Microsoft has released Windows Server vNext Insider Preview Build 18317
What’s New in Windows ServerWindows Server vNext Insider Preview Build 18317 released
WDAC – Composable (stacked) code integrity policies for supporting multiple code integrity policies
WDAC brings you the ability to support multiple CI policies. Three scenarios are now supported:
Scenario 1 – Deploy a “base” policy in enforcement mode and deploy a second “audit” policy side-by-side to support validation of policy changes before deploying in enforcement mode. (Intersection)
Scenario 2 – Enforce 2 or more “base” policies simultaneously to allow simpler policy targeting for policies with different scope/intent, e.g., Base1 corporate standard policy that is relatively loose to accommodate all organizations while forcing minimum corp standards (e.g. Windows works + Managed Installer + path rules). Base2 team specific policy that further restricts what is allowed to run (e.g. Windows works + Managed Installer + corporate signed apps only) (Intersection)
Scenario 3 – Supplemental policies deployed to expand Base policy, e.g., Azure host baseline policy restricts tightly to just allow Windows and hardware drivers allows supplemental policies. Exchange Azure team supplemental policy adds just the additional signer rules needed to support Exchange team signed code. (Union)
