Microsoft AppLocker is an application whitelisting feature built into Windows. The use of application whitelisting is one of IAD's top 10 mitigation strategies.
Formal product evaluations also support the use of Microsoft AppLocker. The Common Criteria evaluation of Windows 10 against the NIAP Protection Profile for General Purpose Operating Systems completed April 5, 2016. The Common Criteria evaluation included the optional FPT_SRP_EXT requirement for Application Whitelisting. The Assurance Activity report shows that Microsoft AppLocker in Windows 10 was evaluated and passed the FPT_SRP_EXT requirement.
Group Policy Objects containing a base whitelisting policy for both Audit mode and Enforcement mode policy are included in the SHB for Windows 10.
By default, the AppLocker policy is imported configured in audit mode. To import it in enforcement mode, use the -PolicyMode option with the 'Enforced' value.
Use the PowerShell Group Policy commands to import the AppLocker Group Policy into a domain. Run the following command on a domain controller from a PowerShell prompt running as a domain administrator.
Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'AppLocker'
Use Microsoft's LGPO tool to apply the AppLocker Group Policy to a standalone system. Run the following command from a command prompt running as a local administrator.
Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'AppLocker' -ToolPath '.\LGPO\lgpo.exe'
NSA Information Assurance has a security guide for AppLocker called Application Whitelisting Using Microsoft AppLocker.