Reviewed applocker articles for accuracy and fixed Acrolinx and readability issues.

2025-05-12 13:27:23 +00:00 · 2023-12-22 18:21:24 -08:00 · 2023-12-22 18:21:24 -08:00 · 1c3951db34
commit 1c3951db34
parent 161ca742d9
7 changed files with 160 additions and 185 deletions
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@ -1,47 +1,38 @@
 ---
 title: AppLocker deployment guide
-description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
+description: This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # AppLocker deployment guide

-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.

-This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
-
-This guide provides steps based on your design and planning investigation for deploying application control policies by using AppLocker. It's intended for security architects, security administrators, and system administrators. Through a sequential and iterative deployment process, you can create application control policies, test and adjust the policies, and implement a method for maintaining those policies as the needs in your organization change.
-
-This guide covers the use of Software Restriction Policies (SRP) in conjunction with AppLocker policies to control application usage. For a comparison of SRP and AppLocker, see [Using Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) in this guide. To understand if AppLocker is the correct application control solution for you, see [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md).
+This guide provides steps based on your design and planning investigation for deploying application control policies by using AppLocker. By creating, testing, and maintaining your application control policies through a sequential and iterative deployment process, you can adapt to the changing needs of your organization.

 ## Prerequisites to deploying AppLocker policies

 The following are prerequisites or recommendations to deploying policies:

-   Understand the capabilities of AppLocker:
-    -   [AppLocker](applocker-overview.md)
-   Document your application control policy deployment plan by addressing these tasks:
-    -   [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
-    -   [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-    -   [Determine your application control objectives](determine-your-application-control-objectives.md)
-    -   [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
-    -   [Select types of rules to create](select-types-of-rules-to-create.md)
-    -   [Determine Group Policy Structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
-    -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
-
-## Contents of this guide
-
-This guide provides steps based on your design and planning investigation for deploying application control policies created and maintained by AppLocker for computers running any of the supported versions of Windows listed in [Requirements to use AppLocker](requirements-to-use-applocker.md).
+- Understand the capabilities of AppLocker:
+  - [AppLocker](applocker-overview.md)
+- Document your application control policy deployment plan by addressing these tasks:
+  - [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
+  - [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
+  - [Determine your application control objectives](determine-your-application-control-objectives.md)
+  - [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
+  - [Select types of rules to create](select-types-of-rules-to-create.md)
+  - [Determine Group Policy Structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
+  - [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)

 ## In this section

-| Topic | Description |
-| - | - |
-| [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) | This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies. |
-| [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md) | This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. |
-| [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) | This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. |
-| [Create Your AppLocker policies](create-your-applocker-policies.md) | This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. |
-| [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md) | This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. |
+| Article | Description |
+| --- | --- |
+| [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) | This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies. |
+| [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md) | This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. |
+| [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) | This article for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. |
+| [Create Your AppLocker policies](create-your-applocker-policies.md) | This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. |
+| [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md) | This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. |
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
@ -1,40 +1,36 @@
 ---
 title: Create Your AppLocker policies
-description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
+description: This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Create Your AppLocker policies

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.

-This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
-
-Creating effective application control policies with AppLocker starts by creating the rules for each app. Rules are grouped into one of five rule collections. The rule collection can be configured to be enforced or to run in **Audit only** mode. An AppLocker policy includes the rules in the five rule collections and the enforcement settings for each rule collection.
+Creating effective application control policies with AppLocker starts by creating the rules for each app. Rules are grouped into one of five rule collections. The rule collection is configured to enforce or to audit only. An AppLocker policy includes the rules in the five rule collections and the enforcement mode settings for each rule collection.

 ## Step 1: Use your plan

-You can develop an application control policy plan to guide you in making successful deployment decisions. For more information about how to develop this policy and what you should consider, see the [AppLocker Design Guide](applocker-policies-design-guide.md). This guide is intended for security architects, security administrators, and system administrators. It contains the following topics to help you create an AppLocker policy deployment plan for your organization that will address your specific application control requirements by department, organizational unit, or business group:
+You can develop an application control policy plan to guide you in making successful deployment decisions. For more information about how to develop this policy and what you should consider, see the [AppLocker Design Guide](applocker-policies-design-guide.md). This guide is intended for security architects, security administrators, and system administrators. It contains the following articles to help you create an AppLocker policy deployment plan for your organization that addresses your specific application control requirements by department, organizational unit, or business group:

-1.  [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
-2.  [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-3.  [Determine your application control objectives](determine-your-application-control-objectives.md)
-4.  [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
-5.  [Select the types of rules to create](select-types-of-rules-to-create.md)
-6.  [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
-7.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
+1. [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
+2. [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
+3. [Determine your application control objectives](determine-your-application-control-objectives.md)
+4. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
+5. [Select the types of rules to create](select-types-of-rules-to-create.md)
+6. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
+7. [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)

 ## Step 2: Create your rules and rule collections

-Each rule applies to one or more apps, and it imposes a specific rule condition on them. Rules can be created individually or they can be generated by the Automatically Generate Rules Wizard. For the steps to create the rules, see [Create Your AppLocker rules](create-your-applocker-rules.md).
+Each rule applies to one or more apps, and it imposes a specific rule condition on them. Rules can be created individually or by using the Automatically Generate Rules Wizard. For the steps to create the rules, see [Create Your AppLocker rules](create-your-applocker-rules.md).

 ## Step 3: Configure the enforcement setting

-An AppLocker policy is a set of rule collections that are configured with a rule enforcement setting. The enforcement setting can be **Enforce rules**, **Audit only**, or **Not configured**. If an AppLocker policy has at least one rule, and it's set to **Not configured**, all the rules in that 
-policy will be enforced. For info about configuring the rule enforcement setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) and [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md).
+An AppLocker policy is a set of rule collections that are configured with a rule enforcement mode setting. The enforcement mode setting can be **Enforce rules**, **Audit only**, or **Not configured**. If an AppLocker rule collection has at least one rule, and is set to **Not configured**, the rules in that rule collection are enforced. For info about configuring the rule enforcement setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) and [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md).

 ## Step 4: Update the GPO

@ -49,15 +45,16 @@ In a test environment or with the enforcement setting set at **Audit only**, ver
 Depending on your deployment method, import the AppLocker policy to the GPO in your production environment, or if the policy is already deployed, change the enforcement setting to your production environment value-**Enforce rules** or **Audit only**.

 ## Step 7: Test the effect of the policy and adjust
+
 Validate the effect of the policy by analyzing the AppLocker logs for application usage, and then modify the policy as necessary. For information on how to do these tasks, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).

 ## Next steps

-Follow the steps described in the following topics to continue the deployment process:
+Follow the steps described in the following articles to continue the deployment process:

-1.  [Create Your AppLocker rules](create-your-applocker-rules.md)
-2.  [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)
-3.  [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)
+1. [Create Your AppLocker rules](create-your-applocker-rules.md)
+2. [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)
+3. [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)

 ## See also

--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
@ -1,71 +1,67 @@
 ---
 title: Create Your AppLocker rules
-description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
+description: This article for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Create Your AppLocker rules

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
+This article for the IT professional describes what you need to know about AppLocker rules and the methods used to create rules.

 ## Creating AppLocker rules

-AppLocker rules apply to the targeted app, and they're the components that make up the AppLocker policy. Depending on your IT environment and the business group that requires application control policies, setting these access rules for each application can be time-consuming and prone to error. With AppLocker, you can generate rules automatically or create rules individually. Creating rules that are derived from your planning document can help you avoid unintended results. For info about this planning document and other planning activities, see [AppLocker Design Guide](applocker-policies-design-guide.md).
+AppLocker rules control what apps run in your organization. Depending on the complexity of your organization's application requirements, managing these application control rules can be time-consuming and error prone. With AppLocker, you can generate rules automatically or create rules individually. Creating rules that are derived from your planning document can help you avoid unintended results. For info about this planning document and other planning activities, see [AppLocker Design Guide](applocker-policies-design-guide.md).

 ### Automatically generate your rules

-You can use a reference device to automatically create a set of default rules for each of the installed apps, test and modify each rule as necessary, and deploy the policies. Creating most of the rules for all the installed apps gives you a starting point to build and test your policies. For info about performing this task, see the following topics:
+You can use a reference device to automatically create a set of default rules for each of the installed apps, test and modify each rule as necessary, and deploy the policies. Creating rules for all installed apps gives you a starting point to build and test your policies. For info about performing this task, see the following articles:

-   [Configure the AppLocker reference device](configure-the-appLocker-reference-device.md)
-   [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md)
-   [Create AppLocker default rules](create-applocker-default-rules.md)
-   [Edit AppLocker rules](edit-applocker-rules.md)
-   [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md)
+- [Configure the AppLocker reference device](configure-the-appLocker-reference-device.md)
+- [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md)
+- [Create AppLocker default rules](create-applocker-default-rules.md)
+- [Edit AppLocker rules](edit-applocker-rules.md)
+- [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md)

 ### Create your rules individually

-You can create rules and set the mode to **Audit only** for each installed app, test and update each rule as necessary, and then deploy the policies. Creating rules individually might be best when you're targeting a few applications within a business group.
+Creating rules individually might be best when you're managing a few applications within a business group.
+
+> [!NOTE]
+> The AppLocker wizards can generate default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see [Create AppLocker default rules](create-applocker-default-rules.md).

->**Note:**  AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see [Create AppLocker default rules](create-applocker-default-rules.md).
- 
 For information about performing this task, see:

-1.  [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
-2.  [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
-3.  [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
-4.  [Edit AppLocker rules](edit-applocker-rules.md)
-5.  [Enforce AppLocker rules](enforce-applocker-rules.md)
-6.  [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)
+1. [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
+2. [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
+3. [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
+4. [Edit AppLocker rules](edit-applocker-rules.md)
+5. [Enforce AppLocker rules](enforce-applocker-rules.md)
+6. [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)

 ## About selecting rules

-AppLocker policies are composed of distinct rules for specific apps. These rules are grouped by collection, and they're implemented through an AppLocker policy definition. AppLocker policies are managed by using Group Policy or by using the Local Security Policy snap-in for a single computer.
-
-When you determine what types of rules to create for each of your business groups or organizational units (OUs), you should also determine what enforcement setting to use for each group. Certain rule types are more applicable for some apps, depending on how the apps are deployed in a specific business group.
+AppLocker policies are composed of rules to allow or deny specific app files. These rules are grouped into rule collections, and they're implemented through an AppLocker policy definition. AppLocker policies are managed by using Group Policy or by using the Local Security Policy snap-in for a single computer.

 For info about how to determine and document your AppLocker rules, see [AppLocker Design Guide](applocker-policies-design-guide.md).

-For info about AppLocker rules and AppLocker policies, see the following topics:
+For info about AppLocker rules and AppLocker policies, see the following articles:

-   [Understanding AppLocker rule behavior](understanding-applocker-rule-behavior.md)
-   [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md)
-   [Understanding AppLocker rule collections](understanding-applocker-rule-collections.md)
-   [Understanding AppLocker allow and deny actions on rules](understanding-applocker-allow-and-deny-actions-on-rules.md)
-   [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md)
-   [Understanding AppLocker default rules](understanding-applocker-default-rules.md)
+- [Understanding AppLocker rule behavior](understanding-applocker-rule-behavior.md)
+- [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md)
+- [Understanding AppLocker rule collections](understanding-applocker-rule-collections.md)
+- [Understanding AppLocker allow and deny actions on rules](understanding-applocker-allow-and-deny-actions-on-rules.md)
+- [Understanding AppLocker rule condition types](understanding-applocker-rule-condition-types.md)
+- [Understanding AppLocker default rules](understanding-applocker-default-rules.md)

 ## Next steps

-1.  [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md)
-2.  [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md)
-3.  [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)
-4.  [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)
+1. [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md)
+2. [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md)
+3. [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md)
+4. [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)

-## Related topics
+## Related articles

 - [Create Your AppLocker policies](create-your-applocker-policies.md)
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@ -1,42 +1,39 @@
 ---
 title: Deploy the AppLocker policy into production
-description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
+description: This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Deploy the AppLocker policy into production

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.

-This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
+After successfully testing and modifying the AppLocker policy for each Group Policy Object (GPO), you're ready to deploy the enforcement settings into production. For most organizations, this means switching the AppLocker enforcement mode setting from **Audit only** to **Enforce rules** for a rule collection. Be sure to follow the deployment plan that you created earlier. For more info, see the [AppLocker Design Guide](applocker-policies-design-guide.md). Depending on the needs of different business groups in your organization, you might deploy different enforcement mode settings for linked GPOs.

-After successfully testing and modifying the AppLocker policy for each Group Policy Object (GPO), you are ready to deploy the enforcement settings into production. For most organizations, this means switching the AppLocker enforcement setting from **Audit only** to **Enforce rules**. However, it is important to follow the deployment plan that you created earlier. For more info, see the [AppLocker Design Guide](applocker-policies-design-guide.md). Depending on the needs of different business groups in your organization, you might deploy different enforcement settings for linked GPOs.
-
-### Understand your design decisions
+## Understand your design decisions

 Before you deploy an AppLocker policy, you should determine:

-   For each business group, which applications will be controlled and in what manner. For more info, see [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
-   How to handle requests for application access. For info about what to consider when developing your support policies, see [Plan for AppLocker policy management](plan-for-applocker-policy-management.md).
-   How to manage events, including forwarding events. For info about event management in AppLocker, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
-   Your GPO structure, including how to include policies generated by Software Restriction Policies and AppLocker policies. For more info, see [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md).
+- For each business group, which applications to control and in what manner. For more info, see [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
+- How to handle requests for application access. For info about what to consider when developing your support policies, see [Plan for AppLocker policy management](plan-for-applocker-policy-management.md).
+- How to manage events, including forwarding events. For info about event management in AppLocker, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
+- Your GPO structure, including how to include policies generated by Software Restriction Policies and AppLocker policies. For more info, see [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md).

 For info about how AppLocker deployment is dependent on design decisions, see [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md).

-### AppLocker deployment methods
+## AppLocker deployment methods

-If you have configured a reference device, you can create and update your AppLocker policies on this device, test the policies, and then export the policies to the appropriate GPO for distribution. Another method is to create the policies and set the enforcement setting on **Audit only**, then 
-observe the events that are generated.
-   [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
+If you configure a reference device, you can create and update your AppLocker policies on this device, test the policies, and then export the policies to the appropriate GPO for distribution. Another method is to create the policies and set the enforcement setting on **Audit only**, then observe the events that are generated.

-    This topic describes the steps to use an AppLocker reference computer to prepare application control policies for deployment by using Group Policy or other means.
+- [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)

-   [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md)
+    This article describes the steps to use an AppLocker reference computer to prepare application control policies for deployment by using Group Policy or other means.

-    This topic describes the steps to deploy the AppLocker policy by changing the enforcement setting to **Audit only** or to **Enforce rules**.
+- [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md)
+
+    This article describes the steps to deploy the AppLocker policy by changing the enforcement mode setting to **Audit only** or to **Enforce rules**.

 ## See also

--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@ -1,65 +1,64 @@
 ---
 title: Requirements for deploying AppLocker policies
-description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
+description: This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Requirements for deploying AppLocker policies

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
+This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.

 The following requirements must be met or addressed before you deploy your AppLocker policies:
-   [Deployment plan](#bkmk-reqdepplan)
-   [Supported operating systems](#bkmk-reqsupportedos)
-   [Policy distribution mechanism](#bkmk-reqpolicydistmech)
-   [Event collection and analysis system](#bkmk-reqeventcollectionsystem)

-### <a href="" id="bkmk-reqdepplan"></a>Deployment plan
+- [Deployment plan](#deployment-plan)
+- [Supported operating systems](#supported-operating-systems)
+- [Policy distribution mechanism](#policy-distribution-mechanism)
+- [Event collection and analysis system](#event-collection-and-analysis-system)

-An AppLocker policy deployment plan is the result of investigating which applications are required and necessary in your organization, which apps are optional, and which apps are forbidden. To develop this plan, see [AppLocker Design Guide](applocker-policies-design-guide.md). The following table is an example of the data you need to collect and the decisions you need to make to successfully deploy AppLocker policies on the supported operating systems (as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md)).
+## Deployment plan
+
+A successful AppLocker policy deployment begins with a policy design that allows the applications needed by your organization and prevents unauthorized apps, including malware, from running. To develop this plan, see [AppLocker Design Guide](applocker-policies-design-guide.md). The following table is an example of the data you need to collect and the decisions you need to make to successfully deploy AppLocker policies.

 |Business group|Organizational unit|Implement AppLocker?|Apps|Installation path|Use default rule or define new rule condition|Allow or deny|GPO name|Support policy|
-|--- |--- |--- |--- |--- |--- |--- |--- |--- |
+| --- | --- | --- | --- | --- | --- | --- | --- | --- |
 |Bank Tellers|Teller-East and Teller-West|Yes|Teller software|C:\Program Files\Woodgrove\Teller.exe|File is signed; create a publisher condition|Allow|Tellers|Web help|
 ||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow||Help Desk|
-||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File is not signed; create a file hash condition|Allow||Web help|
+||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File isn't signed; create a file hash condition|Allow||Web help|
 |Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR|Web help|
 ||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|File is signed; create a publisher condition|Deny||Help Desk|
 ||||Windows files|C:\Windows|Use the default rule for the Windows path|Allow||Help Desk|
- 
-<b>Event processing policy</b>
+
+### Event processing policy

 |Business group|AppLocker event collection location|Archival policy|Analyzed?|Security policy|
-|--- |--- |--- |--- |--- |
+| --- | --- | --- | --- | --- |
 |Bank Tellers|Forwarded to: srvBT093|Standard|None|Standard|
 |Human Resources|Do not forward|60 months|Yes; summary reports monthly to managers|Standard|
- 
-<b>Policy maintenance policy</b>
+
+### Policy maintenance policy

 |Business group|Rule update policy|App decommission policy|App version policy|App deployment policy|
-|--- |--- |--- |--- |--- |
-|Bank Tellers|Planned: Monthly through business office triage<p>Emergency: Request through Help Desk|Through business office triage; 30-day notice required|General policy: Keep past versions for 12 months<p>List policies for each application|Coordinated through business office; 30-day notice required|
-|Human Resources|Planned: Through HR triage<p>Emergency: Request through Help Desk|Through HR triage; 30-day notice required|General policy: Keep past versions for 60 months<p>List policies for each application|Coordinated through HR; 30-day notice required|
- 
-### <a href="" id="bkmk-reqsupportedos"></a>Supported operating systems
+| --- | --- | --- | --- | --- |
+| Bank Tellers | Planned: Monthly through business office triage <p> Emergency: Request through Help Desk | Through business office triage; 30-day notice required | General policy: Keep past versions for 12 months <p> List policies for each application | Coordinated through business office; 30-day notice required |
+| Human Resources | Planned: Through HR triage <p> Emergency: Request through Help Desk | Through HR triage; 30-day notice required |General policy: Keep past versions for 60 months <p> List policies for each application | Coordinated through HR; 30-day notice required |

-AppLocker is supported only on certain operating systems. Some features are not available on all operating systems. For more information, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
+## Supported operating systems

-### <a href="" id="bkmk-reqpolicydistmech"></a>Policy distribution mechanism
+AppLocker is supported only on certain operating systems. Some features aren't available on all operating systems. For more information, see [Requirements to use AppLocker](requirements-to-use-applocker.md).

-You need a way to distribute the AppLocker policies throughout the targeted business groups. AppLocker uses Group Policy management architecture to effectively distribute application control policies. AppLocker policies can also be configured on individual computers by using the Local Security Policy snap-in.
+## Policy distribution mechanism

-### <a href="" id="bkmk-reqeventcollectionsystem"></a>Event collection and analysis system
+You need a way to distribute the AppLocker policies throughout the targeted business groups. AppLocker uses Group Policy management architecture to effectively distribute application control policies. AppLocker policies can also be configured on individual computers by using the Local Security Policy snap-in. AppLocker rules can also be distributed through a mobile device management solution, like Microsoft Intune.
+
+## Event collection and analysis system

 Event processing is important to understand application usage. You must have a process in place to collect and analyze AppLocker events so that application usage is appropriately restricted and understood. For procedures to monitor AppLocker events, see:
-   [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)
-   [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md)
-   [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)
+
+- [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)
+- [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md)
+- [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)

 ## See also

--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@ -1,19 +1,16 @@
 ---
 title: Understand the AppLocker policy deployment process
-description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
+description: This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Understand the AppLocker policy deployment process

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies.

-This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
-
-To successfully deploy AppLocker policies, you need to identify your application control objectives and construct the policies for those objectives. The key to the process is taking an accurate inventory of your organization's applications, which requires investigation of all the targeted business groups. With an accurate inventory, you can create rules and set enforcement criteria that will allow the organization to use the required applications and allow the IT department to manage a controlled set of applications.
+To successfully deploy AppLocker policies, you need to identify your application control objectives and construct the policies for those objectives. The key to the process is taking an accurate inventory of your organization's applications, which requires investigation of all the targeted business groups. With an accurate inventory, you can create and deploy policies that allow the organization's required applications and provide IT the control they need over the organization's app landscape.

 The following diagram shows the main points in the design, planning, and deployment process for AppLocker.

@ -21,9 +18,9 @@ The following diagram shows the main points in the design, planning, and deploym

 ## Resources to support the deployment process

-The following topics contain information about designing, planning, deploying, and maintaining AppLocker policies:
+The following articles contain information about designing, planning, deploying, and maintaining AppLocker policies:

-   For info about the AppLocker policy design and planning requirements and process, see [AppLocker Design Guide](applocker-policies-design-guide.md).
-   For info about the AppLocker policy deployment requirements and process, see [AppLocker deployment guide](applocker-policies-deployment-guide.md).
-   For info about AppLocker policy maintenance and monitoring, see [Administer AppLocker](administer-applocker.md).
-   For info about AppLocker policy architecture, components, and processing, see [AppLocker technical reference](applocker-technical-reference.md).
+- For info about the AppLocker policy design and planning requirements and process, see [AppLocker Design Guide](applocker-policies-design-guide.md).
+- For info about the AppLocker policy deployment requirements and process, see [AppLocker deployment guide](applocker-policies-deployment-guide.md).
+- For info about AppLocker policy maintenance and monitoring, see [Administer AppLocker](administer-applocker.md).
+- For info about AppLocker policy architecture, components, and processing, see [AppLocker technical reference](applocker-technical-reference.md).
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@ -1,17 +1,14 @@
 ---
 title: Use a reference device to create and maintain AppLocker policies
-description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
+description: This article for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---

 # Use a reference device to create and maintain AppLocker policies

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
+This article for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.

 ## Background and prerequisites

@ -19,51 +16,52 @@ An AppLocker reference device is a baseline device you can use to configure poli

 An AppLocker reference device that is used to create and maintain AppLocker policies should contain the corresponding apps for each organizational unit (OU) to mimic your production environment.

->**Important:**  The reference device must be running one of the supported editions of Windows. For information about operating system requirements for AppLocker, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
- 
-You can perform AppLocker policy testing on the reference device by using the **Audit only** enforcement setting or Windows PowerShell cmdlets. You can also use the reference device as part of a testing configuration that includes policies that are created by using Software Restriction Policies.
+You can perform AppLocker policy testing on the reference device by using the **Audit only** enforcement mode setting or Windows PowerShell cmdlets.

 ## Step 1: Automatically generate rules on the reference device

 With AppLocker, you can automatically generate rules for all files within a folder. AppLocker scans the specified folder and creates the condition types that you choose for each file in that folder. For information on how to automatically generate rules, see [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md).

->**Note:**  If you run this wizard to create your first rules for a Group Policy Object (GPO), after you complete the wizard, you will be prompted to create the default rules, which allow critical system files to run. You can edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after you replace them with your custom rules.
- 
+> [!NOTE]
+> If you run this wizard to create your first rules for a Group Policy Object (GPO), you will be prompted to create the default rules which allow critical system files to run. You can edit the default rules at any time. If your organization uses custom rules to allow the Windows system files to run, ensure that you delete the default rules after you create your custom rules.
+
 ## Step 2: Create the default rules on the reference device

 AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You must run the default rules for each rule collection. For info about default rules and considerations for using them, see [Understanding AppLocker default rules](understanding-applocker-default-rules.md). For the procedure to create default rules, see [Create AppLocker default rules](create-applocker-default-rules.md).

->**Important:**  You can use the default rules as a template when you create your own rules. This allows files within the Windows directory to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules.
- 
+> [!IMPORTANT]
+> You can use the default rules as a template when you create your own rules. This allows files within the Windows directory to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules.
+
 ## Step 3: Modify rules and the rule collection on the reference device

-If AppLocker policies are currently running in your production environment, export the policies from the corresponding GPOs and save them to the reference device. For information on how to export and save the policies, see [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md). If no AppLocker policies have been deployed, create the rules and develop the policies by using the following procedures:
+If AppLocker policies are currently running in your production environment, export the policies from the corresponding GPOs and save them to the reference device. For information on how to export and save the policies, see [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md). If no AppLocker policies are deployed, create the rules and develop the policies by using the following procedures:

-   [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
-   [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
-   [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
-   [Edit AppLocker rules](edit-applocker-rules.md)
-   [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md)
-   [Delete an AppLocker rule](delete-an-applocker-rule.md)
-   [Enable the DLL rule collection](enable-the-dll-rule-collection.md)
-   [Enforce AppLocker rules](enforce-applocker-rules.md)
+- [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
+- [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
+- [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
+- [Edit AppLocker rules](edit-applocker-rules.md)
+- [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md)
+- [Delete an AppLocker rule](delete-an-applocker-rule.md)
+- [Enable the DLL rule collection](enable-the-dll-rule-collection.md)
+- [Enforce AppLocker rules](enforce-applocker-rules.md)

 ## Step 4: Test and update AppLocker policy on the reference device

-You should test each set of rules to ensure that they perform as intended. The **Test-AppLockerPolicy** Windows PowerShell cmdlet can be used to determine whether any of the rules in your rule collection will be blocked on your reference device. Perform the steps on each reference device that you used to define the AppLocker policy. Ensure that the reference device is joined to the domain and that it's receiving the AppLocker policy from the appropriate GPO. Because AppLocker rules are inherited from linked GPOs, you should deploy all of the rules to simultaneously test all of your test GPOs. Use the following procedures to complete this step:
+You should test each set of rules to ensure that they perform as intended. The **Test-AppLockerPolicy** Windows PowerShell cmdlet can be used to determine whether any apps on your reference device are blocked by the rules in your rule collections. Perform the steps on each reference device that you used to define the AppLocker policy. Ensure that the reference device is joined to the domain and that it's receiving the AppLocker policy from the appropriate GPO. Because AppLocker rules are inherited from linked GPOs, you should deploy all of the rules to simultaneously test all of your test GPOs. Use the following procedures to complete this step:

-   [Test an AppLocker Policy with Test-AppLockerPolicy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791772(v=ws.10))
-   [Discover the Effect of an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791823(v=ws.10))
+- [Test an AppLocker Policy with Test-AppLockerPolicy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791772(v=ws.10))
+- [Discover the Effect of an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791823(v=ws.10))
+
+> [!WARNING]
+> If you have set the enforcement mode setting on the rule collection to **Enforce rules** or **Not configured**, the policy will be enforced upon completing the next step. Set the enforcement mode setting on the rule collection to **Audit only** if you aren't ready to block any files from running.

->**Caution:**  If you have set the enforcement setting on the rule collection to **Enforce rules** or you have not configured the rule collection, the policy will be implemented when the GPO is updated in the next step. If you have set the enforcement setting on the rule collection to **Audit only**, application access events are written to the AppLocker log, and the policy will not take effect.
- 
 ## Step 5: Export and import the policy into production

-When the AppLocker policy has been tested successfully, it can be imported into the GPO (or imported into individual computers that aren't managed by Group Policy) and checked for its intended effectiveness. To do these tasks, perform the following procedures:
+After you test your AppLocker policy, you can import it into the GPO (or imported into individual computers not managed by Group Policy) and checked for its intended effectiveness. To do these tasks, perform the following procedures:

-   [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md)
-   [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md) or
-   [Discover the Effect of an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791823(v=ws.10))
+- [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md)
+- [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md) or
+- [Discover the Effect of an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791823(v=ws.10))

 If the AppLocker policy enforcement setting is **Audit only** and you're satisfied that the policy is fulfilling your intent, you can change it to **Enforce rules**. For info about how to change the enforcement setting, see [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md).

@ -71,9 +69,9 @@ If the AppLocker policy enforcement setting is **Audit only** and you're satisfi

 If more refinements or updates are necessary after a policy is deployed, use the appropriate following procedures to monitor and update the policy:

-   [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)
-   [Edit an AppLocker policy](edit-an-applocker-policy.md)
-   [Refresh an AppLocker policy](refresh-an-applocker-policy.md)
+- [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md)
+- [Edit an AppLocker policy](edit-an-applocker-policy.md)
+- [Refresh an AppLocker policy](refresh-an-applocker-policy.md)

 ## See also