How To Upload App Control Policies To Intune Using AppControl Manager

The AppControl Manager provides native support for Intune, enabling effortless deployment of App Control policies to your Intune-managed devices.

To do that, navigate to the Deploy App Control Policy page, Click the Sign In button. A new browser tab will open, prompting you to sign into your Entra ID account.

Once signed in, you'll be redirected back to the AppControl Manager.

Permissions Required

To successfully complete the sign-in process and deploy policies, your account must have the following permissions, adhering to the Principle of Least Privilege:

Group.Read.All: Allows the AppControl Manager to read security groups and display them in the dropdown list.
DeviceManagementConfiguration.ReadWrite.All: Grants the ability to create, upload, and assign App Control policies.

By ensuring these permissions are in place, you can seamlessly deploy App Control policies through Intune while maintaining secure and minimal access.

Select Policies To Deploy

Select one or more XML files to deploy to Intune. You have the option to deploy them as-is (unsigned) or cryptographically sign them before deployment. Each XML file will be deployed as a separate Intune configuration policy for better management of policies.

The name specified in the XML file will appear as the name of the corresponding Intune configuration policy in the Intune portal. Similarly, the policy ID from the XML file will be used as the uploaded policy's ID, enabling easy identification of policies on workstations after deployment.

You can optionally use the Refresh button and select a group to assign to the policies you upload to Intune.

How To Change Tenant?

If you want to change your tenant and sign into another account, press the Sign Out button and then use the Sign In button again to sign into a different tenant.