Introduction
In one of my previous post, I talk about the steps to isolate device from the network in case of any suspicious activity on the device. In addition to device isolation you can also you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running by restricting application execution on the devices using Microsoft Defender for Endpoint.
To restrict an application from running, Microsoft Defender for Endpoint applies an code integrity policy that only allows those files to run if they are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised devices and performing further malicious activities.
Implementing Application Restriction
Login to Microsoft Defender Security Console.
Select the Devices and then select the device where you want to implement application restriction.
Select Device Value and choose Restrict App Execution
Confirm the Action
User will see the notification on his screen
You can also see all the actions using Action Center in Defender Security Console
Hope this will be informative for you. Please do share if you find worth sharing it.