final exp prot drafts

windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -54,7 +54,7 @@ You can also enter network shares and mapped drives, but environment variables a
 
 You can use the Windows Defender Security Center app or Group Policy to add and remove additional protected folders.
 
-### Use the Windows Defender Security app to protect additional folders
+### Use the Windows Defender Security Center app to protect additional folders
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
@@ -79,7 +79,7 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled Folder Access**.
 
-6. Double-click the **Configured protected folders** setting and set the option to **Enabled**. Click **Show** and enter each folder as Value? Or Value Name?
+6. Double-click the **Configured protected folders** setting and set the option to **Enabled**. Click **Show** and enter each folder.
 
 > [!IMPORTANT]
 > Environment variables and wildcards are not supported. 

windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -1,7 +1,7 @@
 ---
-title: 
-keywords: 
-description: 
+title: Enable or disable specific mitigations used by Exploit Protection
+keywords: exploit protection, mitigations, enable, powershell, dep, cfg, emet, aslr
+description: You can enable individual mitigations using the Windows Defender Security Center app or PowerShell. You can also audit mitigations and export configurations.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -29,12 +29,12 @@ ms.author: iawilt
 - Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Configuration service providers for mobile device management
+
 
 
 Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
 
- It is part of Windows Defender Exploit Guard, which is itself a component in the new Windows Defender Advanced Threat Protection offering of security and threat prevention products.
+ It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
  
 You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
 

windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md

@@ -1,6 +1,7 @@
 ---
-title: 
-keywords: 
+title: Compare the features in Exploit Protection with EMET
+keywords: emet, enhanced mitigation experience toolkit, configuration, exploit
+description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -26,44 +27,15 @@ ms.author: iawilt
 - Enterprise security administrators
 
 
-**Manageability available with**
-
-- Group Policy
-- PowerShell
-- Windows Management Instrumentation (WMI)
-- System Center Configuration Manager 
-- Microsoft Intune
-- Windows Defender Security Center app
-
-
-Exploit Protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
-
- It is part of Windows Defender Exploit Guard, which is itself a component in the new Windows Defender Advanced Threat Protection offering of security and threat prevention products.
-
- You configure these settings using the Windows Defender Security Center on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once.
-
-## Requirements
-
-The following requirements must be met before Exploit Protection will work:
-
-Windows 10 version | Windows Defender Advanced Threat Protection
-Insider Preview build 16232 or later (dated July 1, 2017 or later) | For full reporting you need a license for [Windows Defender ATP](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
-
-
- 
-
- ### Converting and Applying an EMET config:
-1.	Export the existing EMET configuration. This can be done from the "Export" button in the GUI, or by running the command: **emet_conf.exe –export emetConfig.xml** 
-2.	In an elevated PowerShell window, convert the exported configuration with: **ConvertTo-ProcessMitigationPolicy -EMETFilePath emetConfig.xml -OutputFilePath win10Config.xml** 
-3.	Note that this may give you some warnings, but these should be safe to ignore. 
-4.	Apply the new configuration: from an elevated PowerShell window run **Set-ProcessMitigation -RegistryConfigFilePath win10Config.xml **
-5.	From here you can check or edit the settings in the new interface in the Windows Defender Security Center or with **Get-ProcessMitigation** (this command by itself will output the entire current state of the mitigations to the shell), and **Set-ProcessMitigation** respectively. 
 
 
 
+We're still working on this content and will have it published soon!
 
 
 
+Check out the following topics for more information about Exploit Protection:
+
 - [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
 - [Evaluate Exploit Protection](evaluate-exploit-protection.md)
 - [Enable Exploit Protection](enable-exploit-protection.md)

windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md

@@ -32,12 +32,12 @@ ms.author: iawilt
 - Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Configuration service providers for mobile device management
+
 
 
 Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
 
-Many of the features that are part of the Enhance Mitigation Experience Toolkit (EMET) are included in Exploit Protection. See the [Comparison between EMET and Exploit Protection](emet-exploit-protection-exploit-guard.md).
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751)) are included in Exploit Protection. 
 
 It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md

@@ -20,7 +20,7 @@ ms.author: iawilt
 
 Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
 
-Many of the features that are part of the Enhance Mitigation Experience Toolkit (EMET) are included in Exploit Protection. See the [Comparison between EMET and Exploit Protection](emet-exploit-protection-exploit-guard.md).
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit Protection. 
 
 This topcs helps you evaluate Exploit Protection. See the [Exploit Protection topic](exploit-protection-exploit-guard.md) for more information on what Exploit Protection does and how to configure it for real-world deployment.
 

windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md

@@ -31,7 +31,7 @@ ms.author: iawilt
 - Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Configuration service providers for mobile device management
+
 
 
 Exploit Protection automatically applies a number of exploit mitigation techniques on both [the operating system processes](configure-system-exploit-protection.md) and on [individual apps](configure-app-exploit-protection.md). 
@@ -44,7 +44,7 @@ Exploit Protection works best with [Windows Defender Advanced Threat Protection]
 
   You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Exploit Protection would impact your organization if it were enabled.
 
- Many of the features in the Enhanced Mitigation Experience Toolkit (EMET) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.
+ Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) have been included in Exploit Protection, and you can convert and import existing EMET configuration profiles into Exploit Protection.
 
  >[!IMPORTANT]
  >If you are currently using EMET you should be aware that [EMET will reach end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with Exploit Protection in Windows 10.

windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md

@@ -1,7 +1,7 @@
 ---
-title: Turn on the protected folders feature in Windows 10
-keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use
-description: Learn how to protect your important files by enabling Controlled Folder Access
+title: Deploy Exploit Protection mitigations across your organization
+keywords: exploit protection, mitigations, import, export, configure, emet, convert, conversion, deploy, install
+description: Use Group Policy to deploy mitigations configuration. You can also convert an existing EMET configuration and import it as an Exploit Protection configuration.
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -32,73 +32,130 @@ ms.author: iawilt
 - Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Configuration service providers for mobile device management
-
-Converts an emet file named, emetFile.xml, to the new windows 10 format called, filename.xml
-```
-ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml 
-```
-
-Exports the current settings to the filename.xml
-```
-Get-ProcessMitigation -RegistryConfigFilePath filename.xml 
-```
-
-Imports the settings in filename.xml to the system.
-```
-Set-ProcessMitigation -PolicyFilePath filename.xml 
-```
 
 
 
 
-### Managing exploit protection through Group Policy
-1. Launch Group Policy Management Console (gpmc.msc) and from within and existing or new GPO navigate to **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Exploit Guard\Exploit Protection** and open the policy named *Use a common set of exploit protection settings*.
-2. Enable the setting as seen below and point to an accessible location for the client machines to the recently created XML.
-3. Apply the new GP to targeted machines by direction OU membership, Security Group or WMI filter.
- 
-- Manually configure a device's system and application mitigation settings using the *Set-ProcessMitigation* PowerShell cmdlet, the *ConvertTo-ProcessMitigationPolicy* PowerShell cmdlet, or directly in the Windows Defender Security Center
->
-> Note: Endpoints that have this GP setting set to **Enabled** must be able to access the XML file, otherwise the settings will not be applied.
-- Generate an XML file with the settings from the device by running the *Get-ProcessMitigation* PowerShell cmdlet or using the **Export** button at the bottom of the **Exploit Protection** area in the Windows Defender Security Center.
-- Place the generated XML file in a shared or local path. 
+Exploit Protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
 
+It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
 
-### Converting and Applying an EMET config:
-1. Export the existing EMET configuration. This can be done from the "Export" button in the GUI, or by running the command: **emet_conf.exe –export emetConfig.xml** 
-2. In an elevated PowerShell window, convert the exported configuration with: **ConvertTo-ProcessMitigationPolicy -EMETFilePath emetConfig.xml -OutputFilePath win10Config.xml** 
-3. Note that this may give you some warnings, but these should be safe to ignore. 
-4. Apply the new configuration: from an elevated PowerShell window run **Set-ProcessMitigation -RegistryConfigFilePath win10Config.xml **
-5. From here you can check or edit the settings in the new interface in the Windows Defender Security Center or with **Get-ProcessMitigation** (this command by itself will output the entire current state of the mitigations to the shell), and **Set-ProcessMitigation** respectively. 
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are now included in Exploit Protection. 
 
-#### Group policy
+You use the Windows Defender Security Center or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple machines on your network so they all have the same set of mitigation settings.
 
-The Exploit Protection feature can be configured with the following Group Policy details: 
-- Location:  \Microsoft\Windows Defender Exploit Guard\Exploit Protection
-- Name:  Use a common set of Exploit Protection settings
-- Values: **Enabled**: Specify the location of the XML file in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following:
--- C:\MitigationSettings\Config.XML
---  \\Server\Share\Config.xml
---  https://localhost:8080/Config.xml
+You can also convert and import an existing EMET configuration XML file into an Exploit Protection configuration XML.
 
-The settings in the XML file will be applied to the endpoint. 
-
-**Disabled:** Common settings will not be applied, and the locally configured settings will be used instead.
-
-**Not configured:** Same as **Disabled**.
-
-### Export system-level mitigations
+This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
 
 
 
- ### Import system-level mitigations 
+## Create and export a configuration file
 
- **Use the Windows Defender Security app to import system-level mitigations:**
+Before you export a configuration file, you need to ensure you have the correct settings.
+
+You should first configure Exploit Protection on a single, dedicated machine. See the [Customize Exploit Protection](customize-exploit-protection.md) topic for descriptions about and instrucitons for configuring mitigations.
+
+When you have configured Exploit Protection to your desired state (including both system-level and app-level mitigations), you can export the file using either the Windows Defender Security Center app or PowerShell.
+
+### Use the Windows Defender Security Center app to export a configuration file
 
 
+1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-**Use Group Policy to import and deploy system-level mitigations:**
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**:
 
+    ![](images/wdsc-exp-prot.png)
+        
+3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
+
+
+    ![](images/wdsc-exp-prot-export.png)
+
+>[!NOTE]
+>When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings.
+
+
+### Use PowerShell to export a configuration file
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+    ```PowerShell
+    Get-ProcessMitigation -RegistryConfigFilePath filename.xml 
+    ```
+
+Change `filename` to any name or location of your choosing.
+
+> [!IMPORTANT]
+> When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration file. Ensure you place the file in a shared location. 
+
+
+## Import a configuration file
+
+You can import an Exploit Protection configuration file that you've previously created. You can only use PowerShell to import the configuration file.
+
+After importing, the settings will be instantly applied and can be reviewed in the Windows Defender Security Center app.
+
+### Use PowerShell to import a configuration file
+
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+    ```PowerShell
+    Set-ProcessMitigation -RegistryConfigFilePath filename.xml 
+    ```
+
+Change `filename` to the location and name of the Exploit Protection XML file.
+
+>[!IMPORTANT]
+>Ensure you import a configuration file that is created specifically for Exploit Protection. You cannot directly import an EMET configuration file, you must convert it first.
+
+
+## Convert an EMET configuration file to an Exploit Protection configuration file
+
+You can convert an existing EMET configuration file to the new format used by Exploit Protection. You must do this if you want to import an EMET configuration into Exploit Protection in Windows 10.
+
+You can only do this conversion in PowerShell.
+
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
+
+    ```PowerShell
+    ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml
+    ```
+
+Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
+
+
+## Manage or deploy a configuration
+
+You can use Group Policy to deploy the configuration you've created to multiple machines in your network.
+
+> [!IMPORTANT]
+> When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration XML file. Ensure you place the file in a shared location. 
+
+### Use Group Policy to distribute the configuration
+
+1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4.  Click **Policies** then **Administrative templates**.
+
+5.  Expand the tree to **Windows components > Windows Defender Exploit Guard > Exploit Protection**.
+
+    ![](images/exp-prot-gp.png)
+
+6. Double-click the **Use a common set of exploit protection settings** setting and set the option to **Enabled**. 
+
+7. In the **Options::** section, enter the location and filename of the Exploit Protection configuration file that you want to use, such as in the following examples:
+    - C:\MitigationSettings\Config.XML
+    -  \\Server\Share\Config.xml
+    -  https://localhost:8080/Config.xml
+
+8. Click **OK** and [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/en-us/library/ee663280(v=vs.85).aspx). 
 
 
 ## Related topics