Windows Defender Application Control and AppLocker feature availability
- Windows 10
- Windows 11
- Windows Server 2016 and above
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.
|Platform support||Available on Windows 10, Windows 11, and Windows Server 2016 or later||Available on Windows 8 or later|
|SKU availability||Cmdlets are available on all SKUs on 1909+ builds.
For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.
|Policies deployed through GP are only effective on Enterprise devices.
Policies deployed through MDM are effective on all SKUs.
|Per-User and Per-User group rules||Not available (policies are device-wide)||Available on Windows 8+|
|Kernel mode policies||Available on all Windows 10 versions and Windows 11||Not available|
|Per-app rules||Available on 1703+||Not available|
|Managed Installer (MI)||Available on 1703+||Not available|
|Reputation-Based intelligence||Available on 1709+||Not available|
|Multiple policy support||Available on 1903+||Not available|
|Path-based rules||Available on 1903+. Exclusions are not supported. Runtime user-writeability checks enforced by default.||Available on Windows 8+. Exclusions are supported. No runtime user-writeability check.|
|COM object configurability||Available on 1903+||Not available|
|Packaged app rules||Available on RS5+||Available on Windows 8+|
|Enforceable file types||
|Application ID (AppId) Tagging||Available on 20H1+||Not available|
Submit and view feedback for