title | description | ms.localizationpriority | ms.date | ms.topic |
---|---|---|---|---|
Windows Defender Application Control feature availability |
Compare Windows Defender Application Control (WDAC) and AppLocker feature availability. |
medium |
12/21/2023 |
overview |
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Review the following table to learn more.
Capability | Windows Defender Application Control | AppLocker |
---|---|---|
Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. |
Edition availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later. WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. |
Policies are supported on all editions Windows 10 version 2004 and newer with KB 5024351. Windows versions older than version 2004, including Windows Server 2019:
|
Management solutions |
|
|
Per-user and Per-user group rules | Not available (policies are device-wide). | Available on Windows 8+. |
Kernel mode policies | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
Rule option 11 - Disabled:Script Enforcement | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. Disabled:Script Enforcement isn't supported on Windows Server 2016 or on Windows 10 1607 LTSB and shouldn't be used on those platforms. Doing so results in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. |
Per-app rules | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Managed Installer (MI) | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Reputation-Based intelligence | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Multiple policy support | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022. | Not available. |
Path-based rules | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default. | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
COM object allowlisting | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
Packaged app rules | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Available on Windows 8+. |
Enforceable file types |
|
|
Application ID (AppId) Tagging | Available on Windows 10, version 20H1 and later, and Windows 11. | Not available. |