSFT 28,366 Reputation points

    @David McBride Thanks for posting in our Q&A.

    For this issue, I agree with RahulJindal. I find that the following AppLocker article mentioned that AppLocker includes a number of improvements in manageability as compared to its predecessor Software Restriction Policies.

    This article describes that use AppLocker to create custom Intune policies for Windows 10 apps.

    Hope it will help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. David McBride 301 Reputation points

    Thank you for the input. I have been messing with AppLocker already. Because of circumstances I can not use an explicit Allow only approach. I am having problems making the transition from SRP to AppLocker. For example: I can not seem to stop a .cmd file from running in C:\Windows\temp folder using AppLocker. How would I go about keeping a .cmd running in C:\Windows\Temp using AppLocker?

  4. Rahul Jindal [MVP] 9,566 Reputation points MVP
    0 comments No comments

  5. Joseph Wagner 1 Reputation point

    The fact that something like this, that is easy to use, is not built in to Intune is absolutely insane. I have spent the last two days researching and troubleshooting solutions without much success while I have teachers yelling at me because we cannot prevent students from running applications on their local profiles. If anyone has any solutions, it would be so appreciated.

    0 comments No comments