Occasional Contributor

Hi,

 

Consider I've tested Application Control in either audit or enforce mode (setting from Endpoint Manager/Endpoint Protection/AC). Everything seems to work fine except a few LOB-applications.

 

Questions:

How do I exclude these LOB-applications from Application Control?

I think I've read about that you need to combine Application Control with Applocker for exclusions is that true? If that's the case where can I find documentation on how to setup exclusions?

If that's true - does the exclusions need to be managed by GPO or can it be managed via MDM only? (AAD Join only)

 

Simon Håkansson_0-1596787272574.png

In MEMCM you have this capability, but what if I'm having an environment where a CM is not present? Would be fantastic to be able to add custom LOB-apps as exclusions this way but in Intune but maybe that's considered a security or non-issue?

Simon Håkansson_0-1596790043376.png

www.000webhost.com