3.1. Dedicated management console (not managed through scripts or GPO) 3.2. Learning Mode capability for at least 30 days to record all detected execution activity 3.3. Gradual phase-in of Enforcement Mode throughout the environment 3.4. Block execution of applications not explicitly allow-listed through the management console 3.5. User-friendly request system for blocked applications 3.6. Ability to temporarily place individual machines or groups into learning mode 3.7. Flexible allowlist additions at machine, group, or enterprise-wide levels 3.8. Threat intelligence and/or risk ratings for detected applications 3.9. Sandboxing tools for testing unknown software 3.10. Comprehensive reporting capabilities 3.11. Granular access controls for allowed applications for example disallowing approved applications to access the registry or access the internet
