Similar to the question here, how do you configure this for a windows 10 machine so that you can configure Windows not to execute tampered binaries? How does one configure Windows not to execute tampered binaries?
I have managed to get this working on a Windows Server 2019 instance, but struggling to get it working on a windows 10 client machine in the same manner when following the same steps. Is there a difference in how this would work on a Windows 10 machine?
Windows Defender Application Control might be the solution for you. It's the successor of AppLocker.
I state that as the fact you use pro device make it hard to deploy AppLocker as you would need to upgrade your computer to enterprise SKU, unless you deploy your computer with MDM.
WDAC need an Enterprise or server OS to make the policies's template but can be push to any business SKU.
To test and deploy WDAC you can see there for example;
Windows Defender Application Control and AppLocker feature availability
Deploy Windows Defender Application Control policies by using Group Policy
Deploying Windows Defender Application Control (WDAC) policies
