Can you control the workstations in your network to only run the applications you want them to run? Do you know if their applications are being accessed appropriately? Are you doing everything you can to limit intrusions via illicit consent? Are you monitoring what sensitive information is in your office and should be protected?
If you answered “no” to any of these questions, take the time to review your policies and applications to see if you can better control your network.
Windows 10 S set the stage for restricting applications
A few years ago Microsoft developed a new platform called Windows 10 S that had the potential to simplify application whitelisting. Created as an alternative to Chromebooks, the platform’s concept was to allow only vetted applications to be installed. You might have seen advice online against using Windows 10 S mode and to switch out of it, but that advice does not reflect the vision of Windows 10 S mode: It’s a platform to begin making application restrictions the norm rather than the exception.
When Windows 7 was first released the User Account Control (UAC) setting was derided as being too aggressive. Many IT administrators disabled it to get their applications to work. The setting was not to annoy IT administrators. Rather it was a step toward getting application vendors to stop demanding administrator rights.