I've been seeing a lot of user-installed apps in our organization, and it's become a concern. Currently, we leverage Crowdstrike's custom IOCs to keep high-risk applications at bay, but that's a constantly changing battle.
Considering we're in a Microsoft E5 setup, what are some effective and budget-friendly methods to restrict user applications, either some or all?
3 Answers
Windows Defender Application Control (WDAC) is a solid alternative to AppLocker, especially if you’re looking for something more modern.
One quick way to reduce issues is to remove local admin rights from users. It might limit what they can install.
AppLocker through local group policy is actually a free option. You just need to do a bit of setup to get it deployed via your device management system. Just keep in mind, it won’t work through Group Policy unless you have the enterprise version.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures