Skip to content

Restrict app execution using Microsoft Defender for Endpoint


In one of my previous post, I talk about the steps to isolate device from the network in case of any suspicious activity on the device. In addition to device isolation you can also  you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running by restricting application execution on the devices using Microsoft Defender for Endpoint.

To restrict an application from running, Microsoft Defender for Endpoint applies an code integrity policy that only allows those files to run if they are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised devices and performing further malicious activities.

Implementing Application Restriction

Login to Microsoft Defender Security Console.

Select the Devices and then select the device where you want to implement application restriction.

Select Device Value and choose  Restrict App Execution

Confirm the Action

User will see the notification on his screen

You can also see all the actions using Action Center in Defender Security Console

Hope this will be informative for you. Please do share if you find worth sharing it.