Merge branch 'master' into aljupudi-w11defender-branch01

2025-05-29 13:47:23 +00:00 · 2021-08-31 16:24:53 -07:00 · 2021-08-31 16:24:53 -07:00 · 25d3acfcb8
commit 25d3acfcb8
parent 58fa94a6ee ff1c8afb76
53 changed files with 409 additions and 177 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@ -1,5 +1,5 @@
 ---
-title: Add rules for packaged apps to existing AppLocker rule-set (Windows 10)
+title: Add rules for packaged apps to existing AppLocker rule-set (Windows)
 description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Add rules for packaged apps to existing AppLocker rule-set

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
@ -1,5 +1,5 @@
 ---
-title: Administer AppLocker (Windows 10)
+title: Administer AppLocker (Windows)
 description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Administer AppLocker

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker architecture and components (Windows 10)
+title: AppLocker architecture and components (Windows)
 description: This topic for IT professional describes AppLocker’s basic architecture and its major components.
 ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker architecture and components

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professional describes AppLocker’s basic architecture and its major components.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker functions (Windows 10)
+title: AppLocker functions (Windows)
 description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker functions

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker (Windows 10)
+title: AppLocker (Windows)
 description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
 ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker deployment guide (Windows 10)
+title: AppLocker deployment guide (Windows)
 description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
 ms.reviewer: 
@ -22,8 +22,13 @@ ms.technology: mde
 # AppLocker deployment guide

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker design guide (Windows 10)
+title: AppLocker design guide (Windows)
 description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker design guide

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker policy use scenarios (Windows 10)
+title: AppLocker policy use scenarios (Windows)
 description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker policy use scenarios

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.

@ -34,7 +39,7 @@ AppLocker can help you improve the management of application control and the mai

 2.  **Protection against unwanted software**

-    AppLocker has the ability to deny apps from running simply by excluding them from the list of allowed apps per business group or user. If an app is not specifically identified by its publisher, installation path, or file hash, the attempt to run the application fails.
+    AppLocker has the ability to deny apps from running simply by excluding them from the list of allowed apps per business group or user. If an app is not identified by its publisher, installation path, or file hash, the attempt to run the application fails.

 3.  **Licensing conformance**

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker processes and interactions (Windows 10)
+title: AppLocker processes and interactions (Windows)
 description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker processes and interactions

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker settings (Windows 10)
+title: AppLocker settings (Windows)
 description: This topic for the IT professional lists the settings used by AppLocker.
 ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker settings

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional lists the settings used by AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
@ -1,5 +1,5 @@
 ---
-title: AppLocker technical reference (Windows 10)
+title: AppLocker technical reference (Windows)
 description: This overview topic for IT professionals provides links to the topics in the technical reference.
 ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker technical reference

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This overview topic for IT professionals provides links to the topics in the technical reference.
 AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@ -1,5 +1,5 @@
 ---
-title: Configure an AppLocker policy for audit only (Windows 10)
+title: Configure an AppLocker policy for audit only (Windows)
 description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Configure an AppLocker policy for audit only

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@ -1,5 +1,5 @@
 ---
-title: Configure an AppLocker policy for enforce rules (Windows 10)
+title: Configure an AppLocker policy for enforce rules (Windows)
 description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Configure an AppLocker policy for enforce rules

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@ -1,5 +1,5 @@
 ---
-title: Add exceptions for an AppLocker rule (Windows 10)
+title: Add exceptions for an AppLocker rule (Windows)
 description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Add exceptions for an AppLocker rule

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@ -1,5 +1,5 @@
 ---
-title: Configure the AppLocker reference device (Windows 10)
+title: Configure the AppLocker reference device (Windows)
 description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Configure the AppLocker reference device

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@ -1,5 +1,5 @@
 ---
-title: Configure the Application Identity service (Windows 10)
+title: Configure the Application Identity service (Windows)
 description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Configure the Application Identity service

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@ -1,5 +1,5 @@
 ---
-title: Create a rule for packaged apps (Windows 10)
+title: Create a rule for packaged apps (Windows)
 description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule for packaged apps

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.

@ -32,7 +37,7 @@ Packaged apps, also known as Universal Windows apps, are based on an app model t
 -   Package name
 -   Package version

-All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
+All the files within a package and the package installers share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation and the running of the app. Otherwise, the publisher rules for packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.

 For info about the publisher condition, see [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md).

@ -67,7 +72,7 @@ You can perform this task by using the Group Policy Management Console for an Ap
    <tr class="even">
    <td align="left"><p><b>Use a packaged app installer as a reference</b></p></td>
    <td align="left"><p>If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.</p></td>
-    <td align="left"><p>Your company has developed a number of internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.</p></td>
+    <td align="left"><p>Your company has developed many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.</p></td>
    </tr>
    </tbody>
    </table>
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a file hash condition (Windows 10)
+title: Create a rule that uses a file hash condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a file hash condition

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a path condition (Windows 10)
+title: Create a rule that uses a path condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a path condition

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals shows how to create an AppLocker rule with a path condition.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a publisher condition (Windows 10)
+title: Create a rule that uses a publisher condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a publisher condition

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
@ -1,5 +1,5 @@
 ---
-title: Create AppLocker default rules (Windows 10)
+title: Create AppLocker default rules (Windows)
 description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create AppLocker default rules

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@ -1,5 +1,5 @@
 ---
-title: Create a list of apps deployed to each business group (Windows 10)
+title: Create a list of apps deployed to each business group (Windows)
 description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create a list of apps deployed to each business group

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@ -1,5 +1,5 @@
 ---
-title: Create Your AppLocker policies (Windows 10)
+title: Create Your AppLocker policies (Windows)
 description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create Your AppLocker policies

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
@ -1,5 +1,5 @@
 ---
-title: Create Your AppLocker rules (Windows 10)
+title: Create Your AppLocker rules (Windows)
 description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Create Your AppLocker rules

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@ -1,5 +1,5 @@
 ---
-title: Delete an AppLocker rule (Windows 10)
+title: Delete an AppLocker rule (Windows)
 description: This article for IT professionals describes the steps to delete an AppLocker rule.
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Delete an AppLocker rule

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This article for IT professionals describes the steps to delete an AppLocker rule. 

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@ -1,5 +1,5 @@
 ---
-title: Deploy AppLocker policies by using the enforce rules setting (Windows 10)
+title: Deploy AppLocker policies by using the enforce rules setting (Windows)
 description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Deploy AppLocker policies by using the enforce rules setting

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@ -1,5 +1,5 @@
 ---
-title: Deploy the AppLocker policy into production (Windows 10)
+title: Deploy the AppLocker policy into production (Windows)
 description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Deploy the AppLocker policy into production

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@ -1,5 +1,5 @@
 ---
-title: Determine the Group Policy structure and rule enforcement (Windows 10)
+title: Determine the Group Policy structure and rule enforcement (Windows)
 description: This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Determine the Group Policy structure and rule enforcement

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This overview topic describes the process to follow when you are planning to deploy AppLocker rules.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@ -1,5 +1,5 @@
 ---
-title: Find digitally signed apps on a reference device (Windows 10)
+title: Find digitally signed apps on a reference device (Windows)
 description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Determine which apps are digitally signed on a reference device

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@ -1,5 +1,5 @@
 ---
-title: Determine your application control objectives (Windows 10)
+title: Determine your application control objectives (Windows)
 description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Determine your application control objectives

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This article helps with decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@ -1,5 +1,5 @@
 ---
-title: Display a custom URL message when users try to run a blocked app (Windows 10)
+title: Display a custom URL message when users try to run a blocked app (Windows)
 description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Display a custom URL message when users try to run a blocked app

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@ -1,5 +1,5 @@
 ---
-title: DLL rules in AppLocker (Windows 10)
+title: DLL rules in AppLocker (Windows)
 description: This topic describes the file formats and available default rules for the DLL rule collection.
 ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # DLL rules in AppLocker

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This topic describes the file formats and available default rules for the DLL rule collection.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@ -1,5 +1,5 @@
 ---
-title: Document Group Policy structure & AppLocker rule enforcement (Windows 10)
+title: Document Group Policy structure & AppLocker rule enforcement (Windows)
 description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Document the Group Policy structure and AppLocker rule enforcement

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.

--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
@ -1,5 +1,5 @@
 ---
-title: Document your app list (Windows 10)
+title: Document your app list (Windows)
 description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
 ms.reviewer: 
@ -21,8 +21,13 @@ ms.technology: mde
 # Document your app list

 **Applies to**
- Windows 10
- Windows Server
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).

 This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.

--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@ -22,12 +22,12 @@ ms.technology: mde

 **Applies to**

-   Windows 10
-   Windows 11
-   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above

->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is common for organizations to have device use cases across each of the categories described.

--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@ -1,5 +1,5 @@
 ---
-title: Understand Windows Defender Application Control policy design decisions  (Windows 10)
+title: Understand Windows Defender Application Control policy design decisions  (Windows)
 description: Understand Windows Defender Application Control policy design decisions.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -22,8 +22,12 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 This topic is for the IT professional and lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment.

@ -70,7 +74,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 | Possible answers | Design considerations |
 | - | - |
 | All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. WDAC rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can  [use built-in Windows 10 tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | 
+| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | 
 
 ### Are there specific groups in your organization that need customized application control policies?

@ -79,7 +83,7 @@ Most business teams or departments have specific security requirements that pert
 | Possible answers | Design considerations |
 | - | - |
 | Yes | WDAC policies can be created unique per team, or team-specific supplemental policies can be used to expand what is allowed by a common, centrally defined base policy.|
-| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|
+| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10 and Windows 11. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|

 ### Does your IT department have resources to analyze application usage, and to design and manage the policies?

@ -88,7 +92,7 @@ The time and resources that are available to you to perform the research and ana
 | Possible answers | Design considerations |
 | - | - |
 | Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are constructed as simply as possible.|
-| No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. |
+| No | Consider a focused and phased deployment for specific groups by using few rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. |

 ### Does your organization have Help Desk support?

--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@ -1,5 +1,5 @@
 ---
-title: Use code signing to simplify application control for classic Windows applications (Windows 10)
+title: Use code signing to simplify application control for classic Windows applications (Windows)
 description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -22,8 +22,12 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 This topic covers guidelines for using code signing control classic Windows apps.

@ -49,20 +53,20 @@ To use catalog signing, you can choose from the following options:

 ### Catalog files

-Catalog files (which you can create in Windows 10 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application.
+Catalog files (which you can create in Windows 10 and Windows 11 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application.

 Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries' hash values are updated each time an application is updated, which requires the catalog file to be updated also.

 After you have created and signed your catalog files, you can configure your WDAC policies to trust the signer or signing certificate of those files.

 > [!NOTE]
-> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT.
+> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, Windows 2016 Server, or Windows Enterprise IoT.

 For procedures for working with catalog files, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).

 ## Windows Defender Application Control policy formats and signing

-When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 Enterprise, along with restrictions on Windows 10 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **&lt;Rules&gt;** section of the file.
+When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 and Windows 11 Enterprise, along with restrictions on Windows 10 and Windows 11 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **&lt;Rules&gt;** section of the file.

 We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command.

--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@ -1,5 +1,5 @@
 ---
-title: Use the Device Guard Signing Portal in the Microsoft Store for Business  (Windows 10)
+title: Use the Device Guard Signing Portal in the Microsoft Store for Business  (Windows)
 description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -22,9 +22,12 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2019
-   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.

--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@ -1,6 +1,6 @@
 ---
-title: Use signed policies to protect Windows Defender Application Control against tampering  (Windows 10)
-description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10.
+title: Use signed policies to protect Windows Defender Application Control against tampering  (Windows)
+description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10 and Windows 11.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
@ -22,11 +22,14 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

-Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
+Signed WDAC policies give organizations the highest level of malware protection available in Windows. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.

 Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. 

--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@ -1,5 +1,5 @@
 ---
-title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules  (Windows 10)
+title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows)
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -22,8 +22,12 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2016
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):

--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@ -1,5 +1,5 @@
 ---
-title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windows 10)
+title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windows)
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -22,8 +22,12 @@ ms.technology: mde

 **Applies to:**

- Windows 10
- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy.

--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@ -23,14 +23,18 @@ ms.technology: mde

 **Applies to:**

- Windows 10
- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above

-Windows 10 includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
+Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.

 ## Windows Defender Application Control

-WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows 10 clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
+WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).

 WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on:

@ -45,9 +49,9 @@ Note that prior to Windows 10 version 1709, Windows Defender Application Control

 ### WDAC System Requirements

-WDAC policies can be created on any client edition of Windows 10 build 1903+, or on Windows Server 2016 and above.
+WDAC policies can be created on any client edition of Windows 10 build 1903+, or Windows 11, or on Windows Server 2016 and above.

-WDAC policies can be applied to devices running any edition of Windows 10, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
+WDAC policies can be applied to devices running any edition of Windows 10, Windows 11, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 and Windows 11 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.

 For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md).

--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@ -22,9 +22,14 @@ ms.technology: mde
 # Creating a new Base Policy with the Wizard

 **Applies to**
+
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start with a template policy and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. 


@ -63,7 +68,7 @@ A description of each policy rule, beginning with the left-most column, is provi
 |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
 | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
 | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
-| **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. |
+| **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows–compatible driver must be WHQL certified. |
 | **Update Policy without Rebooting** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
 | **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
 | **User Mode Code Integrity** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
@ -82,7 +87,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru
 | **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
 | **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
 | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| 
-| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later drivers will meet this requirement. |
+| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. |

 ![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png)

--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
@ -22,9 +22,14 @@ ms.technology: mde
 # Creating a new Supplemental Policy with the Wizard

 **Applies to**
+
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 Beginning in Windows 10 version 1903, WDAC supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When using supplemental policies, applications allowed by the base or its supplemental policy/policies will be allowed to execute.

 Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules.
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
@ -22,9 +22,14 @@ ms.technology: mde
 # Editing existing base and supplemental WDAC policies with the Wizard

 **Applies to**
+
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 The WDAC Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: 
 <ul>
 <li>[Configuring policy rules](#configuring-policy-rules)</li>
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
@ -23,10 +23,14 @@ ms.technology: mde

 **Applies to:**

-   Windows 10
-   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above

-The Windows Defender Application Control (WDAC) policy Wizard is an open source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects, security and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical. 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
+The Windows Defender Application Control (WDAC) policy Wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical.

 ## Downloading the application

--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@ -1,5 +1,5 @@
 ---
-title: Deploying Windows Defender Application Control (WDAC) policies (Windows 10)
+title: Deploying Windows Defender Application Control (WDAC) policies (Windows)
 description: Learn how to plan and implement a WDAC deployment.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -23,8 +23,12 @@ ms.technology: mde
 **Applies to**

 - Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding.

 ## Plan your deployment
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@ -1,6 +1,6 @@
 ---
-title: Windows Defender Application Control design guide (Windows 10)
-description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows 10 devices.
+title: Windows Defender Application Control design guide (Windows)
+description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows devices.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
@ -22,19 +22,24 @@ ms.technology: mde
 # Windows Defender Application Control design guide

 **Applies to**
- Windows 10
+
+- Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization.

 ## Plan for success

-A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be very successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning:
+A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning:

 -   Executive sponsorship and organizational buy-in is in place.
 -   There is a clear **business** objective for using application control and it is not being planned as a purely technical problem from IT.
 -   The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps.
-   The organization has considered where application control can be most useful (e.g. securing sensitive workloads or business functions) and also where it may be difficult to achieve (e.g. developer workstations).
+-   The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations).

 Once these business factors are in place, you are ready to begin planning your WDAC deployment. The following topics can help guide you through your planning process.

@ -46,6 +51,6 @@ Once these business factors are in place, you are ready to begin planning your W
 | [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. |
 | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
 | [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios and helps you begin to develop a plan for deploying WDAC in your organization. |
-| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit and merge WDAC policies. |
+| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. |

 After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@ -1,5 +1,5 @@
 ---
-title: Managing and troubleshooting Windows Defender Application Control policies (Windows 10)
+title: Managing and troubleshooting Windows Defender Application Control policies (Windows)
 description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -23,8 +23,12 @@ ms.technology: mde
 **Applies to**

 - Windows 10
+- Windows 11
 - Windows Server 2016 and above

+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.

 ## WDAC Events Overview
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@ -23,8 +23,12 @@ ms.technology: mde

 **Applies to:**

- Windows 10
- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).

 With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks.

@ -37,7 +41,7 @@ Application control is a crucial line of defense for protecting enterprises give
 > [!NOTE]
 > Although application control can significantly harden your computers against malicious code, we recommend that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.

-Windows 10 includes two technologies that can be used for application control depending on your organization's specific scenarios and requirements:
+Windows 10 and Windows 11 include two technologies that can be used for application control depending on your organization's specific scenarios and requirements:

 - **Windows Defender Application Control**; and
 - **AppLocker**
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox architecture
-description: 
+description: Windows Sandbox architecture
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox configuration
-description: 
+description: Windows Sandbox configuration
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
@ -16,7 +16,7 @@ ms.technology: mde

 # Windows Sandbox configuration

-Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later. Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the `.wsb` file extension.
+Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or Windows 11. Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the `.wsb` file extension.

 A configuration file enables the user to control the following aspects of Windows Sandbox:

--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox
-description: 
+description: Windows Sandbox overview
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
@ -36,7 +36,7 @@ The following video provides an overview of Windows Sandbox.

 ## Prerequisites
 
- Windows 10 Pro, Enterprise or Education build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- Windows 10 Pro, Enterprise or Education build 18305 or Windows 11 (*Windows Sandbox is currently not supported on Windows Home edition*)
 - AMD64 architecture
 - Virtualization capabilities enabled in BIOS
 - At least 4 GB of RAM (8 GB recommended)
@ -45,7 +45,7 @@ The following video provides an overview of Windows Sandbox.

 ## Installation

-1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or later.
+1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11.

 2. Enable virtualization on the machine.