Microsoft has quietly made a welcome change to its AppLocker feature. AppLocker application control policies help organizations manage the applications and files that users can run on their systems. These include EXE files, scripts, Windows Installer files, DLL files, packaged apps, and packaged app installers.
The Redmond giant has removed the checks that were previously enforced depending on the edition of Windows used or the management method used. AppLocker deployment for Mobile Device Management (MDM) used to be different from the Group Policy management. Hence, from now on IT admins and system admins can deploy AppLocker freely across Windows 11 as well as some supported versions of Windows 10, irrespective of the edition or management method.
In a support article titled "KB5024351—Removal of Windows edition checks for AppLocker" Microsoft has explained this major change.
The Windows updates dated September 30, 2022, and later, made significant changes for AppLocker support. Before the updates, Windows tied policy enforcement to the Windows edition and the method used to manage its endpoints. For instance, systems managed by mobile device management (MDM) enforced AppLocker policies on all editions of Windows 10 and Windows 11. Also, systems managed by Group Policy only enforced AppLocker policies on Windows 10 and Windows 11 Enterprise or Education editions.
These updates removed the edition checks for Windows 10, versions 2004, 20H2, and 21H1 and all versions of Windows 11. You can now deploy and enforce AppLocker policies to all of these Windows versions regardless of their edition or management method.
The change was introduced on Windows 11 and Windows 10 with the following updates:
Product | KB number | Release date |
---|---|---|
Windows 11, version 22H2 | September 30, 2022 | |
Windows 11, version 21H2 | October 25, 2022 | |
Windows 10, version 2004 Windows 10, version 20H2 Windows 10, version 21H1 | October 25, 2022 |
You may find more details regarding AppLocker deployment in this support article.