From 51d59eca5646496f1f7c666fb8169e230eba99f7 Mon Sep 17 00:00:00 2001
From: Julian Lemmerich <41118534+JM-Lemmi@users.noreply.github.com>
Date: Thu, 30 Jun 2022 09:58:33 +0200
Subject: [PATCH 1/5] align table correctly

fix #10673
---
 .../applocker/dll-rules-in-applocker.md                  | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index 5c09c86d2e..6921eeb8f7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -40,12 +40,9 @@ The following table lists the default rules that are available for the DLL rule
 
 | Purpose | Name | User | Rule condition type |
 | - | - | - | - |
-| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| 
-| BUILTIN\Administrators | Path: *| 
-| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | 
-| Everyone | Path: %windir%\*| 
-| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| 
-| Everyone | Path: %programfiles%\*| 
+| Allows members of the local Administrators group to run all DLLs | (Default Rule) All DLLs| BUILTIN\Administrators | Path: *| 
+| Allow all users to run DLLs in the Windows folder| (Default Rule) Microsoft Windows DLLs | Everyone | Path: %windir%\*| 
+| Allow all users to run DLLs in the Program Files folder | (Default Rule) All DLLs located in the Program Files folder| Everyone | Path: %programfiles%\*| 
  
 > [!IMPORTANT]
 > If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps

From 858675694276b1f0964e2a118be925e1661b164d Mon Sep 17 00:00:00 2001
From: Alexander Spitaler <alexander.spitaler@outlook.com>
Date: Fri, 1 Jul 2022 14:15:48 +0200
Subject: [PATCH 2/5] 10678-UpdateCredentialGuardIntuneDocu

Changed the manual to settings catalog options
---
 .../credential-guard/credential-guard-manage.md  | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index b63bf80703..7637deca64 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -53,19 +53,21 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will
 
 To enforce processing of the group policy, you can run `gpupdate /force`.
 
-### Enable Windows Defender Credential Guard by using Intune
+### Enable Windows Defender Credential Guard by using Microsoft Endpoint Manager
 
-1. From **Home**, select **Microsoft Intune**.
+1. From **Microsoft Endpoint Manager admin center**, select **Devices**.
 
-1. Select **Device configuration**.
+1. Select **Configuration Profiles**.
 
-1. Select **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**.
+1. Select  **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**.
 
-   > [!NOTE]
-   > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
+   1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings
+
+> [!NOTE]
+> Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
 
 > [!TIP]
-> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
+> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Endpoint Manager](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
 
 ### Enable Windows Defender Credential Guard by using the registry
 

From 17c9098c9a4654cb301315c7e73caa67da8e0c81 Mon Sep 17 00:00:00 2001
From: Alexander Spitaler <alexander.spitaler@outlook.com>
Date: Sat, 2 Jul 2022 15:48:15 +0200
Subject: [PATCH 3/5] Update
 windows/security/identity-protection/credential-guard/credential-guard-manage.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../credential-guard/credential-guard-manage.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 7637deca64..c2b416f149 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -61,7 +61,7 @@ To enforce processing of the group policy, you can run `gpupdate /force`.
 
 1. Select  **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**.
 
-   1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings
+   1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings.
 
 > [!NOTE]
 > Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.

From fda276c337ce533f14fa61257922833f0622dca5 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 4 Jul 2022 23:33:38 +0530
Subject: [PATCH 4/5] added  windows 11

user report #10684, after reading this article, I conformed **Windows 11** OS is also supported
---
 .../security-policy-settings/security-policy-settings.md       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index a0a8270da7..305941019b 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -23,6 +23,7 @@ ms.technology: windows-sec
 **Applies to**
 
 - Windows 10
+- Windows 11
 
 This reference topic describes the common scenarios, architecture, and processes for security settings.
 
@@ -404,4 +405,4 @@ To ensure that data is copied correctly, you can use Group Policy Management Con
 | - | - |
 | [Administer security policy settings](administer-security-policy-settings.md) | This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization.|
 | [Configure security policy settings](how-to-configure-security-policy-settings.md) | Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.|
-| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.|
\ No newline at end of file
+| [Security policy settings reference](security-policy-settings-reference.md) | This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.|

From 8546102f91b4ed06df4ade9317b3422280e53c53 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann <v-angelaf@microsoft.com>
Date: Tue, 12 Jul 2022 15:35:44 -0700
Subject: [PATCH 5/5] Update security-policy-settings.md

https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/39b0b647-dc09-4851-ba5f-05643211e211#CORRECTNESS

Line 48: polices > policies

Line 123: logs users onto > logs on users to

Line 300: speciy > specify
---
 .../security-policy-settings/security-policy-settings.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index 305941019b..7cbaa1f1fc 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -45,7 +45,7 @@ For more info about managing security configurations, see [Administer security p
 
 The Security Settings extension of the Local Group Policy Editor includes the following types of security policies:
 
-- **Account Policies.** These polices are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies:
+- **Account Policies.** These policies are defined on devices; they affect how user accounts can interact with the computer or domain. Account policies include the following types of policies:
 
   - **Password Policy.** These policies determine settings for passwords, such as enforcement and lifetimes. Password policies are used for domain accounts.
   - **Account Lockout Policy.** These policies determine the conditions and length of time that an account will be locked out of the system. Account lockout policies are used for domain or local user accounts.
@@ -120,7 +120,7 @@ For devices that are members of a Windows Server 2008 or later domain, securit
 
 - **Local Security Authority (LSA)**
 
-  A protected subsystem that authenticates and logs users onto the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system.
+  A protected subsystem that authenticates and logs on users to the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system.
 
 - **Windows Management Instrumentation (WMI)**
 
@@ -297,7 +297,7 @@ Group Policy settings are processed in the following order:
 
 1. **Domain.**
 
-   Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you speciy.
+   Processing of multiple domain-linked Group Policy Objects is synchronous and in an order you specify.
 
 1. **Organizational units.**