This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 5%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
I have Windows 10 users joined to Azure AD and I have given all of them Admin rights. This means they can install any software they like. But I want to create a Whitelist of software that allows them to install only those software. So how can I create such a policy in Azure AD which restricts, out of the Whitelisted applications. If it is not possible in Azure then kindly suggest me a solution please.
Thanks,
SY
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Mr. Sajid I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer.
@Mr. Sajid Thanks for reaching out. As I understand from your problem statement you want to find a way which allows you to control the Application installations on windows 10 environment.
Currently Azure AD does not have this capability to provide that dedicated endpoint solution. In your particular scenario you will need to use Microsoft Endpoint manager (Known as Intune).
You will need to enroll your devices (Windows 10) to Intune and then apply policies to control the behaviors.
For whitelisting Application on windows 10, you can deploy App locker configuration files from Intune service which allows you to control/block the execution of any software on windows 10.
You can read more here : https://www.vansurksum.com/2020/02/24/a-guide-to-implementing-applocker-on-your-modern-workplace/
-----------------------------------------------------------------------------------------------------------------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
If you are using MDE you should consider Application Control instead. This is a more modern and dynamic solution to AppLocker: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide#application-control
Terminology reference: https://insights.dice.com/2020/07/17/whitelist-blacklist-the-new-debate-over-security-terminology/