Three Rule templates in the Microsoft EDP (enterprise database protection) Configuration Policy: edprule

Three Rule templates in the Microsoft EDP (enterprise database protection) Configuration Policy: edprule

Set up the Microsoft EDP environment:
Microsoft 10 insider preview, Microsoft Intune, ie10 (to install the plug-in silverlight)

Currently, only a small part of the application to the app list is added when the policy is configured.
For example, the title Rule template
1. Store app: Universal Windows Platform (UWP) app
2. Desktop app: Classic Windows app
3. Applocker policy file

The key difference between adding an application to the app list is the selection of Rule template.

To add an application to the app list
Title: The general name of the software is recommended.
Mode: allow and exempt
Template: The above three types

Publisher and product name
Find the publisher and product name methods of the application

Store app (eg: OneNote)
If it is not installed, query the publisher and product name of the application and use applockerdata in Windows Store for Business.

Desktop app (eg: iexplore)
Publisher and binary name
Run the Get-AppLockerFileInformation-Path "<path of the exe>" command to query publisher.
Here, we will summarize the Store app and Desktop app: We generally think that the system's built-in application is located as a Desktop app, and you need to install it as a Store app. If you find that your understanding is wrong, you can modify it later.

Applocker policy file
1. Use Applocker to create an app rule and xml file
Run secpol. msc to open the local security policy
In the left-side pane, locate application control policies and expand
Find applocker and continue
Find the package application rule. The system below win8.1 does not seem to have
Select package application rule, right-click, and select create new rule.
Then the wizard will come out, next
Select allow and next.
On the publisher page, select
Select the application you want to select
Enter publisher, product name, and version
Select create
Wait a moment to confirm the created rule.
Right-click applocker, select export policy, select xml format, name and save
2. Import the created xml file to Intune.
The procedure is the same as that of the Store app. Instead of entering publisher and product name, you can import an xml file.
Here we should summarize the differences between Applocker policy file and the above two rules. At present, we have no in-depth understanding of the rules such as applocker policy file and have the opportunity to talk about it again.

I try to use the Store app and Desktop app.