Microsoft Intune's custom app control will stop malicious code from running

IT admins will be able to use Custop App Control to highly regulate apps.

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Microsoft promises next-gen cybersecurity coming to Windows 11 devices and Microsoft Apps.
  • The Custom App Control and the Config Refresh features will make sure malicious code won't be running on Windows 11 devices.
  • The features will be released on September 26.
microsoft intune custom app control

Microsoft will release the Custom App Control for Business Policies feature in Microsoft Intune on September 26, when Windows 11 23H2, and the hotly-anticipated Windows Copilot will be finally out in the world.

Even if Microsoft focused on AI, the Redmond-based tech giant still does its best when it comes to cybersecurity, and on September 26, the company will release various securities updates.

The Custom App Control for Business policies will be one of them, and it’s also one of the most important security features to be released for organizations.

Why? This new feature will heavily regulate apps, including Microsoft 365 apps, which we know already that they are very prone to malware attacks. For example, only in 2022, over 80% of Microsoft 365 accounts were hacked, and Microsoft Teams is one of the top apps to be the subject of malware.

Custom App Control in Microsoft Tune: what does it do?

For starters, the Custom App Control will regulate applications of your organization’s devices. By this regulation, the apps will have to earn the trust to run, according to Microsoft.

This means that only approved, secured, and trusted apps will be allowed to run on devices. Application control will also stop any of these apps from running any kind of malicious code. We’ve seen this happening before, when Microsoft Teams, for example, was hacked to carry out malicious intune custom app control

The Custom App Control is getting next-generation capabilities when it comes to detecting and stop malware, and IT admins will now be able to provide a customizable configuration.

With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer.


And this is not all. Microsoft is also coming up with the Config Refresh feature; in case, your apps get compromised, the Confit Refresh feature will automatically enable settings in the Policy Configuration Service Provider (CSP) on a Windows 11 device to be reset every 90 minutes by default, or every 30 minutes if desired.

This protects against configuration settings being unexpectedly changed through either malicious software or registry edits and ensures that your settings are retained in the way IT configured them.


The Redmond-based tech giant also promises that more enhancements and improvements are coming to Microsoft Intune’s Custom App Control, and Confif Refresh once they are released.

It is about time Microsoft takes steps to improve its cybersecurity. What do you think about these new features? Let us know in the comments section below.

More about the topics: Cybersecurity, microsoft