From dad65032929a11294efcc25049fd1d66e5ccb700 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 13 Jul 2023 11:53:45 -0400 Subject: [PATCH 1/4] Move files --- ...ging-operational-guide-appid-tagging-policies.md | 0 .../AppIdTagging/deploy-appid-tagging-policies.md | 0 .../design-create-appid-tagging-policies.md | 0 ...ender-application-control-appid-tagging-guide.md | 0 .../windows-defender-application-control/TOC.yml | 0 ...-packaged-apps-to-existing-applocker-rule-set.md | 0 .../applocker/administer-applocker.md | 0 .../applocker-architecture-and-components.md | 0 .../applocker/applocker-functions.md | 0 .../applocker/applocker-overview.md | 0 .../applocker-policies-deployment-guide.md | 0 .../applocker/applocker-policies-design-guide.md | 0 .../applocker/applocker-policy-use-scenarios.md | 0 .../applocker-processes-and-interactions.md | 0 .../applocker/applocker-settings.md | 0 .../applocker/applocker-technical-reference.md | 0 .../configure-an-applocker-policy-for-audit-only.md | 0 ...nfigure-an-applocker-policy-for-enforce-rules.md | 0 .../configure-exceptions-for-an-applocker-rule.md | 0 .../configure-the-appLocker-reference-device.md | 0 .../configure-the-application-identity-service.md | 0 .../applocker/create-a-rule-for-packaged-apps.md | 0 ...create-a-rule-that-uses-a-file-hash-condition.md | 0 .../create-a-rule-that-uses-a-path-condition.md | 0 ...create-a-rule-that-uses-a-publisher-condition.md | 0 .../applocker/create-applocker-default-rules.md | 0 ...-applications-deployed-to-each-business-group.md | 0 .../applocker/create-your-applocker-policies.md | 0 .../applocker/create-your-applocker-rules.md | 0 .../applocker/delete-an-applocker-rule.md | 0 ...r-policies-by-using-the-enforce-rules-setting.md | 0 .../deploy-the-applocker-policy-into-production.md | 0 ...e-group-policy-structure-and-rule-enforcement.md | 0 ...-are-digitally-signed-on-a-reference-computer.md | 0 ...determine-your-application-control-objectives.md | 0 ...e-when-users-try-to-run-a-blocked-application.md | 0 .../applocker/dll-rules-in-applocker.md | 0 ...licy-structure-and-applocker-rule-enforcement.md | 0 .../applocker/document-your-application-list.md | 0 .../applocker/document-your-applocker-rules.md | 0 .../applocker/edit-an-applocker-policy.md | 0 .../applocker/edit-applocker-rules.md | 0 .../applocker/enable-the-dll-rule-collection.md | 0 .../applocker/enforce-applocker-rules.md | 0 .../applocker/executable-rules-in-applocker.md | 0 .../export-an-applocker-policy-from-a-gpo.md | 0 .../export-an-applocker-policy-to-an-xml-file.md | 0 .../applocker/how-applocker-works-techref.md | 0 .../applocker/images/applocker-plan-inheritance.gif | Bin .../images/applocker-plandeploy-quickreference.gif | Bin .../applocker/images/blockedappmsg.gif | Bin ...ort-an-applocker-policy-from-another-computer.md | 0 .../import-an-applocker-policy-into-a-gpo.md | 0 .../applocker/maintain-applocker-policies.md | 0 .../manage-packaged-apps-with-applocker.md | 0 ...plocker-policies-by-using-set-applockerpolicy.md | 0 .../applocker/merge-applocker-policies-manually.md | 0 .../monitor-application-usage-with-applocker.md | 0 .../applocker/optimize-applocker-performance.md | 0 ...and-packaged-app-installer-rules-in-applocker.md | 0 .../plan-for-applocker-policy-management.md | 0 .../applocker/refresh-an-applocker-policy.md | 0 ...requirements-for-deploying-applocker-policies.md | 0 .../applocker/requirements-to-use-applocker.md | 0 .../run-the-automatically-generate-rules-wizard.md | 0 .../applocker/script-rules-in-applocker.md | 0 .../security-considerations-for-applocker.md | 0 .../applocker/select-types-of-rules-to-create.md | 0 ...pplocker-policy-by-using-test-applockerpolicy.md | 0 .../test-and-update-an-applocker-policy.md | 0 .../applocker/tools-to-use-with-applocker.md | 0 .../understand-applocker-enforcement-settings.md | 0 .../understand-applocker-policy-design-decisions.md | 0 ...forcement-setting-inheritance-in-group-policy.md | 0 ...stand-the-applocker-policy-deployment-process.md | 0 ...ing-applocker-allow-and-deny-actions-on-rules.md | 0 .../understanding-applocker-default-rules.md | 0 .../understanding-applocker-rule-behavior.md | 0 .../understanding-applocker-rule-collections.md | 0 .../understanding-applocker-rule-condition-types.md | 0 .../understanding-applocker-rule-exceptions.md | 0 ...ing-the-file-hash-rule-condition-in-applocker.md | 0 ...standing-the-path-rule-condition-in-applocker.md | 0 ...ing-the-publisher-rule-condition-in-applocker.md | 0 ...ter-to-create-and-maintain-applocker-policies.md | 0 ...tware-restriction-policies-in-the-same-domain.md | 0 .../use-the-applocker-windows-powershell-cmdlets.md | 0 .../applocker/using-event-viewer-with-applocker.md | 0 ...e-restriction-policies-and-applocker-policies.md | 0 .../applocker/what-is-applocker.md | 0 .../windows-installer-rules-in-applocker.md | 0 .../applocker/working-with-applocker-policies.md | 0 .../applocker/working-with-applocker-rules.md | 0 .../deployment}/LOB-win32-apps-on-s.md | 0 ...windows-defender-application-control-policies.md | 0 ...cert-for-windows-defender-application-control.md | 0 ...-support-windows-defender-application-control.md | 0 .../deployment/deploy-wdac-policies-with-memcm.md | 0 .../deployment/deploy-wdac-policies-with-script.md | 0 ...plication-control-policies-using-group-policy.md | 0 ...der-application-control-policies-using-intune.md | 0 ...windows-defender-application-control-policies.md | 0 ...windows-defender-application-control-policies.md | 0 ...windows-defender-application-control-policies.md | 0 ...tion-control-for-classic-windows-applications.md | 0 ...efender-application-control-against-tampering.md | 0 ...defender-application-control-deployment-guide.md | 0 ...n-windows-defender-application-control-policy.md | 0 ...orized-apps-deployed-with-a-managed-installer.md | 0 .../design}/create-initial-default-policy.md | 0 .../design}/create-wdac-deny-policy.md | 0 .../create-wdac-policy-for-fully-managed-devices.md | 0 ...reate-wdac-policy-for-lightly-managed-devices.md | 0 ...windows-defender-application-control-policies.md | 0 .../design}/example-wdac-base-policies.md | 0 ...pps-with-windows-defender-application-control.md | 0 .../design}/microsoft-recommended-block-rules.md | 0 .../microsoft-recommended-driver-block-rules.md | 0 ...ndows-defender-application-control-management.md | 0 .../design/script-enforcement.md | 0 .../design}/select-types-of-rules-to-create.md | 0 .../design}/types-of-devices.md | 0 ...r-application-control-policy-design-decisions.md | 0 .../design}/understanding-wdac-policy-settings.md | 0 ...control-specific-plug-ins-add-ins-and-modules.md | 0 ...pplication-control-with-dynamic-code-security.md | 0 ...ation-control-with-intelligent-security-graph.md | 0 .../design}/wdac-wizard-create-base-policy.md | 0 .../wdac-wizard-create-supplemental-policy.md | 0 .../design}/wdac-wizard-editing-policy.md | 0 .../design}/wdac-wizard-merging-policies.md | 0 .../design}/wdac-wizard-parsing-event-logs.md | 0 .../design}/wdac-wizard.md | 0 ...ows-defender-application-control-design-guide.md | 0 .../feature-availability.md | 0 .../images/appid-pid-task-mgr.png | Bin .../images/appid-pid-windbg-token.png | Bin .../images/appid-pid-windbg.png | Bin .../images/appid-wdac-wizard-1.png | Bin .../images/appid-wdac-wizard-2.png | Bin .../images/bit-toggling-keyboard-icon.png | Bin .../images/calculator-menu-icon.png | Bin .../images/calculator-with-hex-in-binary.png | Bin .../images/dg-fig12-verifysigning.png | Bin .../images/dg-fig13-createnewgpo.png | Bin .../images/dg-fig14-createnewfile.png | Bin .../images/dg-fig15-setnewfileprops.png | Bin .../images/dg-fig16-specifyinfo.png | Bin .../images/dg-fig17-specifyinfo.png | Bin .../images/dg-fig18-specifyux.png | Bin .../images/dg-fig19-customsettings.png | Bin .../images/dg-fig20-setsoftwareinv.png | Bin .../images/dg-fig21-pathproperties.png | Bin .../images/dg-fig23-exceptionstocode.png | Bin .../images/dg-fig24-creategpo.png | Bin .../images/dg-fig26-enablecode.png | Bin .../images/dg-fig27-managecerttemp.png | Bin .../images/dg-fig29-enableconstraints.png | Bin .../images/dg-fig30-selectnewcert.png | Bin .../images/dg-fig31-getmoreinfo.png | Bin .../images/event-3077.png | Bin .../images/event-3089.png | Bin .../images/event-3099-options.png | Bin .../images/hex-icon.png | Bin .../images/known-issue-appid-dll-rule-xml.png | Bin .../images/known-issue-appid-dll-rule.png | Bin .../images/memcm/memcm-confirm-wdac-rule.jpg | Bin .../images/memcm/memcm-create-wdac-policy-2.jpg | Bin .../images/memcm/memcm-create-wdac-policy.jpg | Bin .../images/memcm/memcm-create-wdac-rule-2.jpg | Bin .../images/memcm/memcm-create-wdac-rule-3.jpg | Bin .../images/memcm/memcm-create-wdac-rule.jpg | Bin .../images/memcm/memcm-deploy-wdac-2.jpg | Bin .../images/memcm/memcm-deploy-wdac-3.jpg | Bin .../images/memcm/memcm-deploy-wdac-4.jpg | Bin .../images/memcm/memcm-deploy-wdac.jpg | Bin .../images/policyflow.png | Bin .../images/wdac-edit-gp.png | Bin .../images/wdac-intune-app-catalogs.png | Bin .../images/wdac-intune-app-deployment.png | Bin .../images/wdac-intune-custom-oma-uri.png | Bin .../images/wdac-intune-policy-authorization.png | Bin ...wdac-wizard-confirm-base-policy-modification.png | Bin .../wdac-wizard-custom-file-attribute-rule.png | Bin .../images/wdac-wizard-custom-manual-pfn-rule.png | Bin .../images/wdac-wizard-custom-pfn-rule.png | Bin .../images/wdac-wizard-custom-publisher-rule.png | Bin .../images/wdac-wizard-edit-policy-rules.png | Bin .../images/wdac-wizard-edit-remove-file-rule.png | Bin .../images/wdac-wizard-event-log-files-expanded.png | Bin .../images/wdac-wizard-event-log-files.png | Bin ...wdac-wizard-event-log-mde-ah-export-expanded.png | Bin .../images/wdac-wizard-event-log-mde-ah-export.png | Bin ...dac-wizard-event-log-mde-ah-parsing-expanded.png | Bin .../images/wdac-wizard-event-log-mde-ah-parsing.png | Bin .../wdac-wizard-event-log-system-expanded.png | Bin .../images/wdac-wizard-event-log-system.png | Bin .../wdac-wizard-event-rule-creation-expanded.png | Bin .../images/wdac-wizard-event-rule-creation.png | Bin .../images/wdac-wizard-merge.png | Bin ...ac-wizard-rule-options-UI-advanced-collapsed.png | Bin .../images/wdac-wizard-rule-options-UI.png | Bin .../images/wdac-wizard-supplemental-expandable.png | Bin .../images/wdac-wizard-supplemental-not-base.png | Bin ...c-wizard-supplemental-policy-rule-options-UI.png | Bin .../images/wdac-wizard-template-selection.png | Bin .../windows-defender-application-control/index.yml | 0 .../operations/citool-commands.md | 0 .../operations}/configure-wdac-managed-installer.md | 0 .../operations}/event-id-explanations.md | 0 .../operations}/event-tag-explanations.md | 0 .../operations/inbox-wdac-policies.md | 0 .../operations/known-issues.md | 0 ...ntrol-events-centrally-using-advanced-hunting.md | 0 .../wdac-debugging-and-troubleshooting.md | 0 ...efender-application-control-operational-guide.md | 0 .../wdac-and-applocker-overview.md | 0 .../windows-defender-application-control.md | 0 218 files changed, 0 insertions(+), 0 deletions(-) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/TOC.yml (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/administer-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-architecture-and-components.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-functions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-overview.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policies-design-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-processes-and-interactions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-settings.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-technical-reference.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-the-application-identity-service.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-applocker-default-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-your-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-your-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/delete-an-applocker-rule.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-your-application-control-objectives.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/dll-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-your-application-list.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-your-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/edit-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/edit-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/enforce-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/executable-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/how-applocker-works-techref.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/blockedappmsg.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/maintain-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/merge-applocker-policies-manually.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/optimize-applocker-performance.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/refresh-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/requirements-to-use-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/script-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/security-considerations-for-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/select-types-of-rules-to-create.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/tools-to-use-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-default-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/what-is-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/working-with-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/working-with-applocker-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/LOB-win32-apps-on-s.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/audit-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/create-code-signing-cert-for-windows-defender-application-control.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/deploy-catalog-files-to-support-windows-defender-application-control.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/disable-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/enforce-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/merge-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/windows-defender-application-control-deployment-guide.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/allow-com-object-registration-in-windows-defender-application-control-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/configure-authorized-apps-deployed-with-a-managed-installer.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-initial-default-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-deny-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-policy-for-fully-managed-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-policy-for-lightly-managed-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/deploy-multiple-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/example-wdac-base-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/manage-packaged-apps-with-windows-defender-application-control.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/microsoft-recommended-block-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/microsoft-recommended-driver-block-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/plan-windows-defender-application-control-management.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/design/script-enforcement.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/select-types-of-rules-to-create.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/types-of-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/understand-windows-defender-application-control-policy-design-decisions.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/understanding-wdac-policy-settings.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-with-dynamic-code-security.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-with-intelligent-security-graph.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-create-base-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-create-supplemental-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-editing-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-merging-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-parsing-event-logs.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/windows-defender-application-control-design-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/feature-availability.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-task-mgr.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-windbg-token.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-windbg.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-wdac-wizard-1.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-wdac-wizard-2.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/bit-toggling-keyboard-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/calculator-menu-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/calculator-with-hex-in-binary.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig12-verifysigning.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig13-createnewgpo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig14-createnewfile.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig15-setnewfileprops.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig16-specifyinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig17-specifyinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig18-specifyux.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig19-customsettings.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig21-pathproperties.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig23-exceptionstocode.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig24-creategpo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig26-enablecode.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig27-managecerttemp.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig29-enableconstraints.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig30-selectnewcert.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig31-getmoreinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3077.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3089.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3099-options.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/hex-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/known-issue-appid-dll-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/policyflow.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-edit-gp.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-app-catalogs.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-app-deployment.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-policy-authorization.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-files.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-system.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-merge.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-template-selection.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/index.yml (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/citool-commands.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/configure-wdac-managed-installer.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/event-id-explanations.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/event-tag-explanations.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/inbox-wdac-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/known-issues.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/querying-application-control-events-centrally-using-advanced-hunting.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/windows-defender-application-control-operational-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/wdac-and-applocker-overview.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/windows-defender-application-control.md (100%) diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/TOC.yml rename to windows/security/application-security/application-control/windows-defender-application-control/TOC.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md diff --git a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/types-of-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/feature-availability.md rename to windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3077.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3077.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3089.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3089.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policyflow.png b/windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/policyflow.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/index.yml rename to windows/security/application-security/application-control/windows-defender-application-control/index.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md rename to windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md From d755cc90c3057646ca696c8b4210bd26f40b3f2e Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 17 Jul 2023 12:37:16 -0400 Subject: [PATCH 2/4] Rename files, Fix links --- .openpublishing.redirection.json | 717 +++++++++++++++++- ...nd-windows-defender-application-control.md | 2 +- .../application-control/toc.yml | 4 +- .../settings-and-configuration.md | 2 +- ...perational-guide-appid-tagging-policies.md | 4 +- .../deploy-appid-tagging-policies.md | 2 +- .../design-create-appid-tagging-policies.md | 12 +- ...g-guide.md => wdac-appid-tagging-guide.md} | 0 .../TOC.yml | 92 +-- .../manage-packaged-apps-with-applocker.md | 2 +- .../deployment/LOB-win32-apps-on-s.md | 14 +- ...rol-policies.md => audit-wdac-policies.md} | 16 +- ...d => create-code-signing-cert-for-wdac.md} | 12 +- ...> deploy-catalog-files-to-support-wdac.md} | 28 +- ...eploy-wdac-policies-using-group-policy.md} | 4 +- ...d => deploy-wdac-policies-using-intune.md} | 4 +- .../deploy-wdac-policies-with-script.md | 2 +- ...l-policies.md => disable-wdac-policies.md} | 2 +- ...l-policies.md => enforce-wdac-policies.md} | 8 +- ...rol-policies.md => merge-wdac-policies.md} | 8 +- ...ning-for-better-control-and-protection.md} | 6 +- ...cies-to-protect-wdac-against-tampering.md} | 12 +- ...ment-guide.md => wdac-deployment-guide.md} | 14 +- ...com-object-registration-in-wdac-policy.md} | 2 +- ...of-devices.md => common-wdac-use-cases.md} | 2 +- ...-apps-deployed-with-a-managed-installer.md | 8 +- .../design/create-wdac-deny-policy.md | 2 +- ...e-wdac-policy-for-fully-managed-devices.md | 8 +- ...wdac-policy-for-lightly-managed-devices.md | 10 +- ...e-wdac-policy-using-reference-computer.md} | 4 +- ...es.md => deploy-multiple-wdac-policies.md} | 3 +- .../design/example-wdac-base-policies.md | 2 +- ...l.md => manage-packaged-apps-with-wdac.md} | 6 +- .../microsoft-recommended-block-rules.md | 4 +- ...icrosoft-recommended-driver-block-rules.md | 2 +- ...-management.md => plan-wdac-management.md} | 10 +- .../design/select-types-of-rules-to-create.md | 4 +- ...nderstand-wdac-policy-design-decisions.md} | 12 +- ...-specific-plug-ins-add-ins-and-modules.md} | 2 +- ...e-wdac-with-intelligent-security-graph.md} | 4 +- ...ic-code-security.md => wdac-and-dotnet.md} | 0 ...l-design-guide.md => wdac-design-guide.md} | 10 +- .../design/wdac-wizard-create-base-policy.md | 18 +- .../wdac-wizard-create-supplemental-policy.md | 18 +- .../design/wdac-wizard-editing-policy.md | 6 +- .../design/wdac-wizard-merging-policies.md | 4 +- .../design/wdac-wizard-parsing-event-logs.md | 14 +- .../design/wdac-wizard.md | 4 +- .../feature-availability.md | 2 +- .../index.yml | 58 +- .../configure-wdac-managed-installer.md | 2 +- .../operations/event-id-explanations.md | 2 +- .../operations/event-tag-explanations.md | 12 +- .../operations/known-issues.md | 4 +- .../wdac-debugging-and-troubleshooting.md | 4 +- ...nal-guide.md => wdac-operational-guide.md} | 2 +- .../wdac-and-applocker-overview.md | 6 +- ...efender-application-control.md => wdac.md} | 10 +- .../security/application-security/index.md | 2 +- .../hello-how-it-works-technology.md | 4 +- .../hello-hybrid-aadj-sso.md | 2 +- ...o-hybrid-cloud-kerberos-trust-provision.md | 4 +- .../hello-hybrid-key-trust-provision.md | 4 +- .../hello-planning-guide.md | 2 +- .../includes/hello-join-domain.md | 2 +- windows/security/index.yml | 22 +- .../tpm/tpm-recommendations.md | 2 +- ...m-module-services-group-policy-settings.md | 2 +- .../create-wip-policy-using-configmgr.md | 2 +- .../create-wip-policy-using-intune-azure.md | 4 +- .../mandatory-settings-for-wip.md | 4 +- .../bitlocker/bitlocker-countermeasures.md | 8 +- ...r-device-encryption-overview-windows-10.md | 2 +- .../bitlocker-management-for-enterprises.md | 4 +- .../bitlocker-recovery-guide-plan.md | 16 +- .../data-protection/bitlocker/index.md | 2 +- .../vpn/vpn-office-365-optimization.md | 8 +- .../best-practices-configuring.md | 10 +- .../filter-origin-documentation.md | 2 +- .../secure-the-windows-10-boot-process.md | 4 +- .../virus-and-threat-protection/toc.yml | 2 +- ...advanced-security-audit-policy-settings.md | 2 +- .../auditing/advanced-security-auditing.md | 4 +- ...udit-kerberos-service-ticket-operations.md | 4 +- .../auditing/security-auditing-overview.md | 5 +- .../threat-protection/fips-140-validation.md | 2 +- windows/security/threat-protection/index.md | 2 +- ...iew-of-threat-mitigations-in-windows-10.md | 2 +- ...r-accounts-to-be-trusted-for-delegation.md | 2 +- ...lients-allowed-to-make-remote-sam-calls.md | 2 +- ...arding-to-assist-in-intrusion-detection.md | 2 +- 91 files changed, 1040 insertions(+), 329 deletions(-) rename windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/{windows-defender-application-control-appid-tagging-guide.md => wdac-appid-tagging-guide.md} (100%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{audit-windows-defender-application-control-policies.md => audit-wdac-policies.md} (84%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{create-code-signing-cert-for-windows-defender-application-control.md => create-code-signing-cert-for-wdac.md} (93%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-catalog-files-to-support-windows-defender-application-control.md => deploy-catalog-files-to-support-wdac.md} (94%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-windows-defender-application-control-policies-using-group-policy.md => deploy-wdac-policies-using-group-policy.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-windows-defender-application-control-policies-using-intune.md => deploy-wdac-policies-using-intune.md} (93%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{disable-windows-defender-application-control-policies.md => disable-wdac-policies.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{enforce-windows-defender-application-control-policies.md => enforce-wdac-policies.md} (89%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{merge-windows-defender-application-control-policies.md => merge-wdac-policies.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{use-code-signing-to-simplify-application-control-for-classic-windows-applications.md => use-code-signing-for-better-control-and-protection.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md => use-signed-policies-to-protect-wdac-against-tampering.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{windows-defender-application-control-deployment-guide.md => wdac-deployment-guide.md} (81%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{allow-com-object-registration-in-windows-defender-application-control-policy.md => allow-com-object-registration-in-wdac-policy.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{types-of-devices.md => common-wdac-use-cases.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{create-initial-default-policy.md => create-wdac-policy-using-reference-computer.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{deploy-multiple-windows-defender-application-control-policies.md => deploy-multiple-wdac-policies.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{manage-packaged-apps-with-windows-defender-application-control.md => manage-packaged-apps-with-wdac.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{plan-windows-defender-application-control-management.md => plan-wdac-management.md} (91%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{understand-windows-defender-application-control-policy-design-decisions.md => understand-wdac-policy-design-decisions.md} (83%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md => use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-with-intelligent-security-graph.md => use-wdac-with-intelligent-security-graph.md} (97%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-with-dynamic-code-security.md => wdac-and-dotnet.md} (100%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{windows-defender-application-control-design-guide.md => wdac-design-guide.md} (74%) rename windows/security/application-security/application-control/windows-defender-application-control/operations/{windows-defender-application-control-operational-guide.md => wdac-operational-guide.md} (97%) rename windows/security/application-security/application-control/windows-defender-application-control/{windows-defender-application-control.md => wdac.md} (83%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b8e929d41e..408dea7a97 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -21949,6 +21949,721 @@ "source_path": "windows/security/security-foundations.md", "redirect_url": "/windows/security/security-foundations/index", "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false } ] -} \ No newline at end of file +} diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 83799f7674..2f0412decb 100644 --- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -44,6 +44,6 @@ WDAC has no specific hardware or software requirements. ## Related articles -- [Windows Defender Application Control](../../threat-protection/windows-defender-application-control/windows-defender-application-control.md) +- [Windows Defender Application Control](windows-defender-application-control/wdac.md) - [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml index a0b92c4987..117ebc744f 100644 --- a/windows/security/application-security/application-control/toc.yml +++ b/windows/security/application-security/application-control/toc.yml @@ -10,6 +10,6 @@ items: - name: Windows Defender Application Control and virtualization-based protection of code integrity href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Defender Application Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md - name: Smart App Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md index 131622bbf4..9fd23384ff 100644 --- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md +++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md @@ -41,7 +41,7 @@ The following instructions provide details how to configure your devices. Select To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Local Policies Security Options`**: -:::image type="content" source="./images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="./images/uac-settings-catalog.png" border="True"::: +:::image type="content" source="images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="images/uac-settings-catalog.png" border="True"::: Assign the policy to a security group that contains as members the devices or users that you want to configure. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index ab8014b9a5..3214920ad9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -29,7 +29,7 @@ ms.topic: article > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. +After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. ## Verifying Tags on Running Processes @@ -53,4 +53,4 @@ After verifying the policy has been deployed, the next step is to verify that th Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field. - ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) \ No newline at end of file + ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index bf48be5b8d..e16747c375 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg ## Deploy AppId tagging policies with MDM -Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). ## Deploy AppId tagging policies with Configuration Manager diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index 0ed35d4d57..6b0042600b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -31,11 +31,11 @@ ms.topic: article ## Create the policy using the WDAC Wizard -You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). +You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). 1. Create a new base policy using the templates: - Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. + Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. ![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png) @@ -59,7 +59,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power - Hash rules: Create a rule based off the PE Authenticode hash of a file. - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../wdac-wizard-create-base-policy.md#creating-custom-file-rules). + For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: @@ -72,9 +72,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power ## Create the policy using PowerShell -Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance: +Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance: -1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: +1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: ```powershell $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath @@ -121,4 +121,4 @@ After creating your AppId Tagging policy in the above steps, you can deploy the RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). ## Next Steps -For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](./debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). \ No newline at end of file +For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index b48a27a876..70c937a286 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -1,7 +1,7 @@ - name: Application Control for Windows href: index.yml - name: About application control for Windows - href: windows-defender-application-control.md + href: wdac.md expanded: true items: - name: WDAC and AppLocker Overview @@ -9,120 +9,120 @@ - name: WDAC and AppLocker Feature Availability href: feature-availability.md - name: Virtualization-based protection of code integrity - href: ../../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: WDAC design guide - href: windows-defender-application-control-design-guide.md + href: design/wdac-design-guide.md items: - name: Plan for WDAC policy lifecycle management - href: plan-windows-defender-application-control-management.md + href: design/plan-wdac-management.md - name: Design your WDAC policy items: - name: Understand WDAC policy design decisions - href: understand-windows-defender-application-control-policy-design-decisions.md + href: design/understand-wdac-policy-design-decisions.md - name: Understand WDAC policy rules and file rules - href: select-types-of-rules-to-create.md + href: design/select-types-of-rules-to-create.md items: - name: Allow apps installed by a managed installer - href: configure-authorized-apps-deployed-with-a-managed-installer.md + href: design/configure-authorized-apps-deployed-with-a-managed-installer.md - name: Allow reputable apps with Intelligent Security Graph (ISG) - href: use-windows-defender-application-control-with-intelligent-security-graph.md + href: design/use-wdac-with-intelligent-security-graph.md - name: Allow COM object registration - href: allow-com-object-registration-in-windows-defender-application-control-policy.md + href: design/allow-com-object-registration-in-wdac-policy.md - name: Use WDAC with .NET hardening - href: use-windows-defender-application-control-with-dynamic-code-security.md + href: design/wdac-and-dotnet.md - name: Script enforcement with Windows Defender Application Control href: design/script-enforcement.md - name: Manage packaged apps with WDAC - href: manage-packaged-apps-with-windows-defender-application-control.md + href: design/manage-packaged-apps-with-wdac.md - name: Use WDAC to control specific plug-ins, add-ins, and modules - href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md + href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md - name: Understand WDAC policy settings - href: understanding-wdac-policy-settings.md + href: design/understanding-wdac-policy-settings.md - name: Use multiple WDAC policies - href: deploy-multiple-windows-defender-application-control-policies.md + href: design/deploy-multiple-wdac-policies.md - name: Create your WDAC policy items: - name: Example WDAC base policies - href: example-wdac-base-policies.md + href: design/example-wdac-base-policies.md - name: Policy creation for common WDAC usage scenarios - href: types-of-devices.md + href: design/common-wdac-use-cases.md items: - name: Create a WDAC policy for lightly managed devices - href: create-wdac-policy-for-lightly-managed-devices.md + href: design/create-wdac-policy-for-lightly-managed-devices.md - name: Create a WDAC policy for fully managed devices - href: create-wdac-policy-for-fully-managed-devices.md + href: design/create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices - href: create-initial-default-policy.md + href: design/create-wdac-policy-using-reference-computer.md - name: Create a WDAC deny list policy - href: create-wdac-deny-policy.md + href: design/create-wdac-deny-policy.md - name: Microsoft recommended block rules - href: microsoft-recommended-block-rules.md + href: design/microsoft-recommended-block-rules.md - name: Microsoft recommended driver block rules - href: microsoft-recommended-driver-block-rules.md + href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool - href: wdac-wizard.md + href: design/wdac-wizard.md items: - name: Create a base WDAC policy with the Wizard - href: wdac-wizard-create-base-policy.md + href: design/wdac-wizard-create-base-policy.md - name: Create a supplemental WDAC policy with the Wizard - href: wdac-wizard-create-supplemental-policy.md + href: design/wdac-wizard-create-supplemental-policy.md - name: Editing a WDAC policy with the Wizard - href: wdac-wizard-editing-policy.md + href: design/wdac-wizard-editing-policy.md - name: Creating WDAC Policy Rules from WDAC Events - href: wdac-wizard-parsing-event-logs.md + href: design/wdac-wizard-parsing-event-logs.md - name: Merging multiple WDAC policies with the Wizard - href: wdac-wizard-merging-policies.md + href: design/wdac-wizard-merging-policies.md - name: WDAC deployment guide - href: windows-defender-application-control-deployment-guide.md + href: deployment/wdac-deployment-guide.md items: - name: Deploy WDAC policies with MDM - href: deployment/deploy-windows-defender-application-control-policies-using-intune.md + href: deployment/deploy-wdac-policies-using-intune.md - name: Deploy WDAC policies with Configuration Manager href: deployment/deploy-wdac-policies-with-memcm.md - name: Deploy WDAC policies with script href: deployment/deploy-wdac-policies-with-script.md - name: Deploy WDAC policies with group policy - href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md + href: deployment/deploy-wdac-policies-using-group-policy.md - name: Audit WDAC policies - href: audit-windows-defender-application-control-policies.md + href: deployment/audit-wdac-policies.md - name: Merge WDAC policies - href: merge-windows-defender-application-control-policies.md + href: deployment/merge-wdac-policies.md - name: Enforce WDAC policies - href: enforce-windows-defender-application-control-policies.md + href: deployment/enforce-wdac-policies.md - name: Use code signing for added control and protection with WDAC - href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md + href: deployment/use-code-signing-for-better-control-and-protection.md items: - name: Deploy catalog files to support WDAC - href: deploy-catalog-files-to-support-windows-defender-application-control.md + href: deployment/deploy-catalog-files-to-support-wdac.md - name: Use signed policies to protect Windows Defender Application Control against tampering - href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md + href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md - name: "Optional: Create a code signing cert for WDAC" - href: create-code-signing-cert-for-windows-defender-application-control.md + href: deployment/create-code-signing-cert-for-wdac.md - name: Disable WDAC policies - href: disable-windows-defender-application-control-policies.md + href: deployment/disable-wdac-policies.md - name: LOB Win32 Apps on S Mode - href: LOB-win32-apps-on-s.md + href: deployment/LOB-win32-apps-on-s.md - name: WDAC operational guide - href: windows-defender-application-control-operational-guide.md + href: operations/wdac-operational-guide.md items: - name: WDAC debugging and troubleshooting href: operations/wdac-debugging-and-troubleshooting.md - name: Understanding Application Control event IDs - href: event-id-explanations.md + href: operations/event-id-explanations.md - name: Understanding Application Control event tags - href: event-tag-explanations.md + href: operations/event-tag-explanations.md - name: Query WDAC events with Advanced hunting - href: querying-application-control-events-centrally-using-advanced-hunting.md + href: operations/querying-application-control-events-centrally-using-advanced-hunting.md - name: Known Issues href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide - href: configure-wdac-managed-installer.md + href: operations/configure-wdac-managed-installer.md - name: CITool.exe technical reference href: operations/citool-commands.md - name: Inbox WDAC policies href: operations/inbox-wdac-policies.md - name: WDAC AppId Tagging guide - href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md + href: AppIdTagging/wdac-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies href: AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index d04546c8ee..53939061e2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -70,7 +70,7 @@ Just as there are differences in managing each rule collection, you need to mana 1. Gather information about which Packaged apps are running in your environment. For information about how to gather this information, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md). -2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](./understanding-applocker-default-rules.md). +2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](understanding-applocker-default-rules.md). 3. Continue to update the AppLocker policies as new package apps are introduced into your environment. To do this update, see [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md index 04b3c1eaac..7091e768a8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md @@ -19,7 +19,7 @@ ms.topic: how-to - Windows 10 > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe. @@ -31,7 +31,7 @@ For an overview and brief demo of this feature, see this video: ## Policy authorization process -![Basic diagram of the policy authorization flow.](images/wdac-intune-policy-authorization.png) +![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png) The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning. @@ -39,7 +39,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more. - For more information on creating supplemental policies, see [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md). + For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). The following instructions are a basic set for creating an S mode supplemental policy: @@ -81,7 +81,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi 2. Sign the policy. - Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md). + Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md). > [!TIP] > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669). @@ -97,19 +97,19 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi ## Standard process for deploying apps through Intune -![Basic diagram for deploying apps through Intune.](images/wdac-intune-app-deployment.png) +![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png) For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management). ## Optional: Process for deploying apps using catalogs -![Basic diagram for deploying Apps using catalogs.](images/wdac-intune-app-catalogs.png) +![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png) Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well. Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate. -The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md). +The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md). > [!NOTE] > Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md similarity index 84% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md index 356adb95d7..686a78ea90 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. @@ -36,18 +36,18 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav ## Overview of the process to create WDAC policy to allow apps using audit events > [!Note] -> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md). +> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md). To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. 1. Install and run an application not allowed by the WDAC policy but that you want to allow. -2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). +2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md). **Figure 1. Exceptions to the deployed WDAC policy** - ![Event showing exception to WDAC policy.](images/dg-fig23-exceptionstocode.png) + ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -63,9 +63,9 @@ To familiarize yourself with creating WDAC rules from audit events, follow these ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). +5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)). 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. @@ -74,6 +74,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. - For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md). + For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md). 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md index 8050e17b08..60cb8e35f1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md @@ -27,9 +27,9 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md). +As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md). If you have an internal CA, complete these steps to create a code signing certificate. @@ -45,7 +45,7 @@ If you have an internal CA, complete these steps to create a code signing certif 2. When connected, right-click **Certificate Templates**, and then select **Manage** to open the Certification Templates Console. - ![CA snap-in showing Certificate Templates.](images/dg-fig27-managecerttemp.png) + ![CA snap-in showing Certificate Templates.](../images/dg-fig27-managecerttemp.png) Figure 1. Manage the certificate templates @@ -61,7 +61,7 @@ If you have an internal CA, complete these steps to create a code signing certif 8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2. - ![Edit Basic Constraints Extension.](images/dg-fig29-enableconstraints.png) + ![Edit Basic Constraints Extension.](../images/dg-fig29-enableconstraints.png) Figure 2. Select constraints on the new template @@ -77,7 +77,7 @@ When this certificate template has been created, you must publish it to the CA p 1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then select **Certificate Template to Issue**, as shown in Figure 3. - ![Select Certificate Template to Issue.](images/dg-fig30-selectnewcert.png) + ![Select Certificate Template to Issue.](../images/dg-fig30-selectnewcert.png) Figure 3. Select the new certificate template to issue @@ -95,7 +95,7 @@ Now that the template is available to be issued, you must request one from the c 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4. - ![Request Certificates: more information required.](images/dg-fig31-getmoreinfo.png) + ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png) Figure 4. Get more information for your code signing certificate diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md similarity index 94% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md index e49832fb80..70818583a2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md @@ -21,11 +21,11 @@ ms.technology: itpro-security - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). *Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging. -You need to [obtain a code signing certificate for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. +You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned. @@ -46,7 +46,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip" ``` - Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deployment/deploy-wdac-policies-with-script.md). + Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md). 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C: @@ -121,7 +121,7 @@ For the code signing certificate that you use to sign the catalog file, import i 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. - ![Digital Signature list in file Properties.](images/dg-fig12-verifysigning.png) + ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png) Figure 1. Verify that the signing certificate exists. @@ -144,7 +144,7 @@ The following process walks you through the deployment of a signed catalog file > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies. - ![Group Policy Management, create a GPO.](images/dg-fig13-createnewgpo.png) + ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png) Figure 2. Create a new GPO. @@ -154,7 +154,7 @@ The following process walks you through the deployment of a signed catalog file 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3. - ![Group Policy Management Editor, New File.](images/dg-fig14-createnewfile.png) + ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png) Figure 3. Create a new file. @@ -164,7 +164,7 @@ The following process walks you through the deployment of a signed catalog file 7. To keep versions consistent, in the **New File Properties** dialog box as shown in Figure 4, select **Replace** from the **Action** list so that the newest version is always used. - ![File Properties, Replace option.](images/dg-fig15-setnewfileprops.png) + ![File Properties, Replace option.](../images/dg-fig15-setnewfileprops.png) Figure 4. Set the new file properties. @@ -197,7 +197,7 @@ Complete the following steps to create a new deployment package for catalog file 3. Name the package, set your organization as the manufacturer, and select an appropriate version number. - ![Create Package and Program Wizard.](images/dg-fig16-specifyinfo.png) + ![Create Package and Program Wizard.](../images/dg-fig16-specifyinfo.png) Figure 5. Specify information about the new package. @@ -218,7 +218,7 @@ Complete the following steps to create a new deployment package for catalog file - From the **Program can run** list, select **Whether or not a user is logged on**. - From the **Drive mode** list, select **Runs with UNC name**. - ![Standard Program page of wizard.](images/dg-fig17-specifyinfo.png) + ![Standard Program page of wizard.](../images/dg-fig17-specifyinfo.png) Figure 6. Specify information about the standard program. @@ -246,7 +246,7 @@ After you create the deployment package, deploy it to a collection so that the c - Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box. - ![Deploy Software Wizard, User Experience page.](images/dg-fig18-specifyux.png) + ![Deploy Software Wizard, User Experience page.](../images/dg-fig18-specifyux.png) Figure 7. Specify the user experience. @@ -271,13 +271,13 @@ You can configure software inventory to find catalog files on your managed syste 3. Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8. - ![Create Custom Client Device Settings.](images/dg-fig19-customsettings.png) + ![Create Custom Client Device Settings.](../images/dg-fig19-customsettings.png) Figure 8. Select custom settings. 4. In the navigation pane, select **Software Inventory**, and then select **Set Types**, as shown in Figure 9. - ![Software Inventory settings for devices.](images/dg-fig20-setsoftwareinv.png) + ![Software Inventory settings for devices.](../images/dg-fig20-setsoftwareinv.png) Figure 9. Set the software inventory. @@ -290,7 +290,7 @@ You can configure software inventory to find catalog files on your managed syste 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type `C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}` in the box, as shown in Figure 10. - ![Path Properties, specifying a path.](images/dg-fig21-pathproperties.png) + ![Path Properties, specifying a path.](../images/dg-fig21-pathproperties.png) Figure 10. Set the path properties. @@ -313,7 +313,7 @@ At the time of the next software inventory cycle, when the targeted clients rece ## Allow apps signed by your catalog signing certificate in your WDAC policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md index 752243780c..872207d1e5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md @@ -30,7 +30,7 @@ ms.topic: article > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +50,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../plan-windows-defender-application-control-management.md). + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md). ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md index 0e8b582520..cd5f506394 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md @@ -26,7 +26,7 @@ ms.topic: how-to You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +50,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo ## Deploy WDAC policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy. You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index b674d5c2b0..3ac58c1eee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -31,7 +31,7 @@ This article describes how to deploy Windows Defender Application Control (WDAC) You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md index be973cf600..2ab7c24e05 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). ## Removing WDAC policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md similarity index 89% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md index 082b0a5d27..42f310f7fc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md @@ -24,7 +24,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. @@ -33,11 +33,11 @@ You should now have one or more Windows Defender Application Control policies br ## Convert WDAC **base** policy from audit to enforced -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. -Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. +Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. 1. Initialize the variables that will be used and create the enforced policy by copying the audit version. @@ -111,4 +111,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, ## Deploy your enforced policy and supplemental policies -Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md index 53b1e0a448..22722ec984 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md @@ -24,7 +24,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases. @@ -33,7 +33,7 @@ This article shows how to merge multiple policy XML files together and how to me ## Merge multiple WDAC policy XML files together -There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: @@ -57,7 +57,7 @@ There are many scenarios where you may want to merge two or more policy files to Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps: -1. Install the [WDAC Wizard](wdac-wizard.md) packaged MSIX app. +1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app. 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe. 3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard: @@ -94,4 +94,4 @@ Now that you have your new, merged policy, you can convert and deploy the policy 2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). -3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md) +3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md index 32b34dfe20..3a3a773007 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md @@ -21,7 +21,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). ## What is code signing and why is it important? @@ -38,7 +38,7 @@ You can use catalog files to easily add a signature to an existing application w > [!NOTE] > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge. -To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). +To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md). ## Signed WDAC policies @@ -51,5 +51,5 @@ For more information on using signed policies, see [Use signed policies to prote Some ways to obtain code signing certificates for your own use, include: - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list). -- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md index ef0985446c..cba5e21c90 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md @@ -21,11 +21,11 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies. -If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use). +If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use). > [!WARNING] > Boot failure, or blue screen, may occur if your signing certificate doesn't follow these rules: @@ -35,7 +35,7 @@ If you don't currently have a code signing certificate you can use to sign your > - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256. > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING. -Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). +Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](../design/select-types-of-rules-to-create.md). > [!NOTE] > When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a `` rule to the Base policy. @@ -51,7 +51,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!NOTE] - > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. + > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. 2. Navigate to your desktop as the working directory: @@ -71,7 +71,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!IMPORTANT] - > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-windows-defender-application-control-policies.md#remove-wdac-policies-causing-boot-stop-failures). + > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures). 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: @@ -101,7 +101,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files: -1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). 2. Sign the WDAC policy by using SignTool.exe: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md similarity index 81% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md index 57b049afc6..5bcc3df869 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md @@ -21,9 +21,9 @@ ms.topic: overview - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding. ## Convert your WDAC policy XML to binary @@ -56,13 +56,13 @@ All Windows Defender Application Control policy changes should be deployed in au ## Choose how to deploy WDAC policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deployment/deploy-wdac-policies-with-script.md) in this case. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: -- [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune -- [Deploy using Microsoft Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md) -- [Deploy via script](deployment/deploy-wdac-policies-with-script.md) -- [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) +- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune +- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md) +- [Deploy via script](deploy-wdac-policies-with-script.md) +- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md index abfdd65aed..c756bd371a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md index 4d96a0ba7f..b691f92753 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md index 9c86b54151..aef6ba62ee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. @@ -230,15 +230,15 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables Set-RuleOption -FilePath -Option 13 ``` -4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md). > [!NOTE] > Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer. ## Remove Managed Installer feature -To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). +To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](../applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). ## Related articles -- [Managed installer and ISG technical reference and troubleshooting guide](configure-wdac-managed-installer.md) +- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md index ff87d17d02..1fa35ceece 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md @@ -72,7 +72,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Best Practices -1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) +1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md index d19e40f9be..1a5b9cfab4 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md @@ -27,14 +27,14 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -163,5 +163,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra ## Up next -- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-initial-default-policy.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md) +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md index af912de157..baaa84f8ed 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md @@ -27,14 +27,14 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later articles. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As in [Windows Defender Application Control deployment in different scenarios: types of devices](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads. @@ -97,7 +97,7 @@ Alice follows these steps to complete this task: 1. Modify the policy to remove unsupported rule: > [!NOTE] - > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. + > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. ```powershell [xml]$xml = Get-Content $LamnaPolicy @@ -191,7 +191,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m - **Intelligent Security Graph (ISG)** - See [security considerations with the Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) + See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) Possible mitigations: @@ -227,4 +227,4 @@ In order to minimize user productivity impact, Alice has defined a policy that m ## Up next - [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md index 7a10547365..4662dad7e3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md @@ -27,14 +27,14 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md index 63c927ae1a..8e813aa5e3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: @@ -116,4 +116,3 @@ For more information on deploying multiple policies, optionally using Microsoft * If the maximum number of policies is exceeded, the device may bluescreen referencing ci.dll with a bug check value of 0x0000003b. * If policies are loaded without requiring a reboot such as `PS_UpdateAndCompareCIPolicy`, they will still count towards this limit. * This may pose an especially large challenge if the value of `{PolicyGUID}.cip` changes between releases. It may result in a long window between a change and the resultant reboot. - diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md index fdbd1d7ecc..dbb673367a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md @@ -21,7 +21,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md index aa63cd5b61..f59bdf57ac 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. @@ -96,7 +96,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o 7. Select **Create Rule**. 8. Create any other rules desired, then complete the Wizard. -![Create PFN rule from WDAC Wizard](images/wdac-wizard-custom-pfn-rule.png) +![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png) ##### Create a PFN rule using a custom string @@ -109,4 +109,4 @@ Use the following steps to create a PFN rule with a custom string value: 5. Select **Create Rule**. 6. Create any other rules desired, then complete the Wizard. -![Create PFN rule with custom string from WDAC Wizard](images/wdac-wizard-custom-manual-pfn-rule.png) +![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md index 3b7f22c1df..7b766bd429 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md @@ -21,7 +21,7 @@ ms.topic: reference - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC. @@ -1540,4 +1540,4 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and ## More information -- [Merge WDAC policies](merge-windows-defender-application-control-policies.md) +- [Merge WDAC policies](../deployment/merge-wdac-policies.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md index 30b8468bf4..b45d22101e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md @@ -63,7 +63,7 @@ Customers who always want the most up-to-date driver blocklist can also use Wind ## Blocking vulnerable drivers using WDAC -Microsoft recommends enabling [HVCI](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events. +Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events. > [!IMPORTANT] > Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy will prevent the existing driver from loading. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md similarity index 91% rename from windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md index ae484f697c..1680dc927c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. @@ -37,7 +37,7 @@ The first step in implementing application control is to consider how your polic Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: -1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. +1. [Define (or refine) the "circle-of-trust"](understand-wdac-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. 2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices. 3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks. 4. Repeat steps 2-3 until the remaining block events meet expectations. @@ -45,7 +45,7 @@ Most Windows Defender Application Control policies will evolve over time and pro 6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly. 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes. -![Recommended WDAC policy deployment process.](images/policyflow.png) +![Recommended WDAC policy deployment process.](../images/policyflow.png) ### Keep WDAC policies in a source control or document management solution @@ -56,7 +56,7 @@ To effectively manage Windows Defender Application Control policies, you should Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy. > [!NOTE] -> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. +> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-wdac-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. > PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy. In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0"). @@ -71,7 +71,7 @@ Each time that a process is blocked by Windows Defender Application Control, eve Collecting these events in a central location can help you maintain your Windows Defender Application Control policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)). -Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature. +Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md) feature. ## Application and user support policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md index a3454bee50..566adf1ecf 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Windows Defender Application Control (WDAC) can control what runs on Windows 10, Windows 11, and Windows Server 2016 and later, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. @@ -117,7 +117,7 @@ As part of normal operations, they'll eventually install software updates, or pe ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md) if allowed by the policy. +WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-wdac-with-intelligent-security-graph.md) if allowed by the policy. > [!NOTE] > To make it easier to reason over your WDAC policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple WDAC policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md similarity index 83% rename from windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md index a32f372530..260bcc2649 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment. @@ -44,7 +44,7 @@ You should consider using Windows Defender Application Control as part of your o ## Decide what policies to create -Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. +Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-wdac-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. @@ -63,8 +63,8 @@ Organizations with well-defined, centrally managed app management and deployment | Possible answers | Design considerations| | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | -| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | +| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-wdac-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed? @@ -73,8 +73,8 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | Possible answers | Design considerations | | - | - | -| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | -| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | +| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | +| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 041c912aaf..8917ce9e35 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser): diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md index 6fbf9468f0..0b93c72c93 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy. @@ -112,4 +112,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. > [!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md similarity index 74% rename from windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md index 11fc572242..975b08105c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This guide covers design and planning for Windows Defender Application Control (WDAC). It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. @@ -46,10 +46,10 @@ Once these business factors are in place, you're ready to begin planning your Wi | Topic | Description | | - | - | -| [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | +| [Plan for WDAC policy management](plan-wdac-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | +| [Understand WDAC policy design decisions](understand-wdac-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | -| [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | +| [Policy creation for common WDAC usage scenarios](common-wdac-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | | [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. | -After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. +After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/wdac-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md index 90f887da4e..ae6861abc9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md @@ -27,9 +27,9 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. +When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. ## Template Base Policies @@ -39,13 +39,13 @@ Each of the template policies has a unique set of policy allowlist rules that af |---------------------------------|-------------------------------------------------------------------| | **Default Windows Mode** | Default Windows mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
| | **Allow Microsoft Mode** | Allow mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • *All Microsoft-signed software*
| -| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-windows-defender-application-control-with-intelligent-security-graph.md)*
| +| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-wdac-with-intelligent-security-graph.md)*
| *Italicized content denotes the changes in the current policy with respect to the policy prior.* More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md). -![Selecting a base template for the policy.](images/wdac-wizard-template-selection.png) +![Selecting a base template for the policy.](../images/wdac-wizard-template-selection.png) Once the base template is selected, give the policy a name and choose where to save the application control policy on disk. @@ -62,7 +62,7 @@ The following table has a description of each policy rule, beginning with the le | **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. | | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. | -|**[Hypervisor-protected code integrity (HVCI)](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| +|**[Hypervisor-protected code integrity (HVCI)](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). | | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows–compatible driver must be WHQL certified. | @@ -71,7 +71,7 @@ The following table has a description of each policy rule, beginning with the le | **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | > [!div class="mx-imgBorder"] -> ![Rule options UI for Windows Allowed mode policy.](images/wdac-wizard-rule-options-UI-advanced-collapsed.png) +> ![Rule options UI for Windows Allowed mode policy.](../images/wdac-wizard-rule-options-UI-advanced-collapsed.png) ### Advanced Policy Rules Description @@ -86,7 +86,7 @@ Selecting the **+ Advanced Options** label shows another column of policy rules, | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files authorized by the ISG.| | **Require EV Signers** | This option isn't currently supported. | -![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-rule-options-UI.png) > [!NOTE] > We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. @@ -107,7 +107,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -125,7 +125,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Internal name** | Specifies the internal name of the binary. | > [!div class="mx-imgBorder"] -> ![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png) +> ![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) ### File Hash Rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md index a37f25ff34..832e10d402 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md @@ -27,25 +27,25 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run. -Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. +Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. ## Expanding a Base Policy Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard verifies if the base policy allows supplementals and shows the following confirmation. -![Base policy allows supplemental policies.](images/wdac-wizard-supplemental-expandable.png) +![Base policy allows supplemental policies.](../images/wdac-wizard-supplemental-expandable.png) If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed. -![Wizard confirms modification of base policy.](images/wdac-wizard-confirm-base-policy-modification.png) +![Wizard confirms modification of base policy.](../images/wdac-wizard-confirm-base-policy-modification.png) -Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-windows-defender-application-control-policies.md). +Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-wdac-policies.md). -![Wizard detects a bad base policy.](images/wdac-wizard-supplemental-not-base.png) +![Wizard detects a bad base policy.](../images/wdac-wizard-supplemental-not-base.png) ## Configuring Policy Rules @@ -63,7 +63,7 @@ Supplemental policies can only configure three policy rules. The following table | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. | -![Rule options UI for Windows Allowed mode.](images/wdac-wizard-supplemental-policy-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-supplemental-policy-rule-options-UI.png) ## Creating custom file rules @@ -81,7 +81,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -98,7 +98,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Product name** | Specifies the name of the product with which the binary ships. | | **Internal name** | Specifies the internal name of the binary. | -![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png) +![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) ### File Hash Rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md index 89d6fab2aa..22efa4f283 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). The Windows Defender Application Control Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities:
    @@ -40,7 +40,7 @@ The Windows Defender Application Control Wizard makes editing and viewing WDAC p The `Policy Rules` page will load with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button will reveal the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state. For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules). -![Configuring the policy rules.](images/wdac-wizard-edit-policy-rules.png) +![Configuring the policy rules.](../images/wdac-wizard-edit-policy-rules.png) A description of the policy rule is shown at the bottom of the page when the cursor is placed over the rule title. For a complete list of the policy rules and their capabilities, see the [Windows Defender Application Control policy rules table](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules). @@ -54,7 +54,7 @@ Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more The WDAC Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. -![Removing file rule from policy during edit.](images/wdac-wizard-edit-remove-file-rule.png) +![Removing file rule from policy during edit.](../images/wdac-wizard-edit-remove-file-rule.png) **Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md index be4fce9d9b..d756011f2e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md @@ -25,8 +25,8 @@ Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table. > [!NOTE] -> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-windows-defender-application-control-policies.md). +> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-wdac-policies.md). Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. -![Merging WDAC policies into a final WDAC policy.](images/wdac-wizard-merge.png) +![Merging WDAC policies into a final WDAC policy.](../images/wdac-wizard-merge.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md index c89baad871..125df5fdc7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the WDAC Wizard supports creating WDAC policy rules from the following event log types: @@ -47,7 +47,7 @@ To create rules from the WDAC event logs on the system: The Wizard will parse the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You'll see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse WDAC and AppLocker event log system events](images/wdac-wizard-event-log-system.png)](images/wdac-wizard-event-log-system-expanded.png) + > [![Parse WDAC and AppLocker event log system events](../images/wdac-wizard-event-log-system.png)](../images/wdac-wizard-event-log-system-expanded.png) 4. Select the Next button to view the audit and block events and create rules. 5. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -64,14 +64,14 @@ To create rules from the WDAC `.EVTX` event logs files on the system: The Wizard will parse the relevant audit and block events from the selected log files. You'll see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse evtx file WDAC events](images/wdac-wizard-event-log-files.png)](images/wdac-wizard-event-log-files-expanded.png) + > [![Parse evtx file WDAC events](../images/wdac-wizard-event-log-files.png)](../images/wdac-wizard-event-log-files-expanded.png) 5. Select the Next button to view the audit and block events and create rules. 6. [Generate rules from the events](#creating-policy-rules-from-the-events). ## MDE Advanced Hunting WDAC Event Parsing -To create rules from the WDAC events in [MDE Advanced Hunting](querying-application-control-events-centrally-using-advanced-hunting.md): +To create rules from the WDAC events in [MDE Advanced Hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md): 1. Navigate to the Advanced Hunting section within the MDE console and query the WDAC events. **The Wizard requires the following fields** in the Advanced Hunting csv file export: @@ -101,7 +101,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](querying-applicat 2. Export the WDAC event results by selecting the **Export** button in the results view. > [!div class="mx-imgBorder"] - > [![Export the MDE Advanced Hunting results to CSV](images/wdac-wizard-event-log-mde-ah-export.png)](images/wdac-wizard-event-log-mde-ah-export-expanded.png) + > [![Export the MDE Advanced Hunting results to CSV](../images/wdac-wizard-event-log-mde-ah-export.png)](../images/wdac-wizard-event-log-mde-ah-export-expanded.png) 3. Select **Policy Editor** from the WDAC Wizard main page. 4. Select **Convert Event Log to a WDAC Policy**. @@ -111,7 +111,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](querying-applicat The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You'll see a notification when the Wizard successfully finishes reading the events. > [!div class="mx-imgBorder"] - > [![Parse the Advanced Hunting CSV WDAC event files](images/wdac-wizard-event-log-mde-ah-parsing.png)](images/wdac-wizard-event-log-mde-ah-parsing-expanded.png) + > [![Parse the Advanced Hunting CSV WDAC event files](../images/wdac-wizard-event-log-mde-ah-parsing.png)](../images/wdac-wizard-event-log-mde-ah-parsing-expanded.png) 7. Select the Next button to view the audit and block events and create rules. 8. [Generate rules from the events](#creating-policy-rules-from-the-events). @@ -128,7 +128,7 @@ To create a rule and add it to the WDAC policy: 4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label will be added to the selected row confirming that the rule will be generated. > [!div class="mx-imgBorder"] - > [![Adding a publisher rule to the WDAC policy](images/wdac-wizard-event-rule-creation.png)](images/wdac-wizard-event-rule-creation-expanded.png) + > [![Adding a publisher rule to the WDAC policy](../images/wdac-wizard-event-rule-creation.png)](../images/wdac-wizard-event-rule-creation-expanded.png) 5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md index cc3fb987e1..23fafc3bb5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md @@ -21,7 +21,7 @@ ms.date: 05/24/2022 - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). The Windows Defender Application Control policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge Application Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical. @@ -31,7 +31,7 @@ Download the tool from the official [Windows Defender Application Control Policy ### Supported clients -As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements: +As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements: - Windows 10, version 1909 or later - For pre-1909 builds, the Enterprise SKU of Windows is installed diff --git a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md index 6a4d3454bd..40f22af531 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md @@ -28,7 +28,7 @@ ms.topic: overview |-------------|------|-------------| | Platform support | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Available on Windows 8 or later. | | SKU availability | Available on Windows 10, Windows 11, and Windows Server 2016 or later.
    WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).

    Windows versions older than version 2004, including Windows Server 2019:
    • Policies deployed through GP are only supported on Enterprise and Server editions.
    • Policies deployed through MDM are supported on all editions.
    | -| Management solutions |
    • [Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md)
    • [Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)
    • [Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md)
    • [Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)
    |
    • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
    • Configuration Manager (custom policy deployment via software distribution only)
    • [Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)
    • PowerShell
        • | +| Management solutions |
        • [Intune](deployment/deploy-wdac-policies-using-intune.md)
        • [Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)
        • [Group policy](deployment/deploy-wdac-policies-using-group-policy.md)
        • [Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)
        |
        • [Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)
        • Configuration Manager (custom policy deployment via software distribution only)
        • [Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)
        • PowerShell
            • | | Per-User and Per-User group rules | Not available (policies are device-wide). | Available on Windows 8+. | | Kernel mode policies | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. | | [Rule option 11 - Disabled:Script Enforcement](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement) | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. **Disabled:Script Enforcement** is not supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and should not be used on those platforms. Doing so will result in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml index 4ef7702d87..116b217e84 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml @@ -19,7 +19,7 @@ landingContent: - linkListType: overview links: - text: What is Application Control? - url: windows-defender-application-control.md + url: wdac.md - text: What is Windows Defender Application Control (WDAC)? url: wdac-and-applocker-overview.md - text: What is AppLocker? @@ -32,31 +32,31 @@ landingContent: - linkListType: overview links: - text: Using code signing to simplify application control - url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md + url: deployment/use-code-signing-for-better-control-and-protection.md - text: Microsoft's Recommended Blocklist - url: microsoft-recommended-block-rules.md + url: design/microsoft-recommended-block-rules.md - text: Microsoft's Recommended Driver Blocklist - url: microsoft-recommended-driver-block-rules.md + url: design/microsoft-recommended-driver-block-rules.md - text: Example WDAC policies - url: example-wdac-base-policies.md + url: design/example-wdac-base-policies.md - text: LOB Win32 apps on S Mode - url: LOB-win32-apps-on-s.md + url: deployment/LOB-win32-apps-on-s.md - text: Managing multiple policies - url: deploy-multiple-windows-defender-application-control-policies.md + url: design/deploy-multiple-wdac-policies.md - linkListType: how-to-guide links: - text: Create a WDAC policy for a lightly managed device - url: create-wdac-policy-for-lightly-managed-devices.md + url: design/create-wdac-policy-for-lightly-managed-devices.md - text: Create a WDAC policy for a fully managed device - url: create-wdac-policy-for-fully-managed-devices.md + url: design/create-wdac-policy-for-fully-managed-devices.md - text: Create a WDAC policy for a fixed-workload - url: create-initial-default-policy.md + url: design/create-wdac-policy-using-reference-computer.md - text: Create a WDAC deny list policy - url: create-wdac-deny-policy.md + url: design/create-wdac-deny-policy.md - text: Deploying catalog files for WDAC management - url: deploy-catalog-files-to-support-windows-defender-application-control.md + url: deployment/deploy-catalog-files-to-support-wdac.md - text: Using the WDAC Wizard - url: wdac-wizard.md + url: design/wdac-wizard.md #- linkListType: Tutorial (videos) # links: # - text: Using the WDAC Wizard @@ -69,44 +69,44 @@ landingContent: - linkListType: overview links: - text: Understanding policy and file rules - url: select-types-of-rules-to-create.md + url: design/select-types-of-rules-to-create.md - text: Understanding WDAC secure settings - url: understanding-wdac-policy-settings.md + url: design/understanding-wdac-policy-settings.md - linkListType: how-to-guide links: - text: Allow managed installer and configure managed installer rules - url: configure-authorized-apps-deployed-with-a-managed-installer.md + url: design/configure-authorized-apps-deployed-with-a-managed-installer.md - text: Allow reputable apps with ISG - url: use-windows-defender-application-control-with-intelligent-security-graph.md + url: design/use-wdac-with-intelligent-security-graph.md - text: Managed MSIX and Appx Packaged Apps - url: manage-packaged-apps-with-windows-defender-application-control.md + url: design/manage-packaged-apps-with-wdac.md - text: Allow com object registration - url: allow-com-object-registration-in-windows-defender-application-control-policy.md + url: design/allow-com-object-registration-in-wdac-policy.md - text: Manage plug-ins, add-ins and modules - url: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md + url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md # Card - title: Learn how to deploy WDAC Policies linkLists: - linkListType: overview links: - text: Using signed policies to protect against tampering - url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md + url: deployment/use-signed-policies-to-protect-wdac-against-tampering.md - text: Audit mode policies - url: audit-windows-defender-application-control-policies.md + url: deployment/audit-wdac-policies.md - text: Enforcement mode policies - url: enforce-windows-defender-application-control-policies.md + url: deployment/enforce-wdac-policies.md - text: Disabling WDAC policies - url: disable-windows-defender-application-control-policies.md + url: deployment/disable-wdac-policies.md - linkListType: tutorial links: - text: Deployment with MDM - url: deployment/deploy-windows-defender-application-control-policies-using-intune.md + url: deployment/deploy-wdac-policies-using-intune.md - text: Deployment with Configuration Manager url: deployment/deploy-wdac-policies-with-memcm.md - text: Deployment with script and refresh policy url: deployment/deploy-wdac-policies-with-script.md - text: Deployment with group policy - url: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md + url: deployment/deploy-wdac-policies-using-group-policy.md # Card - title: Learn how to troubleshoot and debug WDAC events linkLists: @@ -115,10 +115,10 @@ landingContent: - text: Debugging and troubleshooting url: operations/wdac-debugging-and-troubleshooting.md - text: Understanding event IDs - url: event-id-explanations.md + url: operations/event-id-explanations.md - text: Understanding event Tags - url: event-tag-explanations.md + url: operations/event-tag-explanations.md - linkListType: how-to-guide links: - text: Querying events using advanced hunting - url: querying-application-control-events-centrally-using-advanced-hunting.md \ No newline at end of file + url: operations/querying-application-control-events-centrally-using-advanced-hunting.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md index 6be18a4bd1..a6defba7ce 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). ## Enabling managed installer and Intelligent Security Graph (ISG) logging events diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md index 1b123b517a..c0928efaa8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md @@ -57,7 +57,7 @@ These events are found in the **AppLocker – MSI and Script** event log. |--------|-----------| | 8028 | This event indicates that a script host, such as PowerShell, queried Application Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the WDAC policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with Application Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. | | 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your WDAC policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). | -| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](allow-com-object-registration-in-windows-defender-application-control-policy.md). | +| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](../design/allow-com-object-registration-in-wdac-policy.md). | | 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the WDAC policy. | | 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files generate a single 8038 event with TotalSignatureCount 0. These events are correlated with 8028 and 8029 events and can be matched using the `Correlation ActivityID` found in the **System** portion of the event. | | 8039 | This event indicates that a packaged app (MSIX/AppX) was allowed to install or run because the WDAC policy is in audit mode. But, it would have been blocked if the policy was enforced. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md index b48aea608c..cb2dda9b53 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md @@ -102,22 +102,22 @@ The Application Control policy rule option values can be derived from the "Optio - Identify the hex code listed in the "Options" field. - Convert the hex code to binary. -:::image type="content" source="images/event-3099-options.png" alt-text="Event 3099 policy rule options."::: +:::image type="content" source="../images/event-3099-options.png" alt-text="Event 3099 policy rule options."::: For a simple solution for converting hex to binary, follow these steps: 1. Open the Calculator app. -1. Select the menu icon. :::image type="icon" source="images/calculator-menu-icon.png" border="false"::: +1. Select the menu icon. :::image type="icon" source="../images/calculator-menu-icon.png" border="false"::: 1. Select **Programmer** mode. -1. Select **HEX**. :::image type="icon" source="images/hex-icon.png" border="false"::: +1. Select **HEX**. :::image type="icon" source="../images/hex-icon.png" border="false"::: 1. Enter your hex code. For example, `80881000`. -1. Switch to the **Bit Toggling Keyboard**. :::image type="icon" source="images/bit-toggling-keyboard-icon.png" border="false"::: +1. Switch to the **Bit Toggling Keyboard**. :::image type="icon" source="../images/bit-toggling-keyboard-icon.png" border="false"::: -:::image type="content" source="images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary."::: +:::image type="content" source="../images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary."::: This view provides the hex code in binary form, with each bit address shown separately. The bit addresses start at 0 in the bottom right. Each bit address correlates to a specific event policy-rule option. If the bit address holds a value of 1, the setting is in the policy. -Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](select-types-of-rules-to-create.md#table-1-windows-defender-application-control-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode. +Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](../design/select-types-of-rules-to-create.md#table-1-windows-defender-application-control-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode. | Bit Address | Policy Rule Option | |-------|------| diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md index f6616e3bf0..e7efa291f0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md @@ -97,7 +97,7 @@ msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi ``` ### Slow boot and performance with custom policies -WDAC will evaluate all running processes, including inbox Windows processes. If policies don't build off the WDAC templates or don't trust the Windows signers, you'll see slower boot times, degraded performance and possibly boot issues. For these reasons, it's strongly recommended to build off the [WDAC base templates](../example-wdac-base-policies.md). +WDAC will evaluate all running processes, including inbox Windows processes. If policies don't build off the WDAC templates or don't trust the Windows signers, you'll see slower boot times, degraded performance and possibly boot issues. For these reasons, it's strongly recommended to build off the [WDAC base templates](../design/example-wdac-base-policies.md). #### AppId Tagging policy considerations @@ -110,4 +110,4 @@ If you can't allowlist the Windows signers, or build off the WDAC base templates :::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy."::: -Since AppId Tagging policies evaluate but can't tag dll files, this rule will short circuit dll evaluation and improve evaluation performance. \ No newline at end of file +Since AppId Tagging policies evaluate but can't tag dll files, this rule will short circuit dll evaluation and improve evaluation performance. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md index 190cbc0ca8..a2f1b7a544 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md @@ -132,7 +132,7 @@ Here's an example of detailed EventData from a typical WDAC enforcement mode blo #### Event 3077 - WDAC enforcement block event -![Example 3077 block event for PowerShell.exe.](/windows/security/threat-protection/windows-defender-application-control/images/event-3077.png) +![Example 3077 block event for PowerShell.exe.](../images/event-3077.png) | Element name | Description | | ----- | ----- | @@ -160,7 +160,7 @@ Here's an example of detailed EventData from a typical WDAC enforcement mode blo #### Event 3089 - WDAC signature information event -![Example 3089 signature information event for PowerShell.exe.](/windows/security/threat-protection/windows-defender-application-control/images/event-3089.png) +![Example 3089 signature information event for PowerShell.exe.](../images/event-3089.png) | Element name | Description | | ----- | ----- | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md index 6acc9a240c..7ce7be5e8d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You now understand how to design and deploy your Windows Defender Application Control (WDAC) policies. This guide explains how to understand the effects your policies have and how to troubleshoot when they aren't behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md index 9290f836ef..de258cc0ed 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md @@ -40,9 +40,9 @@ Windows Defender Application Control policies apply to the managed computer as a - Attributes of the codesigning certificate(s) used to sign an app and its binaries - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file -- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) -- The identity of the process that initiated the installation of the app and its binaries ([managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md)) -- The [path from which the app or file is launched](select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903) +- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-wdac-with-intelligent-security-graph.md) +- The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md)) +- The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903) - The process that launched the app or binary > [!NOTE] diff --git a/windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md similarity index 83% rename from windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/wdac.md index 9f1f0f96d3..9c7cbd8b00 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md @@ -51,7 +51,7 @@ Windows 10 and Windows 11 include two technologies that can be used for applicat ## WDAC and Smart App Control -Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** rule which isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). +Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** rule which isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control will automatically turn off for enterprise managed devices unless the user has turned it on first. To turn Smart App Control on or off across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` to one of the values listed below. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect. @@ -66,7 +66,7 @@ Smart App Control is only available on clean installation of Windows 11 version ### Smart App Control Enforced Blocks -Smart App Control enforces the [Microsoft Recommended Driver Block rules](microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: +Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: - Infdefaultinstall.exe - Microsoft.Build.dll @@ -77,7 +77,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](micros ## Related articles -- [WDAC design guide](windows-defender-application-control-design-guide.md) -- [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) -- [WDAC operational guide](windows-defender-application-control-operational-guide.md) +- [WDAC design guide](design/wdac-design-guide.md) +- [WDAC deployment guide](deployment/wdac-deployment-guide.md) +- [WDAC operational guide](operations/wdac-operational-guide.md) - [AppLocker overview](applocker/applocker-overview.md) diff --git a/windows/security/application-security/index.md b/windows/security/application-security/index.md index 38e3edd4c3..0afaf5784f 100644 --- a/windows/security/application-security/index.md +++ b/windows/security/application-security/index.md @@ -19,6 +19,6 @@ The following table summarizes the Windows security features and capabilities fo | Security Measures | Features & Capabilities | |:---|:---| -| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](../threat-protection/windows-defender-application-control/windows-defender-application-control.md) | +| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](application-control/windows-defender-application-control/wdac.md) | | Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md). | | Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-isolation/windows-sandbox/windows-sandbox-overview.md) | diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 76368b1c12..06e3d455fa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -94,8 +94,8 @@ In Windows 10 and Windows 11, cloud experience host is an application used while ### Related to cloud experience host -- [Windows Hello for Business](./hello-identity-verification.md) -- [Managed Windows Hello in organization](./hello-manage-in-organization.md) +- [Windows Hello for Business](hello-identity-verification.md) +- [Managed Windows Hello in organization](hello-manage-in-organization.md) ### More information on cloud experience host diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 9a5646c257..bcd910f606 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -203,7 +203,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point, 1. Repeat this procedure on all your domain controllers > [!NOTE] -> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](./hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers. +> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers. > [!IMPORTANT] > If you are not using automatic certificate enrollment, create a calendar reminder to alert you two months before the certificate expiration date. Send the reminder to multiple people in the organization to ensure more than one or two people know when these certificates expire. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md index 5f0a0a662d..d1059a1570 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md @@ -101,7 +101,7 @@ To configure the cloud Kerberos trust policy: > [!IMPORTANT] > *Tenant ID* in the OMA-URI must be replaced with the tenant ID for your Azure AD tenant. See [How to find your Azure AD tenant ID][AZ-3] for instructions on looking up your tenant ID. - :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="./images/hello-cloud-trust-intune.png" lightbox="./images/hello-cloud-trust-intune-large.png"::: + :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="images/hello-cloud-trust-intune.png" lightbox="images/hello-cloud-trust-intune-large.png"::: 1. Assign the policy to a security group that contains as members the devices or users that you want to configure. @@ -147,7 +147,7 @@ The Windows Hello for Business provisioning process begins immediately after a u You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs** > **Microsoft** > **Windows**.\ This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4]. -:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="./images/cloud-trust-prereq-check.png" lightbox="./images/cloud-trust-prereq-check.png"::: +:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="images/cloud-trust-prereq-check.png" lightbox="images/cloud-trust-prereq-check.png"::: The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust isn't being enforced by policy or if the device is Azure AD joined. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md index 31e4fb9ee2..7c2d96a0d1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md @@ -72,7 +72,7 @@ It's suggested to create a security group (for example, *Windows Hello for Busin The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory > [!NOTE] -> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources) +> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources) ### Enable Windows Hello for Business group policy setting @@ -162,4 +162,4 @@ The following process occurs after a user signs in, to enroll in Windows Hello f [MEM-3]: /mem/intune/configuration/custom-settings-configure [MEM-4]: /windows/client-management/mdm/passportforwork-csp [MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy -[MEM-6]: /mem/intune/protect/identity-protection-configure \ No newline at end of file +[MEM-6]: /mem/intune/protect/identity-protection-configure diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index b941c37a84..3363f0ae55 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -81,7 +81,7 @@ It's fundamentally important to understand which deployment model to use for a s A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory. There are two trust types: key trust and certificate trust. > [!NOTE] -> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](./hello-hybrid-cloud-kerberos-trust.md). +> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](hello-hybrid-cloud-kerberos-trust.md). The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md index d7cd002e30..7cc1a49b9a 100644 --- a/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md +++ b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md @@ -3,4 +3,4 @@ ms.date: 12/08/2022 ms.topic: include --- -[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices") \ No newline at end of file +[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md) diff --git a/windows/security/index.yml b/windows/security/index.yml index 2a37fa2c48..768f02d93d 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -42,13 +42,13 @@ landingContent: - text: Trusted Platform Module url: information-protection/tpm/trusted-platform-module-top-node.md - text: Windows Defender System Guard firmware protection - url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md + url: hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md - text: System Guard Secure Launch and SMM protection enablement - url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md + url: hardware-security/system-guard-secure-launch-and-smm-protection.md - text: Virtualization-based protection of code integrity - url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md + url: hardware-security/enable-virtualization-based-protection-of-code-integrity.md - text: Kernel DMA Protection - url: information-protection/kernel-dma-protection-for-thunderbolt.md + url: hardware-security/kernel-dma-protection-for-thunderbolt.md # Cards and links should be based on top customer tasks or top subjects # Start card title with a verb # Card (optional) @@ -65,11 +65,11 @@ landingContent: - text: Encryption and data protection url: operating-system-security/data-protection/index.md - text: Windows security baselines - url: threat-protection/windows-security-configuration-framework/windows-security-baselines.md + url: operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md - text: Virtual private network guide - url: identity-protection/vpn/vpn-guide.md + url: operating-system-security/network-security/vpn/vpn-guide.md - text: Windows Defender Firewall - url: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md + url: operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md - text: Virus & threat protection url: threat-protection/index.md # Cards and links should be based on top customer tasks or top subjects @@ -84,17 +84,17 @@ landingContent: - linkListType: concept links: - text: Application Control and virtualization-based protection - url: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + url: application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - text: Application Control - url: threat-protection/windows-defender-application-control/windows-defender-application-control.md + url: application-security/application-control/windows-defender-application-control/wdac.md - text: Application Guard - url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md + url: application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md - text: Windows Sandbox url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md - text: Microsoft Defender SmartScreen url: operating-system-security\virus-and-threat-protection\microsoft-defender-smartscreen\index.md - text: S/MIME for Windows - url: identity-protection/configure-s-mime.md + url: operating-system-security/data-protection/configure-s-mime.md # Cards and links should be based on top customer tasks or top subjects # Start card title with a verb # Card (optional) diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index b90c535d06..d767555121 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -106,7 +106,7 @@ The following table defines which Windows features require TPM support. Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details | -|-|-|-|- Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated. - BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](../bitlocker/bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) including TPM 2.0 support + BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) including TPM 2.0 support Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. Windows Defender Application Control (Device Guard) | No | Yes | Yes Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index 60774172a4..45decb4e25 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -140,4 +140,4 @@ If you don't want users to see the recommendation to update TPM firmware, you ca - [Trusted Platform Module](trusted-platform-module-top-node.md) - [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true) -- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md) +- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../../operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index 1cab70ff7c..499069d55e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -183,7 +183,7 @@ Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the ### Add an AppLocker policy file -For this example, we're going to add an AppLocker XML file to the **App Rules** list. You'll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](../../threat-protection/windows-defender-application-control/applocker/applocker-overview.md) content. +For this example, we're going to add an AppLocker XML file to the **App Rules** list. You'll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content. **To create an app rule and xml file using the AppLocker tool** diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 7b9a855583..0dc89604d3 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -211,7 +211,7 @@ This section covers two examples of using an AppLocker XML file to the **Protect - [Create a Packaged App rule for Store apps](#create-a-packaged-app-rule-for-store-apps) - [Create an Executable rule for unsigned apps](#create-an-executable-rule-for-unsigned-apps) -For more info about AppLocker, see the [AppLocker](../../threat-protection/windows-defender-application-control/applocker/applocker-overview.md) content. +For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content. #### Create a Packaged App rule for Store apps @@ -600,7 +600,7 @@ You can restrict which files are protected by WIP when they're downloaded from a - [What is Azure Rights Management?](/information-protection/understand-explore/what-is-azure-rms) -- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](./overview-create-wip-policy.md) +- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](overview-create-wip-policy.md) - [Intune MAM Without Enrollment](/archive/blogs/configmgrdogs/intune-mam-without-enrollment) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 83eea4e8b9..34aee931e3 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -21,11 +21,11 @@ This list provides all of the tasks and settings that are required for the opera |Task|Description| |----|-----------| |Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. | -|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| +|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).| |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it's incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.

            Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.| |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.

            Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.| -|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.

            This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](./create-and-verify-an-efs-dra-certificate.md) topic.| +|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.

            This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) topic.| >[!NOTE] diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md index 98b5a376c9..46118e83d3 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md @@ -72,7 +72,7 @@ Pre-boot authentication with a PIN can mitigate an attack vector for devices tha On the other hand, Pre-boot authentication-prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization's support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation. -To address these issues, [BitLocker Network Unlock](./bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server. +To address these issues, [BitLocker Network Unlock](bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server. ### Protecting Thunderbolt and other DMA ports @@ -92,7 +92,7 @@ If kernel DMA protection isn't enabled, follow these steps to protect Thunderbol - MDM: [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy - - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.) + - Group Policy: [Disable new DMA devices when this computer is locked](bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.) For Thunderbolt v1 and v2 (DisplayPort Connector), refer to the **Thunderbolt Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). For SBP-2 and 1394 (also known as Firewire), refer to the **SBP-2 Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). @@ -166,7 +166,7 @@ Mitigation: > [!IMPORTANT] > These settings are **not configured** by default. -For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](./bitlocker-group-policy-settings.md) is: +For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](bitlocker-group-policy-settings.md) is: - *Computer Configuration* > *Policies* > *Administrative Templates* > *Windows Components* > *BitLocker Drive Encryption* > *Operating System Drives* > **Allow enhanced PINs for startup** @@ -178,6 +178,6 @@ For secure administrative workstations, Microsoft recommends a TPM with PIN prot ## Related articles - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) -- [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md) +- [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) - [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 4b8a48c1a0..d93426076e 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -112,7 +112,7 @@ Requiring a PIN at startup is a useful security feature because it acts as a sec Windows 11 and Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices don't require a PIN for startup: They're designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system. -For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md). +For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](bitlocker-countermeasures.md). ## Configure Network Unlock diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md index 491df0d342..75c9cdb27e 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -15,7 +15,7 @@ Though much Windows [BitLocker documentation](index.md) has been published, cust ## Managing domain-joined computers and moving to cloud -Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md). +Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](bitlocker-group-policy-settings.md). Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). @@ -92,7 +92,7 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi - [BitLocker: FAQs](bitlocker-frequently-asked-questions.yml) - [Microsoft BitLocker Administration and Management (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) - [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) -- [BitLocker Group Policy Reference](./bitlocker-group-policy-settings.md) +- [BitLocker Group Policy Reference](bitlocker-group-policy-settings.md) - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune/) *(Overview)* - [Configuration Settings Providers](/windows/client-management/mdm/policy-configuration-service-provider) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md index d5eb6c6c36..c934ae7570 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -331,17 +331,17 @@ It can also be configured using mobile device management (MDM), including in Int **`./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryMessage`** -![Custom URL.](./images/bl-intune-custom-url.png) +![Custom URL.](images/bl-intune-custom-url.png) Example of a customized recovery screen: -![Customized BitLocker Recovery Screen.](./images/bl-password-hint1.png) +![Customized BitLocker Recovery Screen.](images/bl-password-hint1.png) ### BitLocker recovery key hints BitLocker metadata has been enhanced starting in Windows 10, version 1903, to include information about when and where the BitLocker recovery key was backed up. This information isn't exposed through the UI or any public API. It's used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. The hints apply to both the boot manager recovery screen and the WinRE unlock screen. -![Customized BitLocker recovery screen.](./images/bl-password-hint2.png) +![Customized BitLocker recovery screen.](images/bl-password-hint2.png) > [!IMPORTANT] > It is not recommend to print recovery keys or saving them to a file. Instead, use Active Directory backup or a cloud-based backup. Cloud-based backup includes Azure Active Directory (Azure AD) and Microsoft account. @@ -378,7 +378,7 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** The hints for the Microsoft account and custom URL are displayed. -![Example 1 of Customized BitLocker recovery screen.](./images/rp-example1.png) +![Example 1 of Customized BitLocker recovery screen.](images/rp-example1.png) #### Example 2 (single recovery key with single backup) @@ -392,7 +392,7 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** Only the custom URL is displayed. -![Example 2 of customized BitLocker recovery screen.](./images/rp-example2.png) +![Example 2 of customized BitLocker recovery screen.](images/rp-example2.png) #### Example 3 (single recovery key with multiple backups) @@ -406,7 +406,7 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** Only the Microsoft Account hint is displayed. -![Example 3 of customized BitLocker recovery screen.](./images/rp-example3.png) +![Example 3 of customized BitLocker recovery screen.](images/rp-example3.png) #### Example 4 (multiple recovery passwords) @@ -435,7 +435,7 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** Only the hint for a successfully backed up key is displayed, even if it isn't the most recent key. -![Example 4 of customized BitLocker recovery screen.](./images/rp-example4.png) +![Example 4 of customized BitLocker recovery screen.](images/rp-example4.png) #### Example 5 (multiple recovery passwords) @@ -461,7 +461,7 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** The hint for the most recent key is displayed. -![Example 5 of customized BitLocker recovery screen.](./images/rp-example5.png) +![Example 5 of customized BitLocker recovery screen.](images/rp-example5.png) ## Using additional recovery information diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index 31b4e00f59..f676e384a8 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -79,7 +79,7 @@ When installing the BitLocker optional component on a server, the Enhanced Stora | [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This article describes the function, location, and effect of each group policy setting that is used to manage BitLocker. | | [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This article describes the BCD settings that are used by BitLocker.| | [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This article describes how to recover BitLocker keys from AD DS. | -| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. | +| [Protect BitLocker from pre-boot attacks](bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. | | [Troubleshoot BitLocker](/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. | | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This article describes how to protect CSVs and SANs with BitLocker.| | [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This article describes how to use BitLocker with Windows IoT Core | diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md index 8a1774472f..4ff6994bfc 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md @@ -11,13 +11,13 @@ This article describes how to configure the recommendations in the article [VPN The recommendations can be implemented for the built-in Windows VPN client using a *Force Tunneling with Exclusions* approach, defining IP-based exclusions even when using *force tunneling*. Certain traffic can be *split* to use the physical interface, while still forcing all other traffic via the VPN interface. Traffic addressed to defined destinations (like those listed in the Microsoft 365 optimized categories) follows a much more direct and efficient path, without the need to traverse or *hairpin* via the VPN tunnel and back out of the organization's network. For cloud-services like Microsoft 365, this makes a significant difference in performance and usability for remote users. > [!NOTE] -> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration). +> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](vpn-routing.md#split-tunnel-configuration). ## Solution Overview The solution is based upon the use of a VPN Configuration Service Provider Reference profile ([VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)) and the embedded [ProfileXML](/windows/client-management/mdm/vpnv2-profile-xsd). These are used to configure the VPN profile on the device. Various provisioning approaches can be used to create and deploy the VPN profile as discussed in the article [Step 6. Configure Windows 10 client Always On VPN connections](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files). -Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](./vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune). +Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune). To enable the use of force tunneling in Windows 10 or Windows 11 VPN, the `` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `` section: @@ -640,11 +640,11 @@ Write-Host "$Message" ``` -An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file. +An example of an [Intune-ready XML file](vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file. >[!NOTE] >This XML is formatted for use with Intune and cannot contain any carriage returns or whitespace. ```xml truecorp.contoso.comtruecorp.contoso.comedge1.contoso.comForceTunnelIKEv2Certificate
            13.107.6.152
            31true
            13.107.18.10
            31true
            13.107.128.0
            22true
            23.103.160.0
            20true
            40.96.0.0
            13true
            40.104.0.0
            15true
            52.96.0.0
            14true
            131.253.33.215
            32true
            132.245.0.0
            16true
            150.171.32.0
            22true
            191.234.140.0
            22true
            204.79.197.215
            32true
            13.107.136.0
            22true
            40.108.128.0
            17true
            52.104.0.0
            14true
            104.146.128.0
            17true
            150.171.40.0
            22true
            13.107.60.1
            32true
            13.107.64.0
            18true
            52.112.0.0
            14true
            52.120.0.0
            14true            http://webproxy.corp.contoso.com/proxy.pac             -``` \ No newline at end of file +``` diff --git a/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md index b156adfef4..fa3fa7d18b 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md @@ -19,7 +19,7 @@ network. These recommendations cover a wide range of deployments including home networks and enterprise desktop/server systems. To open Windows Firewall, go to the **Start** menu, select **Run**, -type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md). +type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](open-windows-firewall-with-advanced-security.md). ## Keep default settings @@ -45,7 +45,7 @@ Firewall whenever possible. These settings have been designed to secure your dev > [!IMPORTANT] > To maintain maximum security, do not change the default Block setting for inbound connections. -For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](./turn-on-windows-firewall-and-configure-default-behavior.md) and [Checklist: Configuring Basic Firewall Settings](./checklist-configuring-basic-firewall-settings.md). +For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md) and [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md). ## Understand rule precedence for inbound rules @@ -58,7 +58,7 @@ This rule-adding task can be accomplished by right-clicking either **Inbound Rul *Figure 3: Rule Creation Wizard* > [!NOTE] ->This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](./windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation. +>This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation. In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions. @@ -108,7 +108,7 @@ Creation of application rules at runtime can also be prohibited by administrator *Figure 4: Dialog box to allow access* -See also [Checklist: Creating Inbound Firewall Rules](./checklist-creating-inbound-firewall-rules.md). +See also [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md). ## Establish local policy merge and application rules @@ -202,7 +202,7 @@ What follows are a few general guidelines for configuring outbound rules. - It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use - In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments) -For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](./checklist-creating-outbound-firewall-rules.md). +For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md). ## Document your changes diff --git a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md index ba08eadadb..31071302f6 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md @@ -154,7 +154,7 @@ To disable stealth-mode, see [Disable stealth mode in Windows](/troubleshoot/win Network drops from Universal Windows Platform (UWP) default inbound/outbound block filters are often caused by the UWP app not being configured correctly (that is, the UWP app is missing the correct capability tokens or loopback isn't enabled) or the private range is configured incorrectly. -For more information on how to debug drops caused by UWP default block filters, see [Troubleshooting UWP App Connectivity Issues](./troubleshooting-uwp-firewall.md). +For more information on how to debug drops caused by UWP default block filters, see [Troubleshooting UWP App Connectivity Issues](troubleshooting-uwp-firewall.md). **WSH default** diff --git a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md index 1383de920b..536e09924d 100644 --- a/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md +++ b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md @@ -42,7 +42,7 @@ Windows supports four features to help prevent rootkits and bootkits from loadin Figure 1 shows the Windows startup process. -![Screenshot that shows the Windows startup process.](./images/boot_process.png) +![Screenshot that shows the Windows startup process.](images/boot_process.png) *Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage*: @@ -117,7 +117,7 @@ Depending on the implementation and configuration, the server can now determine Figure 2 illustrates the Measured Boot and remote attestation process. -![Screenshot that shows the Measured Boot and remote attestation process.](./images/measured_boot.png) +![Screenshot that shows the Measured Boot and remote attestation process.](images/measured_boot.png) *Figure 2. Measured Boot proves the PC's health to a remote server*: diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml index 8e86c254c7..db2e521fff 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml +++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml @@ -9,7 +9,7 @@ items: - name: Tamper protection for MDE 🔗 href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection - name: Microsoft Vulnerable Driver Blocklist 🔗 - href: ../../threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md + href: ../../application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md - name: Controlled folder access 🔗 href: /microsoft-365/security/defender-endpoint/controlled-folders - name: Exploit protection 🔗 diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index ec5973ba71..1f5cf21268 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -74,7 +74,7 @@ This category includes the following subcategories: - [Audit Process Creation](audit-process-creation.md) - [Audit Process Termination](audit-process-termination.md) - [Audit RPC Events](audit-rpc-events.md) -- [Audit Token Right Adjusted](./audit-token-right-adjusted.md) +- [Audit Token Right Adjusted](audit-token-right-adjusted.md) ## DS Access diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index a1d36ef96a..b6bf8dec61 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -27,6 +27,6 @@ When you apply basic audit policy settings to the local computer by using the Lo | Topic | Description | | - | - | | [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md) | This topic for the IT professional explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies | -| [Advanced security auditing FAQ](./advanced-security-auditing-faq.yml) | This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. +| [Advanced security auditing FAQ](advanced-security-auditing-faq.yml) | This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. | [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) | This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012. -| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) | This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. \ No newline at end of file +| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) | This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index d71517738e..f942a116de 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -29,7 +29,7 @@ This subcategory contains events about issued TGSs and failed TGS requests. | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | IF | Yes | Yes | Yes | Expected volume is very high on domain controllers.

            IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see our [***Security Monitoring Recommendations***](./appendix-a-security-monitoring-recommendations-for-many-audit-events.md).

            We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. | +| Domain Controller | IF | Yes | Yes | Yes | Expected volume is very high on domain controllers.

            IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see our [***Security Monitoring Recommendations***](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).

            We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. | | Member Server | No | No | No | No | This subcategory makes sense only on domain controllers. | | Workstation | No | No | No | No | This subcategory makes sense only on domain controllers. | @@ -39,4 +39,4 @@ This subcategory contains events about issued TGSs and failed TGS requests. - [4770](event-4770.md)(S): A Kerberos service ticket was renewed. -- [4773](event-4773.md)(F): A Kerberos service ticket request failed. \ No newline at end of file +- [4773](event-4773.md)(F): A Kerberos service ticket request failed. diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index 90e0745872..da20ec1bb0 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -31,7 +31,4 @@ Security auditing is one of the most powerful tools that you can use to maintain | Topic | Description | | - | - | |[Basic security audit policies](basic-security-audit-policies.md) |Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. | -|[Advanced security audit policies](./advanced-security-auditing.md) |Advanced security audit policy settings are found in **Security Settings\Advanced Audit Policy Configuration\System Audit Policies** and appear to overlap with basic security audit policies, but they're recorded and applied differently. | - - - +|[Advanced security audit policies](advanced-security-auditing.md) |Advanced security audit policy settings are found in **Security Settings\Advanced Audit Policy Configuration\System Audit Policies** and appear to overlap with basic security audit policies, but they're recorded and applied differently. | diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 85a59f77d7..29ae2dce93 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -47,7 +47,7 @@ Each of the cryptographic modules has a defined security policy that must be met ### Step 3: Enable the FIPS security policy -Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](./security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md). +Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md). ### Step 4: Ensure that only FIPS validated cryptographic algorithms are used diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index a58568e79b..850102843d 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -26,7 +26,7 @@ See the following articles to learn more about the different areas of Windows th - [Network Protection](/microsoft-365/security/defender-endpoint/network-protection) - [Virtualization-Based Protection of Code Integrity](../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) -- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) +- [Windows Firewall](../operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md) - [Windows Sandbox](../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md) ## Next-generation protection diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 29afee340a..51a9ad4ad2 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -388,7 +388,7 @@ Examples: Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL ``` -- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control/windows-defender-application-control-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. +- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections. - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example: diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index ec6ef4ec58..8f52bd244e 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -86,7 +86,7 @@ Settings are applied in the following order through a Group Policy Object (GPO), When a local setting is greyed out, it indicates that a GPO currently controls that setting. > [!NOTE] -> More information about configuring the policy can be found [here](./how-to-configure-security-policy-settings.md). +> More information about configuring the policy can be found [here](how-to-configure-security-policy-settings.md). ## Security considerations diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md index 42cb403da5..6b65885d98 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md @@ -172,4 +172,4 @@ If the policy is defined, admin tools, scripts and software that formerly enumer ## Next steps -[Security Options](./security-options.md) +[Security Options](security-options.md) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index d6fe96c0ba..08153aa0d5 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -666,4 +666,4 @@ You can get more info with the following links: - [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90)) - [Event Query Schema](/windows/win32/wes/queryschema-schema) - [Windows Event Collector](/windows/win32/wec/windows-event-collector) -- [4625(F): An account failed to log on](./auditing/event-4625.md) +- [4625(F): An account failed to log on](auditing/event-4625.md) From d78a5dd183b8fa351ac81dae729d26c982fa0c12 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 17 Jul 2023 12:45:50 -0400 Subject: [PATCH 3/4] Fix licensing links --- .../design/microsoft-recommended-driver-block-rules.md | 4 ++-- .../windows-defender-application-control/wdac.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md index b45d22101e..aa6ab698b9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md @@ -1,5 +1,5 @@ --- -title: Microsoft recommended driver block rules +title: Microsoft recommended driver block rules description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community. keywords: security, malware, kernel mode, driver ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -59,7 +59,7 @@ The blocklist is updated with each new major release of Windows, typically 1-2 t Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies. -[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)] +[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)] ## Blocking vulnerable drivers using WDAC diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md index 9c7cbd8b00..11ba8e4c56 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium audience: ITPro -ms.collection: +ms.collection: - highpri - tier3 author: vinaypamnani-msft @@ -73,7 +73,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](design - Microsoft.Build.Framework.dll - Wslhost.dll -[!INCLUDE [windows-defender-application-control-wdac](../../../../includes/licensing/windows-defender-application-control-wdac.md)] +[!INCLUDE [windows-defender-application-control-wdac](../../../../../includes/licensing/windows-defender-application-control-wdac.md)] ## Related articles From 59f41479420a58764f5eda633180347f5286b091 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 17 Jul 2023 12:51:43 -0400 Subject: [PATCH 4/4] Metadata updates --- ...perational-guide-appid-tagging-policies.md | 18 --------- .../deploy-appid-tagging-policies.md | 12 ------ .../design-create-appid-tagging-policies.md | 20 ---------- .../AppIdTagging/wdac-appid-tagging-guide.md | 20 +--------- ...ged-apps-to-existing-applocker-rule-set.md | 6 --- .../applocker/administer-applocker.md | 6 --- .../applocker-architecture-and-components.md | 6 --- .../applocker/applocker-functions.md | 6 --- .../applocker/applocker-overview.md | 3 -- .../applocker-policies-deployment-guide.md | 6 --- .../applocker-policies-design-guide.md | 6 --- .../applocker-policy-use-scenarios.md | 6 --- .../applocker-processes-and-interactions.md | 6 --- .../applocker/applocker-settings.md | 6 --- .../applocker-technical-reference.md | 6 --- ...gure-an-applocker-policy-for-audit-only.md | 6 --- ...e-an-applocker-policy-for-enforce-rules.md | 6 --- ...figure-exceptions-for-an-applocker-rule.md | 6 --- ...onfigure-the-appLocker-reference-device.md | 6 --- ...figure-the-application-identity-service.md | 6 --- .../create-a-rule-for-packaged-apps.md | 6 --- ...-a-rule-that-uses-a-file-hash-condition.md | 6 --- ...reate-a-rule-that-uses-a-path-condition.md | 6 --- ...-a-rule-that-uses-a-publisher-condition.md | 6 --- .../create-applocker-default-rules.md | 6 --- ...cations-deployed-to-each-business-group.md | 6 --- .../create-your-applocker-policies.md | 6 --- .../applocker/create-your-applocker-rules.md | 6 --- .../applocker/delete-an-applocker-rule.md | 6 --- ...cies-by-using-the-enforce-rules-setting.md | 6 --- ...oy-the-applocker-policy-into-production.md | 6 --- ...p-policy-structure-and-rule-enforcement.md | 6 --- ...igitally-signed-on-a-reference-computer.md | 6 --- ...ine-your-application-control-objectives.md | 6 --- ...-users-try-to-run-a-blocked-application.md | 6 --- .../applocker/dll-rules-in-applocker.md | 6 --- ...tructure-and-applocker-rule-enforcement.md | 6 --- .../document-your-application-list.md | 6 --- .../document-your-applocker-rules.md | 6 --- .../applocker/edit-an-applocker-policy.md | 6 --- .../applocker/edit-applocker-rules.md | 6 --- .../enable-the-dll-rule-collection.md | 6 --- .../applocker/enforce-applocker-rules.md | 6 --- .../executable-rules-in-applocker.md | 6 --- .../export-an-applocker-policy-from-a-gpo.md | 6 --- ...port-an-applocker-policy-to-an-xml-file.md | 6 --- .../applocker/how-applocker-works-techref.md | 6 --- ...-applocker-policy-from-another-computer.md | 6 --- .../import-an-applocker-policy-into-a-gpo.md | 6 --- .../applocker/maintain-applocker-policies.md | 6 --- .../manage-packaged-apps-with-applocker.md | 6 --- ...r-policies-by-using-set-applockerpolicy.md | 6 --- .../merge-applocker-policies-manually.md | 6 --- ...onitor-application-usage-with-applocker.md | 6 --- .../optimize-applocker-performance.md | 6 --- ...ckaged-app-installer-rules-in-applocker.md | 6 --- .../plan-for-applocker-policy-management.md | 6 --- .../applocker/refresh-an-applocker-policy.md | 6 --- ...ements-for-deploying-applocker-policies.md | 6 --- .../requirements-to-use-applocker.md | 6 --- ...the-automatically-generate-rules-wizard.md | 6 --- .../applocker/script-rules-in-applocker.md | 6 --- .../security-considerations-for-applocker.md | 6 --- .../select-types-of-rules-to-create.md | 6 --- ...er-policy-by-using-test-applockerpolicy.md | 6 --- .../test-and-update-an-applocker-policy.md | 6 --- .../applocker/tools-to-use-with-applocker.md | 6 --- ...derstand-applocker-enforcement-settings.md | 6 --- ...stand-applocker-policy-design-decisions.md | 6 --- ...ent-setting-inheritance-in-group-policy.md | 6 --- ...the-applocker-policy-deployment-process.md | 6 --- ...plocker-allow-and-deny-actions-on-rules.md | 6 --- .../understanding-applocker-default-rules.md | 6 --- .../understanding-applocker-rule-behavior.md | 6 --- ...nderstanding-applocker-rule-collections.md | 6 --- ...standing-applocker-rule-condition-types.md | 6 --- ...understanding-applocker-rule-exceptions.md | 6 --- ...e-file-hash-rule-condition-in-applocker.md | 6 --- ...ng-the-path-rule-condition-in-applocker.md | 6 --- ...e-publisher-rule-condition-in-applocker.md | 6 --- ...-create-and-maintain-applocker-policies.md | 6 --- ...restriction-policies-in-the-same-domain.md | 6 --- ...he-applocker-windows-powershell-cmdlets.md | 6 --- .../using-event-viewer-with-applocker.md | 6 --- ...riction-policies-and-applocker-policies.md | 6 --- .../applocker/what-is-applocker.md | 6 --- .../windows-installer-rules-in-applocker.md | 6 --- .../working-with-applocker-policies.md | 6 --- .../applocker/working-with-applocker-rules.md | 6 --- .../deployment/LOB-win32-apps-on-s.md | 10 ----- .../deployment/audit-wdac-policies.md | 22 +---------- .../create-code-signing-cert-for-wdac.md | 20 +--------- .../deploy-catalog-files-to-support-wdac.md | 12 ------ ...deploy-wdac-policies-using-group-policy.md | 20 +--------- .../deploy-wdac-policies-using-intune.md | 14 +------ .../deploy-wdac-policies-with-memcm.md | 12 ------ .../deploy-wdac-policies-with-script.md | 16 +------- .../deployment/disable-wdac-policies.md | 20 +--------- .../deployment/enforce-wdac-policies.md | 19 +--------- .../deployment/merge-wdac-policies.md | 16 +------- ...gning-for-better-control-and-protection.md | 12 ------ ...icies-to-protect-wdac-against-tampering.md | 12 ------ .../deployment/wdac-deployment-guide.md | 12 ------ ...-com-object-registration-in-wdac-policy.md | 28 +++----------- .../design/common-wdac-use-cases.md | 22 +---------- ...-apps-deployed-with-a-managed-installer.md | 20 +--------- .../design/create-wdac-deny-policy.md | 12 ------ ...e-wdac-policy-for-fully-managed-devices.md | 24 ++---------- ...wdac-policy-for-lightly-managed-devices.md | 24 ++---------- ...te-wdac-policy-using-reference-computer.md | 24 ++---------- .../design/deploy-multiple-wdac-policies.md | 20 +--------- .../design/example-wdac-base-policies.md | 12 ------ .../design/manage-packaged-apps-with-wdac.md | 20 +--------- .../microsoft-recommended-block-rules.md | 16 +------- ...icrosoft-recommended-driver-block-rules.md | 22 +---------- .../design/plan-wdac-management.md | 20 +--------- .../design/script-enforcement.md | 14 ------- .../design/select-types-of-rules-to-create.md | 22 +---------- ...understand-wdac-policy-design-decisions.md | 22 +---------- .../understanding-wdac-policy-settings.md | 10 +---- ...l-specific-plug-ins-add-ins-and-modules.md | 20 +--------- ...se-wdac-with-intelligent-security-graph.md | 20 +--------- .../design/wdac-and-dotnet.md | 14 +------ .../design/wdac-design-guide.md | 20 +--------- .../design/wdac-wizard-create-base-policy.md | 23 +---------- .../wdac-wizard-create-supplemental-policy.md | 23 +---------- .../design/wdac-wizard-editing-policy.md | 18 --------- .../design/wdac-wizard-merging-policies.md | 12 ------ .../design/wdac-wizard-parsing-event-logs.md | 20 ---------- .../design/wdac-wizard.md | 12 ------ .../feature-availability.md | 13 ------- .../operations/citool-commands.md | 6 --- .../configure-wdac-managed-installer.md | 20 +--------- .../operations/event-id-explanations.md | 20 ++-------- .../operations/event-tag-explanations.md | 16 +------- .../operations/inbox-wdac-policies.md | 14 ------- .../operations/known-issues.md | 19 +--------- ...events-centrally-using-advanced-hunting.md | 17 +-------- .../wdac-debugging-and-troubleshooting.md | 38 +++++++------------ .../operations/wdac-operational-guide.md | 20 +--------- .../wdac-and-applocker-overview.md | 19 ---------- .../wdac.md | 25 ++---------- windows/security/docfx.json | 19 ++++++---- 143 files changed, 89 insertions(+), 1465 deletions(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index 3214920ad9..b8552a63ca 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -1,31 +1,13 @@ --- title: Testing and Debugging AppId Tagging Policies description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Testing and Debugging AppId Tagging Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index e16747c375..e8af7434cc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -1,25 +1,13 @@ --- title: Deploying Windows Defender Application Control AppId tagging policies description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment. -ms.prod: windows-client ms.localizationpriority: medium -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Deploying Windows Defender Application Control AppId tagging policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index 6b0042600b..9407cacded 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -1,31 +1,13 @@ --- title: Create your Windows Defender Application Control AppId Tagging Policies description: Create your Windows Defender Application Control AppId tagging policies for Windows devices. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/29/2022 -ms.technology: itpro-security ms.topic: article --- # Creating your WDAC AppId Tagging Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). @@ -43,7 +25,6 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies). - 2. Set the following rule-options using the Wizard toggles: ![Configuring the policy rule-options.](../images/appid-wdac-wizard-2.png) @@ -58,7 +39,6 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power - Package app name rules: Create a rule based off the package family name of an appx/msix. - Hash rules: Create a rule based off the PE Authenticode hash of a file. - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md index a509bcee48..2d94e08d99 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md @@ -1,31 +1,13 @@ --- -title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies +title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies -keywords: security, malware, firewall -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz ms.date: 04/27/2022 -ms.technology: itpro-security ms.topic: article --- # WDAC Application ID (AppId) Tagging guide -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2022 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 0af1870a2a..137f9503c0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -1,15 +1,9 @@ --- title: Add rules for packaged apps to existing AppLocker rule-set description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Add rules for packaged apps to existing AppLocker rule-set diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md index 6e41e6c5e2..a8cc845756 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md @@ -1,15 +1,9 @@ --- title: Administer AppLocker description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 02/28/2019 -ms.technology: itpro-security --- # Administer AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md index 37127bd09f..93e671aff7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -1,15 +1,9 @@ --- title: AppLocker architecture and components description: This topic for IT professional describes AppLocker’s basic architecture and its major components. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker architecture and components diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md index 52acbce003..48067e47b9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md @@ -1,15 +1,9 @@ --- title: AppLocker functions description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker functions diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md index c13e82db76..eaf509458d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md @@ -1,9 +1,6 @@ --- title: AppLocker description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. -ms.author: vinpa -author: vinaypamnani-msft -manager: aaroncz ms.collection: - highpri - tier3 diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index 2c37794578..3e609e4176 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -1,15 +1,9 @@ --- title: AppLocker deployment guide description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker deployment guide diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md index 0953e691f1..56a059df6a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -1,15 +1,9 @@ --- title: AppLocker design guide description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker design guide diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index e4b467ac07..7657e480fa 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -1,15 +1,9 @@ --- title: AppLocker policy use scenarios description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker policy use scenarios diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index f9b3d75543..567b3bafc5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -1,15 +1,9 @@ --- title: AppLocker processes and interactions description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker processes and interactions diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md index 2371faff67..956c1904a8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md @@ -1,15 +1,9 @@ --- title: AppLocker settings description: This topic for the IT professional lists the settings used by AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker settings diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md index a4e2b5c421..8f8b29113c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -1,15 +1,9 @@ --- title: AppLocker technical reference description: This overview topic for IT professionals provides links to the topics in the technical reference. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # AppLocker technical reference diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 762f500737..6e62bb3ccd 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -1,15 +1,9 @@ --- title: Configure an AppLocker policy for audit only description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 06/08/2018 -ms.technology: itpro-security --- # Configure an AppLocker policy for audit only diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 5677e08745..5ee7082a7e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -1,15 +1,9 @@ --- title: Configure an AppLocker policy for enforce rules description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Configure an AppLocker policy for enforce rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index d7fb5a0851..ff055ce7c2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -1,15 +1,9 @@ --- title: Add exceptions for an AppLocker rule description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Add exceptions for an AppLocker rule diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index ad878e7040..eb422a3a03 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -1,15 +1,9 @@ --- title: Configure the AppLocker reference device description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Configure the AppLocker reference device diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md index b9261a395b..628b5cd559 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -1,15 +1,9 @@ --- title: Configure the Application Identity service description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 07/01/2021 -ms.technology: itpro-security --- # Configure the Application Identity service diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index 357689283c..aafae9fa2d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -1,15 +1,9 @@ --- title: Create a rule for packaged apps description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule for packaged apps diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index 592e0d0250..e1c48949a8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a file hash condition description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a file hash condition diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index 019d399434..c6c0413c43 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a path condition description: This topic for IT professionals shows how to create an AppLocker rule with a path condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a path condition diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index b7973d180c..193299df1c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -1,15 +1,9 @@ --- title: Create a rule that uses a publisher condition description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a rule that uses a publisher condition diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md index a9b4962478..98493d5656 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -1,15 +1,9 @@ --- title: Create AppLocker default rules description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create AppLocker default rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 1811f0ba24..5e8d7b6735 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -1,15 +1,9 @@ --- title: Create a list of apps deployed to each business group description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create a list of apps deployed to each business group diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md index 5de5930086..861bf58502 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Create Your AppLocker policies description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create Your AppLocker policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md index 5e05fb2c6e..c32cbf3af1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Create Your AppLocker rules description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Create Your AppLocker rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md index e639e46f0b..b531465cdc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -1,15 +1,9 @@ --- title: Delete an AppLocker rule description: This article for IT professionals describes the steps to delete an AppLocker rule. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 03/10/2023 -ms.technology: itpro-security --- # Delete an AppLocker rule diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index b01a4cb864..0d956ceadf 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -1,15 +1,9 @@ --- title: Deploy AppLocker policies by using the enforce rules setting description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Deploy AppLocker policies by using the enforce rules setting diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index bd454cbc25..da372fd5b0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -1,15 +1,9 @@ --- title: Deploy the AppLocker policy into production description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Deploy the AppLocker policy into production diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 75cb76fbb6..8c8842e5ae 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -1,15 +1,9 @@ --- title: Determine the Group Policy structure and rule enforcement description: This overview topic describes the process to follow when you're planning to deploy AppLocker rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine the Group Policy structure and rule enforcement diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index aae68e89c5..a654dfc5f7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -1,15 +1,9 @@ --- title: Find digitally signed apps on a reference device description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine which apps are digitally signed on a reference device diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index bd8cd14419..b52c32d46b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -1,15 +1,9 @@ --- title: Determine your application control objectives description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Determine your application control objectives diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 050d675248..4f50e071a2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -1,15 +1,9 @@ --- title: Display a custom URL message when users try to run a blocked app description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Display a custom URL message when users try to run a blocked app diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md index 641ee98a64..39003c7034 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: DLL rules in AppLocker description: This topic describes the file formats and available default rules for the DLL rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # DLL rules in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index a99df09d89..5206548f80 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -1,15 +1,9 @@ --- title: Document Group Policy structure & AppLocker rule enforcement description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document the Group Policy structure and AppLocker rule enforcement diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md index 1e1cb3e944..e56f851d85 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md @@ -1,15 +1,9 @@ --- title: Document your app list description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document your app list diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md index f2803a91f2..5e123e0052 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Document your AppLocker rules description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Document your AppLocker rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md index 0ebddf77d5..01166c2ac5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Edit an AppLocker policy description: This topic for IT professionals describes the steps required to modify an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Edit an AppLocker policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md index 5c05fb3560..94a7441394 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Edit AppLocker rules description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Edit AppLocker rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index a97f271c3d..811c73d69f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -1,15 +1,9 @@ --- title: Enable the DLL rule collection description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Enable the DLL rule collection diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md index 947a69a2ad..155e7ef8e9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Enforce AppLocker rules description: This topic for IT professionals describes how to enforce application control rules by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Enforce AppLocker rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 461262fab4..4e0d5303e8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Executable rules in AppLocker description: This topic describes the file formats and available default rules for the executable rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Executable rules in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index bde1c865ad..9e1872b4b8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -1,15 +1,9 @@ --- title: Export an AppLocker policy from a GPO description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Export an AppLocker policy from a GPO diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 93e466a216..90737aee69 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -1,15 +1,9 @@ --- title: Export an AppLocker policy to an XML file description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Export an AppLocker policy to an XML file diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md index e4168feaaa..b05b76c318 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -1,15 +1,9 @@ --- title: How AppLocker works description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # How AppLocker works diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index c9eee9963c..b7e29c29a1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -1,14 +1,8 @@ --- title: Import an AppLocker policy from another computer description: This topic for IT professionals describes how to import an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 12/31/2017 --- diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index aa4be6cdf0..40488c8f88 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -1,15 +1,9 @@ --- title: Import an AppLocker policy into a GPO description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Import an AppLocker policy into a GPO diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md index e9d52b57ce..1a9f1401e7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -1,14 +1,8 @@ --- title: Maintain AppLocker policies description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 12/31/2017 --- diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 53939061e2..4d8e825349 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -1,15 +1,9 @@ --- title: Manage packaged apps with AppLocker description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Manage packaged apps with AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index f9ff7dc54d..a51c56cde6 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -1,15 +1,9 @@ --- title: Merge AppLocker policies by using Set-ApplockerPolicy description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Merge AppLocker policies by using Set-ApplockerPolicy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index 41657a25bd..7ec3f23e57 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -1,15 +1,9 @@ --- title: Merge AppLocker policies manually description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Merge AppLocker policies manually diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index 32c0267869..c251209071 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -1,15 +1,9 @@ --- title: Monitor app usage with AppLocker description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Monitor app usage with AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md index ef107acf59..8646482c66 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -1,15 +1,9 @@ --- title: Optimize AppLocker performance description: This topic for IT professionals describes how to optimize AppLocker policy enforcement. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Optimize AppLocker performance diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 48e94f6635..92d016a3dc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Packaged apps and packaged app installer rules in AppLocker description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: itpro-security --- # Packaged apps and packaged app installer rules in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index f2e8463f25..2afb56de2f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -1,15 +1,9 @@ --- title: Plan for AppLocker policy management description: This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Plan for AppLocker policy management diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index 06168d1e9a..d4039c3443 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Refresh an AppLocker policy description: This topic for IT professionals describes the steps to force an update for an AppLocker policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Refresh an AppLocker policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index 40579e3963..70a6f0b415 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Requirements for deploying AppLocker policies description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Requirements for deploying AppLocker policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md index 47b2d12aba..5d2b189772 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -1,15 +1,9 @@ --- title: Requirements to use AppLocker description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Requirements to use AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index d6ba932c98..9f331d58f0 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -1,15 +1,9 @@ --- title: Run the Automatically Generate Rules wizard description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Run the Automatically Generate Rules wizard diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md index bee1694c3a..ea18273ead 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Script rules in AppLocker description: This article describes the file formats and available default rules for the script rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 06/15/2022 -ms.technology: itpro-security --- # Script rules in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md index f32ff85c69..69f190b3f5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -1,15 +1,9 @@ --- title: Security considerations for AppLocker description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Security considerations for AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index 7776bf7386..15f51ed1d5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -1,15 +1,9 @@ --- title: Select the types of rules to create description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Select the types of rules to create diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index 0c029929bf..bd085cda47 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -1,15 +1,9 @@ --- title: Test an AppLocker policy by using Test-AppLockerPolicy description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Test an AppLocker policy by using Test-AppLockerPolicy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index 71815be79b..de4fc78024 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -1,15 +1,9 @@ --- title: Test and update an AppLocker policy description: This topic discusses the steps required to test an AppLocker policy prior to deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Test and update an AppLocker policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index 9fcea89142..a683153f73 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -1,15 +1,9 @@ --- title: Tools to use with AppLocker description: This topic for the IT professional describes the tools available to create and administer AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Tools to use with AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index 9b5abb0b0b..db76a5a1bb 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker enforcement settings description: This topic describes the AppLocker enforcement settings for rule collections. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand AppLocker enforcement settings diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index d61a4fdf98..d9f21105f1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker policy design decisions description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 10/13/2017 -ms.technology: itpro-security --- # Understand AppLocker policy design decisions diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index fc99a9815b..363423b61d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -1,15 +1,9 @@ --- title: Understand AppLocker rules and enforcement setting inheritance in Group Policy description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand AppLocker rules and enforcement setting inheritance in Group Policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index ab1522f49e..d06e82f836 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -1,15 +1,9 @@ --- title: Understand the AppLocker policy deployment process description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understand the AppLocker policy deployment process diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index cec55e8e38..a10756f305 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker allow and deny actions on rules description: This topic explains the differences between allow and deny actions on AppLocker rules. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker allow and deny actions on rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index 606e9924ec..764edf8acd 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker default rules description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker default rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index 377eb5019a..7a6eea342e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule behavior description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule behavior diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index 1787c045ef..3f9f5ad500 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule collections description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule collections diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index b26445b191..bad3241ee2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule condition types description: This topic for the IT professional describes the three types of AppLocker rule conditions. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule condition types diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index 71ae842b65..416310d176 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -1,15 +1,9 @@ --- title: Understanding AppLocker rule exceptions description: This topic describes the result of applying AppLocker rule exceptions to rule collections. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding AppLocker rule exceptions diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index 6e13561e2c..9c95ff5c19 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the file hash rule condition in AppLocker description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the file hash rule condition in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 5d3e6d2d29..4a28e77011 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the path rule condition in AppLocker description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the path rule condition in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index dbc7fe282d..a915c31c36 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -1,15 +1,9 @@ --- title: Understanding the publisher rule condition in AppLocker description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it's applied. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Understanding the publisher rule condition in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index eb14fbd674..c86f226134 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Use a reference device to create and maintain AppLocker policies description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer. -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.reviewer: -ms.technology: itpro-security --- # Use a reference device to create and maintain AppLocker policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index 9415499e71..a8a22bcdb4 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -1,15 +1,9 @@ --- title: Use AppLocker and Software Restriction Policies in the same domain description: This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 11/07/2022 -ms.technology: itpro-security --- # Use AppLocker and Software Restriction Policies in the same domain diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index 155e3e6d17..aed93b7f33 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -1,15 +1,9 @@ --- title: Use the AppLocker Windows PowerShell cmdlets description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Use the AppLocker Windows PowerShell cmdlets diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 2aedf66058..35cecd0bee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -1,14 +1,8 @@ --- title: Using Event Viewer with AppLocker description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual -ms.technology: itpro-security ms.date: 02/02/2023 --- diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index d8b071c1c2..e822da9f1b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Use Software Restriction Policies and AppLocker policies description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Use Software Restriction Policies and AppLocker policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md index 68586393f4..e976eb85b8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md @@ -1,15 +1,9 @@ --- title: What Is AppLocker description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # What Is AppLocker? diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index 9a410a20af..9f51d9f474 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -1,15 +1,9 @@ --- title: Windows Installer rules in AppLocker description: This topic describes the file formats and available default rules for the Windows Installer rule collection. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Windows Installer rules in AppLocker diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md index 8e4a0a0395..0f287537b8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -1,15 +1,9 @@ --- title: Working with AppLocker policies description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies. -ms.reviewer: -ms.author: vinpa -ms.prod: windows-client ms.localizationpriority: medium -author: vinaypamnani-msft -manager: aaroncz ms.topic: conceptual ms.date: 09/21/2017 -ms.technology: itpro-security --- # Working with AppLocker policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md index 8d170ef5ed..57c5eaa7cd 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -1,15 +1,9 @@ --- title: Working with AppLocker rules description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies. -ms.reviewer: -manager: aaroncz -ms.author: vinpa -ms.prod: windows-client -author: vinaypamnani-msft ms.localizationpriority: medium msauthor: v-anbic ms.date: 08/27/2018 -ms.technology: itpro-security ms.topic: conceptual --- diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md index 7091e768a8..965a20c625 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md @@ -1,23 +1,13 @@ --- title: Allow LOB Win32 apps on Intune-managed S Mode devices description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S Mode base policy on your Intune-managed devices. -ms.prod: windows-client ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 04/05/2023 -ms.technology: itpro-security ms.topic: how-to --- # Allow line-of-business Win32 apps on Intune-managed S Mode devices -**Applies to:** - -- Windows 10 - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md index 686a78ea90..98ac6cf37d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md @@ -1,31 +1,13 @@ --- -title: Use audit events to create WDAC policy rules +title: Use audit events to create WDAC policy rules description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 05/03/2018 -ms.technology: itpro-security ms.topic: article --- # Use audit events to create WDAC policy rules -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). @@ -59,7 +41,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. ```powershell - New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings + New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings ``` > [!NOTE] diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md index 60cb8e35f1..cfa497a317 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md @@ -1,31 +1,13 @@ --- -title: Create a code signing cert for Windows Defender Application Control +title: Create a code signing cert for Windows Defender Application Control description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 12/01/2022 -ms.technology: itpro-security --- # Optional: Create a code signing cert for Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md index 70818583a2..bc9542abec 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md @@ -1,25 +1,13 @@ --- title: Deploy catalog files to support Windows Defender Application Control description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: how-to -author: jsuther1974 -ms.reviewer: jgeurten -ms.author: vinpa -manager: aaroncz ms.date: 11/30/2022 -ms.technology: itpro-security --- # Deploy catalog files to support Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md index 872207d1e5..aed9b36b5b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md @@ -1,31 +1,13 @@ --- -title: Deploy WDAC policies via Group Policy +title: Deploy WDAC policies via Group Policy description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 01/23/2023 -ms.technology: itpro-security ms.topic: article --- # Deploy Windows Defender Application Control policies by using Group Policy -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md index cd5f506394..4bc2061e98 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md @@ -1,25 +1,13 @@ --- -title: Deploy WDAC policies using Mobile Device Management (MDM) +title: Deploy WDAC policies using Mobile Device Management (MDM) description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 01/23/2023 ms.topic: how-to --- # Deploy WDAC policies using Mobile Device Management (MDM) -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 72b2f4c5a2..d4135733c2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -1,12 +1,6 @@ --- title: Deploy Windows Defender Application Control policies with Configuration Manager description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. -ms.prod: windows-client -ms.technology: itpro-security -author: jgeurten -ms.reviewer: aaroncz -ms.author: jogeurte -manager: aaroncz ms.date: 06/27/2022 ms.topic: how-to ms.localizationpriority: medium @@ -14,12 +8,6 @@ ms.localizationpriority: medium # Deploy WDAC policies by using Microsoft Configuration Manager -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 3ac58c1eee..a96124b086 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -1,28 +1,14 @@ --- -title: Deploy Windows Defender Application Control (WDAC) policies using script +title: Deploy Windows Defender Application Control (WDAC) policies using script description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: aaroncz -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 01/23/2023 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Deploy WDAC policies using script -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md index 2ab7c24e05..33e262f23d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md @@ -1,31 +1,13 @@ --- -title: Remove Windows Defender Application Control policies +title: Remove Windows Defender Application Control policies description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/04/2022 -ms.technology: itpro-security ms.topic: article --- # Remove Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md index 42f310f7fc..9000c01d85 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md @@ -1,28 +1,14 @@ --- -title: Enforce Windows Defender Application Control (WDAC) policies +title: Enforce Windows Defender Application Control (WDAC) policies description: Learn how to switch a WDAC policy from audit to enforced mode. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 04/22/2021 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Enforce Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). @@ -55,8 +41,7 @@ Alice previously created and deployed a policy for the organization's [fully man $EnforcedPolicyID = $EnforcedPolicyID.Substring(11) ``` - -3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment. +3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 ("Advanced Boot Options Menu") and 10 ("Boot Audit on Failure"). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment. ```powershell Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9 diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md index 22722ec984..20bf91ea2a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md @@ -1,28 +1,14 @@ --- -title: Merge Windows Defender Application Control policies (WDAC) +title: Merge Windows Defender Application Control policies (WDAC) description: Learn how to merge WDAC policies as part of your policy lifecycle management. -keywords: security, malware -ms.prod: windows-client -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: jogeurte ms.manager: jsuther -manager: aaroncz ms.date: 04/22/2021 -ms.technology: itpro-security ms.topic: article ms.localizationpriority: medium --- # Merge Windows Defender Application Control (WDAC) policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md index 3a3a773007..8bc12aa239 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md @@ -1,25 +1,13 @@ --- title: Use code signing for added control and protection with WDAC description: Code signing can be used to better control Win32 app authorization and add protection for your Windows Defender Application Control (WDAC) policies. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/29/2022 -ms.technology: itpro-security --- # Use code signing for added control and protection with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md index cba5e21c90..72139cebfa 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md @@ -1,25 +1,13 @@ --- title: Use signed policies to protect Windows Defender Application Control against tampering description: Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows 10 and Windows 11. -ms.prod: windows-client ms.localizationpriority: medium ms.topic: conceptual -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/04/2022 -ms.technology: itpro-security --- # Use signed policies to protect Windows Defender Application Control against tampering -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md index 5bcc3df869..90bdaa9748 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md @@ -1,25 +1,13 @@ --- title: Deploying Windows Defender Application Control (WDAC) policies description: Learn how to plan and implement a WDAC deployment. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jgeurten -ms.reviewer: aaroncz -ms.author: jogeurte -manager: jsuther ms.date: 01/23/2023 ms.topic: overview --- # Deploying Windows Defender Application Control (WDAC) policies -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md index c756bd371a..ad1b478b40 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md @@ -1,31 +1,13 @@ --- -title: Allow COM object registration in a WDAC policy +title: Allow COM object registration in a WDAC policy description: You can allow COM object registration in a Windows Defender Application Control policy. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: vinaypamnani-msft -ms.reviewer: jsuther -ms.author: vinpa -manager: aaroncz -ms.technology: itpro-security ms.date: 04/05/2023 ms.topic: article --- # Allow COM object registration in a Windows Defender Application Control policy -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and later - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). @@ -38,8 +20,8 @@ Windows Defender Application Control (WDAC) enforces a built-in allowlist for CO > [!NOTE] > To add this functionality to other versions of Windows 10, you can install the following or later updates. -- [Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371) -- [Windows 10, 1607 June 18, 2019—KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294) +- [Windows 10, 1809 June 18, 2019-KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371) +- [Windows 10, 1607 June 18, 2019-KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294) ### Get COM object GUID @@ -49,13 +31,13 @@ You can get the COM application GUID from the 8036 COM object block events in Ev Three elements: -- Provider: platform on which code is running (values are PowerShell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”) +- Provider: platform on which code is running (values are PowerShell, WSH, IE, VBA, MSI, or a wildcard "AllHostIds") - Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}" - ValueName: needs to be set to "EnterpriseDefinedClsId" One attribute: -- Value: needs to be “true” for allow and “false” for deny +- Value: needs to be "true" for allow and "false" for deny > [!NOTE] > Deny only works in base policies, not supplemental policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md index b691f92753..2d96cac781 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md @@ -1,35 +1,17 @@ --- -title: Policy creation for common WDAC usage scenarios +title: Policy creation for common WDAC usage scenarios description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 04/05/2023 -ms.technology: itpro-security ms.topic: article --- # Windows Defender Application Control deployment in different scenarios: types of devices -**Applies to** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. +Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply "turn on." The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. ## Types of devices diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md index aef6ba62ee..6154ff435d 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -1,31 +1,13 @@ --- -title: Allow apps deployed with a WDAC managed installer +title: Allow apps deployed with a WDAC managed installer description: Explains how to configure a custom Managed Installer. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 02/02/2023 -ms.technology: itpro-security ms.topic: article --- # Automatically allow apps deployed by a managed installer with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2019 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md index 1fa35ceece..3dcec18e4f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md @@ -1,19 +1,7 @@ --- title: Create WDAC Deny Policy description: Explains how to create WDAC deny policies -keywords: WDAC, policy -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jgeurten -ms.reviewer: jsuther1974 -ms.author: vinpa -manager: aaroncz -ms.technology: itpro-security ms.date: 12/31/2017 ms.topic: article --- diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md index 1a5b9cfab4..76720b9535 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md @@ -1,31 +1,13 @@ --- -title: Create a WDAC policy for fully managed devices +title: Create a WDAC policy for fully managed devices description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in system core. -keywords: security, malware ms.topic: conceptual -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/07/2022 -ms.technology: itpro-security --- # Create a WDAC policy for fully managed devices -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). @@ -54,12 +36,12 @@ Alice's team develops a simple console application, called *LamnaITInstaller.exe Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps -2. **"ConfigMgr works”** rules that include signer and hash rules for Configuration Manager components to properly function. +2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function. 3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer) The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md index baaa84f8ed..d4b6d3f256 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md @@ -1,31 +1,13 @@ --- -title: Create a WDAC policy for lightly managed devices +title: Create a WDAC policy for lightly managed devices description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. -keywords: security, malware ms.topic: conceptual -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 11/07/2022 -ms.technology: itpro-security --- # Create a WDAC policy for lightly managed devices -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). @@ -52,12 +34,12 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps -1. **"ConfigMgr works”** rules that include: +1. **"ConfigMgr works"** rules that include: - Signer and hash rules for Configuration Manager components to properly function. - **Allow Managed Installer** rule to authorize Configuration Manager as a managed installer. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md index 4662dad7e3..77a4402365 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md @@ -1,31 +1,13 @@ --- -title: Create a WDAC policy using a reference computer +title: Create a WDAC policy using a reference computer description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 08/08/2022 -ms.technology: itpro-security ms.topic: article --- # Create a WDAC policy using a reference computer -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). @@ -40,7 +22,7 @@ As described in [common Windows Defender Application Control deployment scenario ## Create a custom base policy using a reference device -Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on. +Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a "golden" image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on. > [!NOTE] > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy.

            Each installed software application should be validated as trustworthy before you create a policy.

            We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer. @@ -53,7 +35,7 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo Based on the above, Alice defines the pseudo-rules for the policy: -1. **“Windows works”** rules that authorize: +1. **"Windows works"** rules that authorize: - Windows - WHQL (third-party kernel drivers) - Windows Store signed apps diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md index 8e813aa5e3..1d76e0e5a9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md @@ -1,31 +1,13 @@ --- -title: Use multiple Windows Defender Application Control Policies +title: Use multiple Windows Defender Application Control Policies description: Windows Defender Application Control supports multiple code integrity policies for one device. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 07/19/2021 -ms.technology: itpro-security ms.topic: article --- # Use multiple Windows Defender Application Control Policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md index dbb673367a..e186ea2bb6 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md @@ -2,24 +2,12 @@ title: Example Windows Defender Application Control base policies description: When creating a Windows Defender Application Control (WDAC) policy for an organization, start from one of the many available example base policies. ms.topic: reference -ms.prod: windows-client ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 03/31/2023 -ms.technology: itpro-security --- # Windows Defender Application Control example base policies -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md index f59bdf57ac..db1a336471 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md @@ -1,31 +1,13 @@ --- -title: Manage packaged apps with WDAC +title: Manage packaged apps with WDAC description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule. -keywords: security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: windows-client -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium -audience: ITPro -author: jsuther1974 -ms.reviewer: jogeurte -ms.author: vinpa -manager: aaroncz ms.date: 03/01/2023 -ms.technology: itpro-security ms.topic: article --- # Manage Packaged Apps with Windows Defender Application Control -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md index 7b766bd429..ebc63fd06e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md @@ -1,25 +1,13 @@ --- title: Microsoft recommended block rules description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. -ms.prod: windows-client -ms.technology: itpro-security ms.localizationpriority: medium -author: jsuther1974 -ms.reviewer: jgeurten -ms.author: vinpa -manager: aaroncz ms.date: 06/14/2023 ms.topic: reference --- # Microsoft recommended block rules -**Applies to:** - -- Windows 10 -- Windows 11 -- Windows Server 2016 and above - >[!NOTE] >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). @@ -99,7 +87,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you > [!NOTE] > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. -Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application’s previous, less secure versions. +Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application's previous, less secure versions. Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can be blocked by their corresponding hashes. @@ -198,7 +186,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and - +