Windows Defender Application Control and AppLocker feature availability
Applies to:
- Windows 10
- Windows 11
- Windows Server 2016 and above
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.
Capability | WDAC | AppLocker |
---|---|---|
Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later | Available on Windows 8 or later |
SKU availability | Cmdlets are available on all SKUs on 1909+ builds. For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs. |
Policies deployed through GP are only effective on Enterprise devices. Policies deployed through MDM are effective on all SKUs. |
Management solutions |
|
|
Per-User and Per-User group rules | Not available (policies are device-wide) | Available on Windows 8+ |
Kernel mode policies | Available on all Windows 10 versions and Windows 11 | Not available |
Per-app rules | Available on 1703+ | Not available |
Managed Installer (MI) | Available on 1703+ | Not available |
Reputation-Based intelligence | Available on 1709+ | Not available |
Multiple policy support | Available on 1903+ | Not available |
Path-based rules | Available on 1903+. Exclusions are not supported. Runtime user-writeability checks enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
COM object configurability | Available on 1903+ | Not available |
Packaged app rules | Available on RS5+ | Available on Windows 8+ |
Enforceable file types |
|
|
Application ID (AppId) Tagging | Available on 20H1+ | Not available |
Feedback
Submit and view feedback for