App Control for Business and AppLocker feature availability
Note
Some capabilities of App Control for Business are only available on specific Windows versions. Review the following table to learn more.
Capability | App Control for Business | AppLocker |
---|---|---|
Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. |
Edition availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later. App Control PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. |
Policies are supported on all editions Windows 10 version 2004 and newer with KB 5024351. Windows versions older than version 2004, including Windows Server 2019:
|
Management solutions |
|
|
Per-user and Per-user group rules | Not available (policies are device-wide). | Available on Windows 8+. |
Kernel mode policies | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
Rule option 11 - Disabled:Script Enforcement | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. Disabled:Script Enforcement isn't supported on Windows Server 2016 or on Windows 10 1607 LTSB and shouldn't be used on those platforms. Doing so results in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. |
Per-app rules | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Managed Installer (MI) | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Reputation-Based intelligence | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Multiple policy support | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022. | Not available. |
Path-based rules | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
COM object allowlisting | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Packaged app rules | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Available on Windows 8+. |
Enforceable file types |
|
|
Application ID (AppId) Tagging | Available on Windows 10, version 20H1 and later, and Windows 11. | Not available. |