Nah. Not opinions. They are facts. So you are saying that Microsoft's own official support pages are "opinion"?
Here are the facts: Windows 7. it's officially dead. Windows 10, officially dead in 2 years. end of life dates available on MSFT website. since Windows 11 was released, Windows 10 has been in maintenance mode only.
Here are the real-world facts. In enterprise, Windows 7, 8.1 and 10 & Server 2012, 2014, and 2016 are still deployed - and Microsoft is supporting them. It will provide extended support for Windows 10 for a fee just like it did with 7. Not only that, nearly 40% of the world's home users are still running Windows 10 and won't be upgrading to 11 anytime soon. So it doesn't matter what dates you quote from Microsoft. These are irrefutable facts.
WDAC works very well on up to date OS
Yes, it does. Nobody is questioning its protection efficacy. It does however suffer from multiple usability issues that even Microsoft has officially acknowledged.
It is really weird that you are saying things about WDAC that Microsoft itself claims to be otherwise. Is everything that Microsoft does perfect in your eyes?
yes I can deploy it successfully to any number of PCs that have up to date OS and maintain them. whether 10k or 10 billion.
That is not what I asked you. The question that you were asked is:
"Have you ever tried to deploy WDAC on 10,000 endpoints in an infrastructure environment that includes everything from Windows 7 to 11 and Server 2012 through 2022, including all the enterprise software that has unsigned executables and DLLs? OR is your opinion all based upon Microsoft's latest-and-greatest running in your home Hyper-V lab?"
Since you wiggled out of that question by not answering it, we'll take that as a "No."
and yes I can deploy it successfully to any number of PCs that have up to date OS and maintain them. whether 10k or 10 billion.
How will you do the pre-deployment audit to gather system infos across all the network segments? What do you plan to do about all the completely legit third party software (that you call "shady") and create the correct WDAC policies?
And exactly what distribution method would you use - MCM, SCCM, (MDM) InTune, Group Policy, ePO? How is the deployment going to scale? What time frame? How are you going to handle errors? Would you instead use OpenSSH and PSSession to execute a WDAC deployment script from a .csv source endpoint file?
Or you plan on deploying WDAC only to Windows 11 Server 2022 boxes, with only Microsoft signed and Store apps? (Yes. This is what you meant. lol)
Don't care about sans or any 3rd party stuff, fact is, they all have their own politics, opinions and biases.
lol, do you even know what SANS is? Do you even know who are the teaching staff there? lol, some are Microsoft employees or subcontractors. That's who. Plus Microsoft and SANS work closely together. For you to even suggest that SANS would drop teaching WDAC because of politics, opinions or biases is absurd.
Microsoft Defender for Office 365 is pleased to announce a partnership with SANS Institute to deliver a new series of computer-based training (CBT) modules in the Attack Simulation Training service. The modules will focus on IT systems and network administrators. Microsoft is excited to...
And by the way, like I already mentioned, WDAC has got many new features, constantly, and I know what they are because I test and use them. but it's out of the scope of this topic so either do your own research or open a Github discussion to continue it. don't want to go off topic any more and I'd appreciate if you don't either.
No. It's not out of the scope of this topic. If it is as you claim, then it would take you less than a few minutes to provide this list of "many new features." You know, Microsoft is conscientious about keeping the industry informed via its devblog and other team sites, and yet there is narry a mention of new WDAC features. There's no mention of new WDAC features on the TechCommunity. So where is it that you are getting the inside on newly implemented features in WDAC?
My question about new features was legit as I, and others here, genuinely are interested in learning about these new WDAC features.
that's why I keep mine always up to date and if you read the latest wiki I wrote, you'll get more info, specially you'll know how easy it is to deploy it and what the benefits are.
You do realize that juat about every single one of your GitHub pages is a wall of text, right? That you have to do all that explaining on Microsoft's behalf is proof positive of poor Microsoft usability.
lol, I've done enterprise deployments and it isn't easy. It is easy in a nice, clean simplistic heterogeneous home lab Hyper-V environment.