A feature fresh into Public Preview, Application Control using either a GUI for standard settings, or you can upload a custom WDAC XML.
I’m not going to go into how to configure it because that is well described here:
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy
For creating your XML, WDAC Wizard is your friend:
As usual, the first thing I did when testing was to start digging around in the underworld of Graph to see what’s happening behind the scenes and if I can automate it. The answer, of course, is yes and here it is:
The script can be run with parameters for use with an app reg, or can just be connected interactively.
The first thing the script does is checks if you have configured the Managed Installer and if not, it will configure it for you.
Next, there are a few variables to set which are in the Set Variables section from line 53.
Apart from the basic name and description you can point it to a WDAC XML file or set the options presented in the GUI to allow/block Managed Installers, Trusted Installers as well as Enable or Audit Windows Store apps.
You also need to set the Group ID for assignment
If you set the XML, it will grab it, make it clean for upload and then create the policy.
If you have opted for the true/false options, it will customise the JSON and create the policy for you.
Happy Deploying!