Windows Defender Application Control and AppLocker feature availability

Applies to:

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.

Capability Windows Defender Application Control AppLocker
Platform support Available on Windows 10, Windows 11, and Windows Server 2016 or later. Available on Windows 8 or later.
SKU availability Available on Windows 10, Windows 11, and Windows Server 2016 or later.
WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions.
Policies deployed through GP are only supported on Enterprise and Server editions.
Policies deployed through MDM are supported on all editions.
Management solutions
  • Intune (custom policy deployment via OMA-URI only)
  • Configuration Manager (custom policy deployment via software distribution only)
  • Group Policy
  • PowerShell
    Per-User and Per-User group rules Not available (policies are device-wide). Available on Windows 8+.
    Kernel mode policies Available on Windows 10, Windows 11, and Windows Server 2016 or later. Not available.
    Per-app rules Available on Windows 10, Windows 11, and Windows Server 2019 or later. Not available.
    Managed Installer (MI) Available on Windows 10, Windows 11, and Windows Server 2019 or later. Not available.
    Reputation-Based intelligence Available on Windows 10, Windows 11, and Windows Server 2019 or later. Not available.
    Multiple policy support Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022. Not available.
    Path-based rules Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2019 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default. Available on Windows 8+. Exclusions are supported. No runtime user-writeability check.
    COM object allowlisting Available on Windows 10, Windows 11, and Windows Server 2019 or later. Not available.
    Packaged app rules Available on Windows 10, Windows 11, and Windows Server 2019 or later. Available on Windows 8+.
    Enforceable file types
    • Driver files: .sys
    • Executable files: .exe and .com
    • DLLs: .dll and .ocx
    • Windows Installer files: .msi, .mst, and .msp
    • Scripts: .ps1, .vbs, and .js
    • Packaged apps and packaged app installers: .appx
    • Executable files: .exe and .com
    • [Optional] DLLs: .dll, .rll and .ocx
    • Windows Installer files: .msi, .mst, and .msp
    • Scripts: .ps1, .bat, .cmd, .vbs, and .js
    • Packaged apps and packaged app installers: .appx
    Application ID (AppId) Tagging Available on Windows 10, version 20H1 and above, and Windows 11. Not available.