AppLocker design guide

• Applies to:

  ✅ Windows 11, ✅ Windows 10, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.

This guide provides important designing and planning information for deploying application control policies by using AppLocker. It's intended for security architects, security administrators, and system administrators. Through a sequential and iterative process, you can create an AppLocker policy deployment plan for your organization that will address your specific application control requirements by department, organizational unit, or business group.

This guide doesn't cover the deployment of application control policies by using Software Restriction Policies (SRP). However, SRP is discussed as a deployment option in conjunction with AppLocker policies. For info about these options, see Determine your application control objectives.

To understand if AppLocker is the correct application control solution for your organization, see Understand AppLocker policy design decisions.

In this section

Topic	Description
Understand AppLocker policy design decisions	This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
Determine your application control objectives	This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
Create a list of apps deployed to each business group	This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
Select the types of rules to create	This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
Determine the Group Policy structure and rule enforcement	This overview topic describes the process to follow when you're planning to deploy AppLocker rules.
Plan for AppLocker policy management	This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.

After careful design and detailed planning, the next step is to deploy AppLocker policies. AppLocker Deployment Guide covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.