Windows Defender Application Control and AppLocker feature availability
Applies to:
- Windows 10
- Windows 11
- Windows Server 2016 and above
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.
| Capability | WDAC | AppLocker |
|---|---|---|
| Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later | Available on Windows 8 or later |
| SKU availability | Cmdlets are available on all SKUs on 1909+ builds. For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. |
Policies deployed through GP are only effective on Enterprise devices. Policies deployed through MDM are effective on all SKUs. |
| Management solutions |
|
|
| Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ |
| Kernel mode policies | Available on all Windows 10 versions and Windows 11 | Not available |
| Per-app rules | Available on 1703+ | Not available |
| Managed Installer (MI) | Available on 1703+ | Not available |
| Reputation-Based intelligence | Available on 1709+ | Not available |
| Multiple policy support | Available on 1903+ | Not available |
| Path-based rules | Available on 1903+. Exclusions are not supported. Runtime user-writeability checks enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
| COM object configurability | Available on 1903+ | Not available |
| Packaged app rules | Available on RS5+ | Available on Windows 8+ |
| Enforceable file types |
|
|
| Application ID (AppId) Tagging | Available on 20H1+ | Not available |
Feedback
Submit and view feedback for