Application Control - LOB Application Exclusions

%3CLINGO-SUB%20id%3D%22lingo-sub-1572451%22%20slang%3D%22en-US%22%3EApplication%20Control%20-%20LOB%20Application%20Exclusions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572451%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConsider%20I've%20tested%20Application%20Control%20in%20either%20audit%20or%20enforce%20mode%20(setting%20from%20Endpoint%20Manager%2FEndpoint%20Protection%2FAC).%20Everything%20seems%20to%20work%20fine%20except%20a%20few%20LOB-applications.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3EHow%20do%20I%20exclude%20these%20LOB-applications%20from%20Application%20Control%3F%3C%2FP%3E%3CP%3EI%20think%20I've%20read%20about%20that%20you%20need%20to%20combine%20Application%20Control%20with%20Applocker%20for%20exclusions%20is%20that%20true%3F%20If%20that's%20the%20case%20where%20can%20I%20find%20documentation%20on%20how%20to%20setup%20exclusions%3F%3C%2FP%3E%3CP%3EIf%20that's%20true%20-%20does%20the%20exclusions%20need%20to%20be%20managed%20by%20GPO%20or%20can%20it%20be%20managed%20via%20MDM%20only%3F%20(AAD%20Join%20only)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Simon%20H%C3%A5kansson_0-1596787272574.png%22%20style%3D%22width%3A%20852px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210900iD230A9EC7468B97F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Simon%20H%C3%A5kansson_0-1596787272574.png%22%20alt%3D%22Simon%20H%C3%A5kansson_0-1596787272574.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1572451%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Control%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EASR%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEndpoint%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eendpoint%20security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1572540%22%20slang%3D%22en-US%22%3ERe%3A%20Application%20Control%20-%20LOB%20Application%20Exclusions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572540%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20MEMCM%20you%20have%20this%20capability%2C%20but%20what%20if%20I'm%20having%20an%20environment%20where%20a%20CM%20is%20not%20present%3F%20Would%20be%20fantastic%20to%20be%20able%20to%20add%20custom%20LOB-apps%20as%20exclusions%20this%20way%20but%20in%20Intune%20but%20maybe%20that's%20considered%20a%20security%20or%20non-issue%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Simon%20H%C3%A5kansson_0-1596790043376.png%22%20style%3D%22width%3A%20565px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F210927i9722F540D138DA89%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Simon%20H%C3%A5kansson_0-1596790043376.png%22%20alt%3D%22Simon%20H%C3%A5kansson_0-1596790043376.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

Consider I've tested Application Control in either audit or enforce mode (setting from Endpoint Manager/Endpoint Protection/AC). Everything seems to work fine except a few LOB-applications.

 

Questions:

How do I exclude these LOB-applications from Application Control?

I think I've read about that you need to combine Application Control with Applocker for exclusions is that true? If that's the case where can I find documentation on how to setup exclusions?

If that's true - does the exclusions need to be managed by GPO or can it be managed via MDM only? (AAD Join only)

 

Simon Håkansson_0-1596787272574.png

1 Reply

In MEMCM you have this capability, but what if I'm having an environment where a CM is not present? Would be fantastic to be able to add custom LOB-apps as exclusions this way but in Intune but maybe that's considered a security or non-issue?

Simon Håkansson_0-1596790043376.png

www.000webhost.com