Auto uninstall applications
HI, We're just starting to roll out applications via company portal and wanted to know if there is a way to automatically uninstall applications once users are removed from the assigned group? I know you can assign an uninstall group, but that's a headache to manage, I want to remove the app once a user is removed from the assignment. This is mainly for windows 10 Client.
WDAC Managed Installer and Applocker Audit logs
Hello, I am looking to deploy WDAC to Intune managed Windows 11 devices. In testing I have followed guidance (link below) to create the required supporting Applocker ManagedInstaller rule: Allow apps deployed with a WDAC managed installer (Windows) | Microsoft Learn In testing, whilst this appears to work (in that an app deployed by Intune is allowed, but the same app installed locally by an admin is not), I have noticed that the configuration results in a excessive amount of logging to the Applocker Microsoft-Windows-AppLocker/EXE and DLL log, i.e. a 8003 audit event for pretty much every DLL execution: Does anyone know if this is expected? Seems an obvious question as I see how the configuration of the Applocker ManagedInstaller rule collection in audit mode could cause this: Just looking for some clarification that this is expected as I had not anticipated the use of this (MDAC) option to result in such aggressive logging by Applocker (which I am otherwise not looking to use)? I have seen no mention of this in the documentation, so I guess it is either deemed obvious (which one could argue is the case!) or I have miss configured something? Does anyone else have this configured and if so, do you see the same? Many thanks, PhilApplication Control - LOB Application Exclusions
Hi, Consider I've tested Application Control in either audit or enforce mode (setting from Endpoint Manager/Endpoint Protection/AC). Everything seems to work fine except a few LOB-applications. Questions: How do I exclude these LOB-applications from Application Control? I think I've read about that you need to combine Application Control with Applocker for exclusions is that true? If that's the case where can I find documentation on how to setup exclusions? If that's true - does the exclusions need to be managed by GPO or can it be managed via MDM only? (AAD Join only)
