Deployment Models
WDACManager can be deployed in multiple ways depending on the level of control and operational involvement required by your organisation. Some customers prefer to operate the platform entirely within their own infrastructure, while others prefer a managed or fully operated service.
Choose the model that best fits how much infrastructure and policy management you want to operate yourself:
Customer Managed Deployment
In this model you deploy and operate WDACManager within your own infrastructure. This approach provides full control over the environment, data storage, and operational processes. WDACManager is distributed as containerised services and pre-built deployment packages to simplify installation.
Typical deployment options include:
- Docker container images that can be deployed on existing Linux or container infrastructure
- Pre-configured virtual machine images available through cloud marketplaces such as Azure Marketplace
- Self-hosted deployments in on-premises environments or private cloud infrastructure
Once deployed, you configure the platform by connecting it to your Microsoft environment and setting up authentication. Administrators and policy managers can then begin defining WDAC policy workflows.
This model is ideal for organisations with strict data residency requirements or environments where security controls require platforms to operate entirely within the customer network.
Dedicated Cloud Deployment
In this model WDACManager is hosted and operated by our team within dedicated cloud infrastructure.
You receive a **single-tenant deployment** running within isolated infrastructure hosted in Microsoft Azure. The platform is deployed in a region close to your environment to ensure optimal performance and data locality. We can accommodate compliance requirements such as IRAP-assessed Microsoft environments and the use of certified systems only.
You access your environment through a dedicated instance. The deployment is fully isolated from other tenants while still allowing you to maintain full control over your Microsoft environment integration and WDAC policy configuration.
This model removes the operational burden of running the platform while still providing you with full administrative control of WDACManager.
WDACManager as a Service
For organisations that prefer a fully managed solution, WDACManager can also be delivered as a complete service. Think of it as Application Control as a Service.
In this model our team operates the platform and assists with the deployment and ongoing operation of application control policies within the customer environment.
You provide secure integration access to your Microsoft tenant so WDACManager can collect telemetry and deploy WDAC policies through supported Microsoft services.
The service typically includes:
- WDACManager platform licensing
- platform hosting and management
- initial WDAC policy deployment
- ongoing policy maintenance and support
This approach allows organisations to benefit from strong application control without requiring internal expertise in WDAC policy engineering.
Getting Started
Regardless of the deployment model chosen, onboarding typically follows the same high-level process:
- Deploy or provision the WDACManager environment
- Connect the platform to the Microsoft tenant
- Configure telemetry sources such as Defender for Endpoint or Windows event collection
- Begin analysing application execution telemetry
- Generate and deploy WDAC policies to endpoints
This provides full visibility and control over application execution across your organization.
Automation
Simplified
Easy Compliance
