Configure Remove App Restriction capability in Microsoft Defender for Endpoint

  • Release version: Zurich
  • Updated March 12, 2026
  • 1 minute to read

    • If needed, remove the restrictions of any application on the device.

    Before you begin

    Role required: sn_si.admin or sn_si.analyst

    Table 1. Requirements for Remove App Restriction capability
    Input Description
    Comment (Required: Comment to associate with the action)

    Procedure

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
      1. In the related links section, select Run Additional Actions on Endpoint.
      2. Browse and select the Remove App Restriction capability.
      Alternatively, you can perform the following steps:
      1. In the related lists section, select Show All Related Lists.
      2. Select the Configuration Item related list.
      3. Select the added configuration items.
      4. Select Run Additional Actions on Endpoint.
      The Additional Comment input field is displayed.
    3. To remove app restriction, select Run Additional Action.
    4. View the automation activities of the execution, and validate them.
    5. Validate the status of the action on the Additional Actions on Endpoint related lists.