Now for a Limited Time...

Receive our All-Access Pass FREE with any Masterclass Purchase!

This $695 value is only available for Masterclass purchases March 1 - May 1, 2026

  • 00 Days
  • 00 Hours
  • 00 Minutes
  • 00 Seconds
See the Masterclass Schedule

Masterclass Description

Don’t miss the opportunity to join a deep, practical training led by one of the world’s leading Windows security experts. Sami Laiho brings decades of real-world experience to this focused training on application control, helping you understand not just how to configure AppLocker, but how to design, deploy, and operate it in modern enterprise environments.

In this LIVE Online Training, you will go far beyond basic rule creation. Instead, you will learn how application control behaves in production, how attackers bypass weak configurations, and how to build policies that hold up under real-world pressure. You will also explore how Microsoft Intune is used to deploy and manage AppLocker.

If you want to move from “we tried AppLocker” to actually controlling what runs in your environment, this training is for you.

Hands-on-Labs
This training includes hands-on exercises based on real-world scenarios. You will build and deploy AppLocker policies, analyze audit logs, identify gaps, and fix broken configurations. You will also work with Intune-based deployments and test how policies behave on modern Windows devices.

Added Bonus
You will receive all sample policies, scripts, and tools used during the training.


This LIVE Online Training runs for two days and includes:

  • Live technical sessions with deep, practical content
  • Real-world demonstrations and troubleshooting scenarios
  • Hands-on labs and guided exercises
  • Direct access to ask Sami questions during the sessions
  • Access to all scripts, tools, and policy examples


This LIVE Online Training is for YOU if you want to:

  • Control what actually runs on your endpoints
  • Move beyond antivirus and reactive security
  • Design AppLocker policies that work in production
  • Deploy and manage application control using Intune
  • Understand how AppLocker is bypassed and how to prevent it
  • Evaluate if, when, and how to move to App Control for Business/WDAC
  • Build a repeatable, scalable application control strategy

...and so much more!

Prerequisites

Basic knowledge of Windows administration, Active Directory or Entra ID, and core networking concepts such as DNS, TCP/IP, and connectivity troubleshooting.

Masterclass Schedule

Date and start time for the next Masterclass:

  • August 13-14, 2026, 9:00 AM-4:00 PM Central Time (US and Canada)


Note: The live sessions of the Masterclass will be recorded and made available for live participants to view.

Sign Up Today!



Masterclass Outline

Module 1: Allow-Listing (aka Whitelisting) in General

  • Different Allow-Listing Options in Windows
  • AppLocker vs. App Control for Business (WDAC) vs. Smart App Control
  • Allow-Listing (aka Whitelisting) vs. Deny-Listing
  • Why Traditional AV/EDR Is Not Enough
  • AppLocker Basics
  • Understanding Trust Models: Publisher, Path, and Hash
  • App Control for Business/WDAC
  • Where AppLocker Fits in Modern Enterprise Security


Module 2: Implementing AppLocker

  • How to Run an AppLocker Project from Initial Planning to Production Rollout
  • Audit Mode vs. Enforcement Mode, and How to Safely Transition between Them
  • Creating Initial Rule Sets and Validating Them before Enforcement
  • Common Mistakes during Initial Deployment and How to Avoid Them


Module 3: Managing AppLocker

  • Using GUI and PowerShell to Add Trusted Apps
  • Using Correct Rule Types
  • Publisher vs. Hash vs. Path Rules in Real Environments
  • Getting from Thousands of Rules to Just Tens
  • Maintaining and Updating Rules over Time
  • Handling Exceptions without Weakening Security
  • Keeping AppLocker Safe – Fighting against LOLBins


Module 4: Managing AppLocker with Microsoft Intune

  • AppLocker CSP and OMA-URI Configuration
  • Deploying AppLocker Policies via Intune
  • Differences between GPO and Intune-based Management
  • Device vs. User Targeting Considerations
  • Monitoring and Validating Policy Deployment
  • Real-World Limitations and Workarounds


Module 5: Troubleshooting AppLocker

  • Common AppLocker Bypass Techniques and How They Work
  • What Fails with an Enterprise Implementation of Allow-Listing (aka Whitelisting)
  • Reading and Interpreting AppLocker Event Logs
  • Identifying Why an App Was Blocked or Allowed
  • Troubleshooting Policy Deployment Issues
  • Diagnosing Unexpected Behavior in Production

Instructor

Sami Laiho

Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1995. Sami has been auditing and implementing security solutions, specializing in Principle of Least Privilege, Application Control and Privileged Access Workstations, since 2002. Sami has deployed solutions for companies with between 1-550000 endpoints. One of the world's leading professionals in the Windows OS and Security, Sami has been working with and teaching OS troubleshooting, management, and security since 1995. Sami's session was evaluated as the best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016, 2017, 2019, 2020, 2022, 2023, 2024 and 2025 (Keynote for NIC). Sami is also an author at PluralSight and the conference chair for the TechMentor and "Cyber Security and Ransomware Live!" conferences.

Sami Laiho

Chief Research Officer, MVP