Windows AppLocker - Tanium Enforce - Tanium Tech Talks #137

tanium logo
Tanium
Aug 20, 2025
Tanium

See how Tanium makes it easier to manage #Windows #AppLocker at scale across multiple environments.

Tanium helps you reach and manage all of your traditional #Windows servers and workstations, and also those that are hard-to-reach:
✅ Older Windows versions
✅ VPN clients and work-from-home
✅ Stand-alone non-AD-domain-joined (like industrial environments)
✅ AD-domain-joined spanning multiple domains and forests

Features and benefits:
🌎 Manage AppLocker at scale through Tanium Enforce
😃 Easy to get up and running
🎚️ Single management surface across all Microsoft environments
♻️ Import policy via Group Policy XML export
🔎 Custom logs and sensors for easy troubleshooting
⚠️ Send alerts via Tanium Connect

#informationsecurity #informationtechnology

FREE PASS TO CONVERGE 2025
Get a FREE pass to Tanium Converge in Orlando, Florida, November 17-20.
Go to: https://converge.tanium.com
➡️ Click Register Now
Use the promo code As-McGl-40000 for a free ticket type of your choosing:
🎟️ In-Person
🎟️ In-Person + Labs
🎟️ Converge Virtual + Virtual Self-Services Labs
Also note:
✅ Converge Virtual base tickets are free and do not require a promo code.
✅ Promo codes cannot be used on certification exams or Converge Party Guest passes.

RESOURCES
Docs: AppLocker policies
https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/policies.html#applocker-policy
Docs: AppLocker policies troubleshooting
https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/troubleshooting.html
Tanium KBs on AppLocker Support
https://help.tanium.com/search
Microsoft KB: AppLocker vs App Control for Business (WDAC)
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview
Microsoft KB: Understanding AppLocker Default Rules
https://learn.microsoft.com/en-us/windows/security/application-security/application-co[…]or-business/applocker/understanding-applocker-default-rules
Microsoft KB: AppLocker and Teams
https://learn.microsoft.com/en-us/microsoftteams/applocker-in-teams

CHAPTERS

00:00 Intro

00:47 Free Converge pass

01:34 Meet Rob

02:59 Rob's Converge labs

05:05 What is AppLocker?

06:50 How does Tanium help?

09:08 DEMO Enforce Policy

09:43 Audit vs Enforce mode

10:50 DEMO Enforce Policy continued

12:10 Microsoft KB guidance

13:40 DEMO Blocking types

14:35 Allowing OneDrive and Teams

15:20 Stacking rules

16:07 DEMO file not blocked

16:42 DEMO Tanium Custom Logging

18:55 DEMO AppLocker Log Sensor

19:55 DEMO Send Alerts via Connect

22:26 Summary So Far - Defense in Depth

23:28 DEMO Log CSV via Connect continued

24:10 DEMO Enforcing Blocking

25:55 DEMO Getting file information

27:40 DEMO Logs for blocking

29:25 DEMO Sensor results for blocking

29:47 DEMO Summary and ideas

30:50 Flexibility over Active Directory and Intune

31:30 FAQ Intune and WDAC AppControl?

33:15 FAQ Tanium client exclusions?

34:25 FAQ Policy management conflicts?

37:57 BIG SUMMARY

39:39 Resources

Copyright © 2026 OpsMatters™. All rights reserved.