May 2022 – IT Dev Lab

Confirm what WDAC policies are present on a device

Andrew 18 May 2022 0 Comments

Windows Defender Application Control (WDAC) is an application control system integrated into Windows 10/11 and is used within Enterprise to whitelist trusted applications, allowing them to run, and blocking either…

KQL Today I Learned

#TIL KQL parse_path() function

Andrew 5 May 2022 0 Comments

Working with Sentinel and Log Analytics is nearly a daily task for me of late, and working with WDAC of late interrogating file paths was something I was finding very…

Microsoft 365

Microsoft 365 dkim=fail (no key for signature)

Andrew 3 May 2022 0 Comments

Recently I was working on a migration project moving a number of domains from a 3rd party mail hygiene solution to Defender for Office 365 and as part of the…

Confirm what WDAC policies are present on a device

#TIL KQL parse_path() function

Microsoft 365 dkim=fail (no key for signature)

You Missed

Looking to migrate from MIM to Microsoft Entra?

January 2024 WDAC Advanced Hunting changes

Creating a policy with the WDAC Wizard

Application control with Microsoft WDAC