WDAC event log issue

[LadeleAjao]

I’m really struggling with implementing WDAC. I’ve deployed the audit mode policy via Intune and assigned it to all users
around 1,800 devices. Using Microsoft Security’s Advanced Hunting, I’ve collected logs across all these devices. The logs have been analyzed and grouped accordingly.

I used the App Control Wizard’s Policy Editor to manually convert the audit event logs into allow policies by approving relevant file paths. I did the same for Publisher rules as well. My goal is to merge these two policies and deploy them via Intune, so I can have one robust allow policy across all devices. Eventually, I plan to switch from audit mode to enforced (block) mode.

I’ve attempted to merge the two policies, but I’ve been unable to successfully convert the merged XML to a .bin file for deployment. Even deploying them separately isn’t working—and I’d prefer not to go down that path anyway. I understand App Control Manager might support this kind of workflow, but unfortunately, we can’t use it in our environment due to authentication issues.

Could anyone advise on best practices, tools, or PowerShell scripts that could help get this working? I’ve been stuck on this for two weeks and would really appreciate any support or suggestions.

[Soka2020]

Hello LadeleAjao, I don't quite understand why you want to convert your XML to .bin? If you deploy via Intune it will take your XML directly and therefore no need to convert. Sorry if I misunderstood but I think that with App control Wizard and Intune you already have the right tools.

[LadeleAjao]

Description:
I have been experiencing persistent issues deploying a Windows Defender Application Control (WDAC) baseline policy through Intune.
Steps Taken:
Created a WDAC baseline policy in XML.
Converted it to .p7b and signed it using a valid code signing certificate.
Followed Microsoft’s documented process to deploy via Intune Custom CSP Profile:
Devices → Configuration profiles → Create → Windows 10 and later → Templates → Custom
Add setting:
Name: WDAC Baseline
OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/01c765a1-99ac-43c8-9b2c-603e46e65b9e/Policy
Data type: Base64 (file)
Value: Uploaded {GUID}.bin file (not pasted text)
Issue:
Whenever I attempt to save and deploy, I receive the following error message:
Unable to save due to invalid data. Update your data then try again:
Exception has been thrown by the target of an invocation.

Request for Support:
Please confirm whether a signed .p7b can be directly uploaded for CSP deployment, or if only a .bin/.cip file generated by ConvertFrom-CIPolicy is supported.
Clarify if there are size limitations on the Base64-encoded policy file for Intune CSP deployment.
Provde guidance on resolving the invalid data error when uploading the signed policy.