Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into DHazure

windows/security/threat-protection/TOC.md

@@ -175,6 +175,10 @@
 ##### [Hardware-based isolation](windows-defender-application-guard/install-wd-app-guard.md)
 ###### [Confguration settings](windows-defender-application-guard/configure-wd-app-guard.md) 
 ##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+##### [Device control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+###### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
+####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
+####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
 ##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
 ###### [Customize exploit protection](windows-defender-exploit-guard/customize-exploit-protection.md)
 ###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)

windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: justinha
 ms.author: justinha
-ms.date: 07/09/2018
+ms.date: 09/07/2018
 ---
 
 # Windows Defender Application Guard overview

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -171,8 +171,12 @@
 ## [Configure and manage capabilities](onboard.md)
 ### [Configure attack surface reduction](configure-attack-surface-reduction.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/install-wd-app-guard.md)
-##### Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) 
+##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) 
 #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
+#### [Device control](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+##### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
+###### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
+###### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
 #### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
 ##### [Customize exploit protection](../windows-defender-exploit-guard/customize-exploit-protection.md)
 ##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)

windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md

@@ -8,19 +8,19 @@ ms.pagetype: security
 author: justinha
 ms.localizationpriority: medium
 ms.author: justinha
-ms.date: 08/16/2018
+ms.date: 09/07/2018
 ---
 
 # Hardware-based isolation in Windows 10
 
 **Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Hardware-based isolation helps protect system integrity in Windows 10 and is integreated with Windows Defender ATP. 
+Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Windows Defender ATP. 
 
 | Feature | Description |
 |------------|-------------|
-| [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) | Isolates untrusted sites and protects your company while your employees browse the Internet. |
-| [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md) | Protects and maintains the integrity of the system  |
+| [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) | Application Guard protects your device from advanced attacks while keeping you productive. Using a unique hardware-based isolation approach, the goal is to isolate untrusted websites and PDF documents inside a lightweight container that is separated from the operating system via the native Windows Hypervisor. If an untrusted site or PDF document turns out to be malicious, it still remains contained within Application Guard’s secure container, keeping the desktop PC protected and the attacker away from your enterprise data. |
+| [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md) | System Guard protects and maintains the integrity of the system as it starts and after it's running, and validates system integrity by using attestation.  |
 
 
 

windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md

@@ -9,13 +9,13 @@ author: brianlic-msft
 ms.date: 10/20/2017
 ---
 
-# Requirements and deployment planning guidelines for virtualization-based protection of code integrity
+# Baseline protections and additional qualifications for virtualization-based protection of code integrity
 
 **Applies to**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in Windows Defender Device Guard. Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
+Computers must meet certain hardware, firmware, and software requirements in order to take adavantage of all of the virtualization-based security (VBS) features in [Windows Defender Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md). Computers lacking these requirements can still be protected by Windows Defender Application Control (WDAC) policies—the difference is that those computers will not be as hardened against certain threats.
 
 For example, hardware that includes CPU virtualization extensions and SLAT will be hardened against malware that attempts to gain access to the kernel, but without protected BIOS options such as “Boot only from internal hard drive,” the computer could be booted (by a malicious person who has physical access) into an operating system on bootable media.