Microsoft quietly made AppLocker deployment easier across Windows 11 and some Windows 10s

Microsoft has quietly made a welcome change to its AppLocker feature. AppLocker application control policies help organizations manage the applications and files that users can run on their systems. These include EXE files, scripts, Windows Installer files, DLL files, packaged apps, and packaged app installers.

The Redmond giant has removed the checks that were previously enforced depending on the edition of Windows used or the management method used. AppLocker deployment for Mobile Device Management (MDM) used to be different from the Group Policy management. Hence, from now on IT admins and system admins can deploy AppLocker freely across Windows 11 as well as some supported versions of Windows 10, irrespective of the edition or management method.

In a support article titled "KB5024351—Removal of Windows edition checks for AppLocker" Microsoft has explained this major change.

The Windows updates dated September 30, 2022, and later, made significant changes for AppLocker support. Before the updates, Windows tied policy enforcement to the Windows edition and the method used to manage its endpoints. For instance, systems managed by mobile device management (MDM) enforced AppLocker policies on all editions of Windows 10 and Windows 11. Also, systems managed by Group Policy only enforced AppLocker policies on Windows 10 and Windows 11 Enterprise or Education editions.

These updates removed the edition checks for Windows 10, versions 2004, 20H2, and 21H1 and all versions of Windows 11. You can now deploy and enforce AppLocker policies to all of these Windows versions regardless of their edition or management method.

The change was introduced on Windows 11 and Windows 10 with the following updates:

You may find more details regarding AppLocker deployment in this support article.