I’m really struggling with implementing WDAC. I’ve deployed the audit mode policy via Intune and assigned it to all users \naround 1,800 devices. Using Microsoft Security’s Advanced Hunting, I’ve collected logs across all these devices. The logs have been analyzed and grouped accordingly.<\/p>\n
Advertisement
I used the App Control Wizard’s Policy Editor to manually convert the audit event logs into allow policies by approving relevant file paths. I did the same for Publisher rules as well. My goal is to merge these two policies and deploy them via Intune, so I can have one robust allow policy across all devices. Eventually, I plan to switch from audit mode to enforced (block) mode.<\/p>\n
Advertisement
I’ve attempted to merge the two policies, but I’ve been unable to successfully convert the merged XML to a .bin file for deployment. Even deploying them separately isn’t working—and I’d prefer not to go down that path anyway. I understand App Control Manager might support this kind of workflow, but unfortunately, we can’t use it in our environment due to authentication issues.<\/p>\n
Could anyone advise on best practices, tools, or PowerShell scripts that could help get this working? I’ve been stuck on this for two weeks and would really appreciate any support or suggestions.<\/p>","upvoteCount":5,"answerCount":5,"datePublished":"2025-07-23T06:08:53.944Z","author":{"@type":"Person","name":"spiceuser-92g4","url":"https://community.spiceworks.com/u/spiceuser-92g4"},"suggestedAnswer":[{"@type":"Answer","text":"
I’m really struggling with implementing WDAC. I’ve deployed the audit mode policy via Intune and assigned it to all users \naround 1,800 devices. Using Microsoft Security’s Advanced Hunting, I’ve collected logs across all these devices. The logs have been analyzed and grouped accordingly.<\/p>\n
I used the App Control Wizard’s Policy Editor to manually convert the audit event logs into allow policies by approving relevant file paths. I did the same for Publisher rules as well. My goal is to merge these two policies and deploy them via Intune, so I can have one robust allow policy across all devices. Eventually, I plan to switch from audit mode to enforced (block) mode.<\/p>\n
I’ve attempted to merge the two policies, but I’ve been unable to successfully convert the merged XML to a .bin file for deployment. Even deploying them separately isn’t working—and I’d prefer not to go down that path anyway. I understand App Control Manager might support this kind of workflow, but unfortunately, we can’t use it in our environment due to authentication issues.<\/p>\n
Could anyone advise on best practices, tools, or PowerShell scripts that could help get this working? I’ve been stuck on this for two weeks and would really appreciate any support or suggestions.<\/p>","upvoteCount":5,"datePublished":"2025-07-23T06:08:54.006Z","url":"https://community.spiceworks.com/t/wdac-implementation-advice/1226098/1","author":{"@type":"Person","name":"spiceuser-92g4","url":"https://community.spiceworks.com/u/spiceuser-92g4"}},{"@type":"Answer","text":"
in my testing there seems to be a limit to size of the xml file that gets created. is a tricky thing. If the file is bigger than said limit then it won’t work.<\/p>\n
For the moment I am successfully using signed and reputable mode, but I also has major struggles getting the other modes to work as expected.<\/p>\n
In Intune have you looked into enabling managed installer? it won’t help in the short term but long term App Control will auto trust anything you install via intune once managed Installer is enabled<\/p>","upvoteCount":2,"datePublished":"2025-07-23T13:05:20.756Z","url":"https://community.spiceworks.com/t/wdac-implementation-advice/1226098/2","author":{"@type":"Person","name":"molan","url":"https://community.spiceworks.com/u/molan"}},{"@type":"Answer","text":"
I managed to clean the XML file this morning and created the .bin file, which I then deployed to Intune fingers crossed. Honestly, Microsoft needs to do more with this feature limited SME support and a lack of quality resources really hold it back.<\/p>","upvoteCount":3,"datePublished":"2025-07-23T13:57:36.000Z","url":"https://community.spiceworks.com/t/wdac-implementation-advice/1226098/3","author":{"@type":"Person","name":"spiceuser-92g4","url":"https://community.spiceworks.com/u/spiceuser-92g4"}},{"@type":"Answer","text":"
