When using MDM to push AppLocker policies to a Windows 10 device, there are several places that you can check to confirm that your settings have been successfully applied.
- File Explorer
- Event Viewer
- Try to launch the App
Let’s take a look…
1. File Explorer
Open up File Explorer. Look at the C:\Windows\System32\AppLocker\MDM subfolders to see if the corresponding rules exist for EXE, MSI, Scripts, and APPX. Open with Notepad++ to make sure that the contents of the Policy file matches the contents of the policy that you pushed with your MDM.
2. Event Viewer
Open up Event Viewer. Navigate to the Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin log to confirm that the policy was correctly ingested.
Install and run Fiddler to see which CmdID(s) did not receive a 200. 200 is good. Anything besides a 200 is bad.
4. Try to launch the app on a device
Once you have confirmed that the policy exists on the device and did not fail, you can try to open the app and if you see a block message then you know that your rule has been applied correctly.
I hope that you find this content helpful. Let us know if there are any other MDM related questions that we can answer for you!