Microsoft O.S. Security

My first goal upon being assigned to work as a PM on Windows Defender Application Control (WDAC) was simply to understand how it functioned. WDAC is a set of Operating Systems-level tooling that can be used to dictate which files are allowed to execute on a device. It works by setting up a policy which can specify what is allowed and what is specifically blocked, and then either be set to audit (record events without preventing anything from running) or block (actually prevent files from executing). It is inherently both a strong protection and a restrictive one: anything not explicitly allowed to run will be blocked.

I began by trying to use the tooling myself, but quickly hit a wall. I found the documentation hard to navigate, with no clear tutorials to guide a basic policy setup. Even after I did find the content I was looking for, I often ran into issues making sense of the instructions for how to activate my policy and see its results.

I wondered whether my difficulties were caused by being so new to the space, or if users were also running into this level of frustration. Unfortunately, my secondary research into technical blogs advising how to use WDAC revealed that I was not alone in my struggles. Various IT Professionals who had tried to use this product reported investing substantial time, only to end up unable to deploy it in block mode (required for preventative protection).

I quickly realized that the challenges with this product went much deeper than feature gaps, so I switched to using a broader lens.

Above: Screen capture of a blogger detailing challenges deploying WDAC

1. limited understanding of user needs

• no UX research support
• mostly pursuing features based on internal understanding of cababilities
• under-utilizing existing channel of communication (mailing list)

2. cross-product fragmentation

• need to manage policies across multiple platforms (no way to deploy custom policies via MEM Intune)
• adjacent security team had an in-progress plan to develop a competing app control product
• outdated app control tech still in use

3. high barrier, low support

• technically complicated
• feature set had known gaps that were outside our scope to address
• incomplete & outdated documentation

1. understanding user needs

• Set up recurring co-design workshop with core set of customers and two partner teams
• Designed new pop-up which provides more information for end-users and creates a channel for IT pros to get their feedback

2. creating cross-product consistency

• set up partnership with adjacent teams (MEM & Defender ATP)
• supported MEM to ship various components of WDAC integration: including default policies to lower barrier to entry, deploying custom policies, policy signing
• supported ATP in shipping reputation updates that WDAC could consume

3. reducing complexity & adding support

• Documentation overhaul: comprehensive documentation for new features, feature availability comparison, plan to redo information architecture
• Monthly newsletter (to support staff and enrolled enterprise customers)