It depends on how you manage your devices. For example, in case you are using Group Policy, you may use the AppLocker to block executing files unless they meet certain policies. You may deploy update for Microsoft Edge, GitHub and Firefox using software deployment policy . Update for the Microsoft .NET is usually available in the Windows Update.
How to push security recommendations to devices?
We have security recommendations on Microsoft Defender as follows:
- Block persistence through WMI event subscription
- Block executable files from running unless they meet a prevalence, age, or trusted list criterion
- Update Mozilla Firefox
- Update Microsoft Edge Chromium-based
- Update Microsoft Asp.net Core
- Update Git to version 188.8.131.52
We are currently checking each device and sending out emails to remind people to update or do whatever is necessary to keep devices secure per recommendations. Is there a way to push the recommendations to devices automatically? For example, we regularly get a notification that when windows 10 updates are available, we have to restart within a set period of time. And if the restart isnt done manually, the device will automatically force restart say after 3 days of no action.
It would be nice to apply something like this to the security recommendations as well...
Sign in to comment
It looks like AppLocker is only for windows enterprise editions, and i checked ours, we have windows business edition...
As for deploying software through GPO, I dont think I can do it from my machine since Im not Administrator. I was hoping we could do it through endpoint manager or something
AppLocker is available in Pro version too.
Actually there are two concepts of AppLocker and WDAC and are available on Pro and Enterprise edition, take a look at:
You are able to deploy application using MEM too, take a look at:
Sign in to comment