Microsoft to Enhance Security with New Defender Application Control for Business in Windows Server 2025
Microsoft's Windows Defender Application Control for Business in Windows Server 2025 allows administrators to manage trusted applications and drivers with customizable security policies.
Published: Oct 14, 2024
Key Takeaways:
- Microsoft will introduce support for Windows Defender Application Control for Business in Windows Server 2025.
- It will allow administrators to create a trusted list of applications and drivers, ensuring only authorized software can run on devices.
- Administrators can utilize PowerShell commands and OSconfig tools for easy deployment and customization of security policies.
Microsoft is planning to add support for Windows Defender Application Control for Business in Windows Server 2025. This security feature enables administrators to create a list of trusted applications and drivers that are allowed to run on devices within the organization.
Microsoft has provided a set of default security policies for Windows Server 2025 that can be applied using PowerShell commands through the OSconfig platform. The Application Control feature operates in two modes: Audit mode and Enforcement mode.
In Audit mode, the system permits untrusted or potentially harmful files to run without blocking them but keeps a detailed log of these events for administrators to assess the impact of stricter policies. In contrast, Enforcement mode actively blocks any untrusted or unauthorized files from running and records all blocked attempts for further review.
In Windows Server 2025, Microsoft is focusing on improving the deployment and management of Application Control policies. This update should also help facilitate the transition from Audit mode to Enforcement mode through local tooling and PowerShell experience.
“There will be no Application Control policy in audit mode which will be enabled by default in WS 2025. The only way to add Application Control for business is via OSconfig tool. Base policies are integrated in OSconfig (unsigned). Using these policies, users will be able to add supplemental policies to existing base policies (to customize the default base policy,” Microsoft explained.
Getting started with Windows Defender Application Control for Business (WDAC)
Currently, the Windows Defender Application Control is available to Windows Insiders in the Windows Server preview build 26304. Administrators will need to install ‘OSconfig Powershell Module’ to configure Application Control for Business. Additionally, Microsoft has released the Windows Server 2025 Security Baseline Preview, featuring over 350 preconfigured security settings.
Microsoft has also created a new Azure Monitor workbook to help administrators track file audits, block activity, and policy actions. This data can be integrated into WDAC Wizards to fine-tune App Control for business policies. Administrators can access the Azure Monitor workbook for Application Control for Business (Preview) on the GitHub repository.