From 1296c885f1ecdacf1429eca256ac05864179c640 Mon Sep 17 00:00:00 2001
From: isbrahm <43386070+isbrahm@users.noreply.github.com>
Date: Wed, 29 Jan 2020 14:51:13 -0800
Subject: [PATCH] Change section order for clarity
---
.../windows-defender-application-control.md | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index e5740b67c8..d6d6663a12 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -93,7 +93,12 @@ Although either AppLocker or WDAC can be used to control application execution o
- You are using application control to help users avoid running unapproved software, but you do not require a solution designed as a security feature.
- You do not wish to enforce application control on application files such as DLLs or drivers.
-### Detailed Comparison Chart
+## When to use both WDAC and AppLocker together
+
+AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where its important to prevent some users from running specific apps.
+As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level.
+
+## WDAC and AppLocker Feature Availability
| Capability | WDAC | AppLocker |
|-----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Platform support | Available on Windows 10 devices | Available on Windows 8+ devices |
@@ -110,11 +115,6 @@ Although either AppLocker or WDAC can be used to control application execution o
| Packaged app rules | [Available on 1903+](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) | Available on Windows 8+ |
| Enforceable file extensions | - Driver files: .sys
- Executable files: .exe and .com
- DLLs: .dll and .ocx
- Windows Installer files: .msi, mst, and .msp
- Scripts: .ps1, .vbs, and .js
- Packaged apps and packaged app installers: .appx
Driver files and executables cannot be separately configured.
Manages system driver files.
Does not manage .bat or .cmd files. | - Executable files: .exe and .com
- DLLs: .dll and .ocx
- Windows Installer files: .msi, mst, and .msp
- Scripts: .ps1, .bat, .cmd, .vbs, and .js
- Packaged apps and packaged app installers: .appx
Driver files and executables can be separately configured.
Does not manage system drivers.
Manages .bat and .cmd files. |
-## When to use both WDAC and AppLocker together
-
-AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where its important to prevent some users from running specific apps.
-As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to fine-tune the restrictions to an even lower level.
-
## See also
- [WDAC design guide](windows-defender-application-control-design-guide.md)