Create a Windows Defender Application Control Policy Demo
Start course

This course explores Microsoft Defender Application Control. We'll look at the fundamentals of the service and then cover some of the key security and privacy caveats when using Application Control. You'll follow along with a real-life demonstration of how to create and deploy a Defender Application Control policy.

Learning Objectives

  • Get an introductory understanding of Microsoft Defender Application Control
  • Understand some key security and privacy caveats for using Application Control
  • Learn how to create and deploy a Defender Application Control policy

Intended Audience

This course is designed for anyone who wishes to learn about Microsoft Defender Application Control.


To get the most out of this course, you should have a basic understanding of Microsoft Defender.


Welcome back. What we're gonna do in this quick demonstration here is walk through the process of creating a Windows Defender Application Control Policy in Configuration Manager. Now on the screen here, I'm logged into my Configuration Manager server called CM01. And what we're gonna do here is browse into Endpoint Manager and open the Configuration Manager Console.

Now to create our Application Control Policy what we need to do is go down into Assets and Compliance here in the left navigation pane. And then what we'll do is expand Endpoint Protection. And then what we'll do is we'll scroll down here and we can see Windows Defender Application Control. So we'll go ahead and open this up.

Now we can see we have no policies created yet. So what we'll do here is up in the left corner we'll create an Application Control Policy here. Now what we'll do is we'll give it a name. I'll just call it My Policy for now. And then the description is optional here. And then this option here for enforce a Restart of devices so that this policy can be enforced for all processes. What this means is once the policy is processed on a client PC, a restart is then scheduled on the client, according to the client's settings for computer restart. So we'll leave this set to enforce.

And then we have two enforcement modes here. We talked about these enforcement enabled and audit only. For this exercise we'll leave it set to enforcement enabled. We'll go ahead and next it. Now this inclusion box here allows us to decide if we want to authorize software that's trusted by the Intelligent Security Graph. We'll leave this turned off for now. And then what we can do here with this add button is add specific files or folders that we want to trust.

So let's go ahead and click Add here, and we'll do a File, and let's just browse here. And what we'll do here, we'll go under Windows Photo Viewer, for example. If we expand this out, expand this out, we can see the different files that we can trust. For this exercise we'll just trust the imaging devices executable here and we'll okay it. So what this does is ensure that the imaging devices that executable in the Windows Photo Viewer folder is trusted. So we'll go ahead and next it.

We can now confirm our settings. We'll next it. And we now have the Application Control Policy created. If we close this out, we can now see My Policy is listed. So with that let's call it a wrap for this quick demo. In the next demonstration, I'll show you how to apply this policy.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.