Temporarily Bypassing Applocker for Self Extracting Installers
We've always struggled with installers that create temporary exe files in various locations alongside Applocker. Sometimes we're able to grab a copy of the temporary file and whitelist it so the installation can continue but other times the installer bombs out too quickly and we just can't get the file. One solution is to whitelist the %OSDRIVE%\USERS\TEMP\APPDATA\LOCAL\TEMP directory but for security that's a terrible idea. I created a process which I'd like to share that uses Microsoft Power Automation (Flow), Azure Automation, and the Microsoft Graph API to achieve the following: Admin clicks a Flow button on their phone The Flow button takes user input in the form of Active Directory username (ex. rellington) and passes it to a webhook to an Azure Automation job Azure Automation job starts which removes the user from the Applocker enforced Active Directory Security Group (Applocker policy is enforced using Intune) Azure Automation job forces an Intune s