This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 89%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
We have security recommendations on Microsoft Defender as follows:
Security recommendations
We are currently checking each device and sending out emails to remind people to update or do whatever is necessary to keep devices secure per recommendations. Is there a way to push the recommendations to devices automatically? For example, we regularly get a notification that when windows 10 updates are available, we have to restart within a set period of time. And if the restart isnt done manually, the device will automatically force restart say after 3 days of no action.
It would be nice to apply something like this to the security recommendations as well...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
It depends on how you manage your devices. For example, in case you are using Group Policy, you may use the AppLocker to block executing files unless they meet certain policies. You may deploy update for Microsoft Edge, GitHub and Firefox using software deployment policy . Update for the Microsoft .NET is usually available in the Windows Update.
@Reza-Ameri
Thanks Reza
It looks like AppLocker is only for windows enterprise editions, and i checked ours, we have windows business edition...
As for deploying software through GPO, I dont think I can do it from my machine since Im not Administrator. I was hoping we could do it through endpoint manager or something
AppLocker is available in Pro version too.
Actually there are two concepts of AppLocker and WDAC and are available on Pro and Enterprise edition, take a look at:
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/feature-availability
You are able to deploy application using MEM too, take a look at:
https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management