Microsoft’s recommended application blocklist is implemented
Implement Microsoft's recommended blocklist to enhance security.
Plain language
This control is about using Microsoft's recommended list to block certain applications from running on your systems. It's like having a bouncer at the door to stop unwanted guests from entering your party. If you don't have this, harmful programs could run and damage your data or steal sensitive information.
Framework
ASD Essential Eight
Control effect
Preventative
E8 mitigation strategy
Application control
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML2
Official control statement
Microsoft’s recommended application blocklist is implemented.
Why it matters
Without Microsoft’s recommended blocklist, known malicious or unwanted apps can run, increasing risk of compromise and data loss.
Operational notes
Import Microsoft’s recommended block rules into WDAC/AppLocker, test in audit mode, then enforce; review and update rules after patch cycles.
Implementation tips
- IT team should ensure the application's blocklist is updated. Review and apply Microsoft's recommended blocklist to your systems to prevent unauthorised software execution.
- System administrator should implement blocklist on all workstations. Use Windows settings to apply blocklist policies to control what applications can be executed.
- Security officer should verify compliance of the blocklist. Regularly check that the blocklist is consistently applied across all devices.
- IT team should document the blocklist implementation process. Keep a step-by-step record of how the blocklist is set up and maintained for future reference.
- System administrator should perform regular updates. Schedule routine checks and updates of the blocklist as Microsoft releases new security recommendations.
- IT team should train staff on security practices. Educate employees on the importance of application control and why certain applications are blocked.
Audit / evidence tips
-
AskHas the organisation implemented Microsoft's recommended blocklist on all systems?
-
GoodBlocklist settings reflect Microsoft's latest recommendations and are applied consistently across all workstations
-
AskHow often is the blocklist updated and reviewed?
-
GoodThe blocklist is updated whenever new recommendations are issued by Microsoft, with documented logs of each update
Cross-framework mappings
How E8-AC-ML2.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| ISM-0843 | E8-AC-ML2.3 requires implementing Microsoft’s recommended application blocklist as part of controlling what can run in the environment | |
| ISM-1657 | E8-AC-ML2.3 requires implementing Microsoft’s recommended application blocklist to block known unwanted applications | |
| sync_alt Partially overlaps (2) expand_less | ||
| ISM-1601 | ISM-1601 requires implementation of Microsoft ASR rules to reduce the attack surface on endpoints | |
| ISM-1659 | E8-AC-ML2.3 requires implementing Microsoft’s recommended application blocklist to prevent execution of risky user-mode applications | |
| extension Depends on (1) expand_less | ||
| ISM-0955 | E8-AC-ML2.3 requires implementing Microsoft’s recommended application blocklist, which depends on having an application control mechanism... | |
| link Related (1) expand_less | ||
| ISM-1544 | E8-AC-ML2.3 requires organisations to implement Microsoft’s recommended application blocklist to prevent execution of known risky/abusabl... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.