Merge branch 'master' into aljupudi-w11defender-batch05

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md

@@ -1,7 +1,6 @@
 ---
-title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
+title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows)
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -18,10 +17,11 @@ ms.technology: mde
 **Applies to:**
 
 - Windows 10
+- Windows 11
 
 Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
 
-See [Windows 10 (and later) settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
+See [Windows 10 (and Windows 11) settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
 
 
 ## Group Policy settings
@@ -45,7 +45,7 @@ SmartScreen uses registry-based Administrative Template policy settings.
 </tr>
 <tr>
 <td><b>Windows 10, version 2004:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)<p>Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)<p><b>Windows 10, version 1703:</b><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen (Microsoft Edge version 45 and earlier)<p>Administrative Templates\Microsoft Edge\SmartScreen settings\Configure Microsoft Defender SmartScreen (Microsoft Edge version 77 or later)<p><b>Windows 10, Version 1607 and earlier:</b><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
-<td>Microsoft Edge on Windows 10 or later</td>
+<td>Microsoft Edge on Windows 10 or Windows 11</td>
 <td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
@@ -134,7 +134,7 @@ For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser]
 </tr>
 <tr>
 <td>PreventSmartScreenPromptOverride</td>
-<td>Windows 10, Version 1511 and later</td>
+<td>Windows 10, Version 1511 and Windows 11</td>
 <td>
 <ul>
 <li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li>
@@ -146,7 +146,7 @@ For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser]
 </tr>
 <tr>
 <td>PreventSmartScreenPromptOverrideForFiles</td>
-<td>Windows 10, Version 1511 and later</td>
+<td>Windows 10, Version 1511 and Windows 11</td>
 <td>
 <ul>
 <li><b>URI full path.</b> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li>

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md

@@ -1,7 +1,6 @@
 ---
-title: Microsoft Defender SmartScreen overview (Windows 10)
+title: Microsoft Defender SmartScreen overview (Windows)
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -20,6 +19,7 @@ ms.technology: mde
 **Applies to:**
 
 - Windows 10
+- Windows 11
 - Microsoft Edge
 
 Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md

@@ -1,7 +1,6 @@
 ---
-title: Set up and use Microsoft Defender SmartScreen on individual devices (Windows 10)
+title: Set up and use Microsoft Defender SmartScreen on individual devices (Windows)
 description: Learn how employees can use Windows Security to set up Microsoft Defender SmartScreen. Microsoft Defender SmartScreen protects users from running malicious apps.
-keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: m365-security
 ms.mktglfcycl: explore
 ms.sitesec: library
@@ -19,6 +18,7 @@ ms.technology: mde
 
 **Applies to:**
 - Windows 10, version 1703
+- Windows 11
 - Microsoft Edge
 
 Microsoft Defender SmartScreen helps to protect users if they try to visit sites previously reported as phishing or malware websites, or if a user tries to download potentially malicious files.

windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md

@@ -1,5 +1,5 @@
 ---
-title: Add rules for packaged apps to existing AppLocker rule-set (Windows 10)
+title: Add rules for packaged apps to existing AppLocker rule-set (Windows)
 description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Add rules for packaged apps to existing AppLocker rule-set
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 

windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Administer AppLocker (Windows 10)
+title: Administer AppLocker (Windows)
 description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Administer AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker architecture and components (Windows 10)
+title: AppLocker architecture and components (Windows)
 description: This topic for IT professional describes AppLocker’s basic architecture and its major components.
 ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker architecture and components
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professional describes AppLocker’s basic architecture and its major components.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker functions (Windows 10)
+title: AppLocker functions (Windows)
 description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker functions
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker (Windows 10)
+title: AppLocker (Windows)
 description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
 ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker deployment guide (Windows 10)
+title: AppLocker deployment guide (Windows)
 description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
 ms.reviewer: 
@@ -22,8 +22,13 @@ ms.technology: mde
 # AppLocker deployment guide
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker design guide (Windows 10)
+title: AppLocker design guide (Windows)
 description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker design guide
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker policy use scenarios (Windows 10)
+title: AppLocker policy use scenarios (Windows)
 description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker policy use scenarios
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 
@@ -34,7 +39,7 @@ AppLocker can help you improve the management of application control and the mai
 
 2.  **Protection against unwanted software**
 
-    AppLocker has the ability to deny apps from running simply by excluding them from the list of allowed apps per business group or user. If an app is not specifically identified by its publisher, installation path, or file hash, the attempt to run the application fails.
+    AppLocker has the ability to deny apps from running simply by excluding them from the list of allowed apps per business group or user. If an app is not identified by its publisher, installation path, or file hash, the attempt to run the application fails.
 
 3.  **Licensing conformance**
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker processes and interactions (Windows 10)
+title: AppLocker processes and interactions (Windows)
 description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker processes and interactions
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker settings (Windows 10)
+title: AppLocker settings (Windows)
 description: This topic for the IT professional lists the settings used by AppLocker.
 ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker settings
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists the settings used by AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md

@@ -1,5 +1,5 @@
 ---
-title: AppLocker technical reference (Windows 10)
+title: AppLocker technical reference (Windows)
 description: This overview topic for IT professionals provides links to the topics in the technical reference.
 ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # AppLocker technical reference
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic for IT professionals provides links to the topics in the technical reference.
 AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.

windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md

@@ -1,5 +1,5 @@
 ---
-title: Configure an AppLocker policy for audit only (Windows 10)
+title: Configure an AppLocker policy for audit only (Windows)
 description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Configure an AppLocker policy for audit only
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Configure an AppLocker policy for enforce rules (Windows 10)
+title: Configure an AppLocker policy for enforce rules (Windows)
 description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Configure an AppLocker policy for enforce rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 

windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md

@@ -1,5 +1,5 @@
 ---
-title: Add exceptions for an AppLocker rule (Windows 10)
+title: Add exceptions for an AppLocker rule (Windows)
 description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Add exceptions for an AppLocker rule
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 

windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md

@@ -1,5 +1,5 @@
 ---
-title: Configure the AppLocker reference device (Windows 10)
+title: Configure the AppLocker reference device (Windows)
 description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Configure the AppLocker reference device
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 

windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md

@@ -1,5 +1,5 @@
 ---
-title: Configure the Application Identity service (Windows 10)
+title: Configure the Application Identity service (Windows)
 description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Configure the Application Identity service
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md

@@ -1,5 +1,5 @@
 ---
-title: Create a rule for packaged apps (Windows 10)
+title: Create a rule for packaged apps (Windows)
 description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule for packaged apps
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 
@@ -32,7 +37,7 @@ Packaged apps, also known as Universal Windows apps, are based on an app model t
 -   Package name
 -   Package version
 
-All the files within a package as well as the package installer share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation as well as the running of the app. Otherwise, the publisher rules for packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
+All the files within a package and the package installers share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation and the running of the app. Otherwise, the publisher rules for packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
 
 For info about the publisher condition, see [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md).
 
@@ -67,7 +72,7 @@ You can perform this task by using the Group Policy Management Console for an Ap
     <tr class="even">
     <td align="left"><p><b>Use a packaged app installer as a reference</b></p></td>
     <td align="left"><p>If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.</p></td>
-    <td align="left"><p>Your company has developed a number of internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.</p></td>
+    <td align="left"><p>Your company has developed many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.</p></td>
     </tr>
     </tbody>
     </table>

windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md

@@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a file hash condition (Windows 10)
+title: Create a rule that uses a file hash condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a file hash condition
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md

@@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a path condition (Windows 10)
+title: Create a rule that uses a path condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a path condition
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md

@@ -1,5 +1,5 @@
 ---
-title: Create a rule that uses a publisher condition (Windows 10)
+title: Create a rule that uses a publisher condition (Windows)
 description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create a rule that uses a publisher condition
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Create AppLocker default rules (Windows 10)
+title: Create AppLocker default rules (Windows)
 description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create AppLocker default rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md

@@ -1,5 +1,5 @@
 ---
-title: Create a list of apps deployed to each business group (Windows 10)
+title: Create a list of apps deployed to each business group (Windows)
 description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create a list of apps deployed to each business group
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md

@@ -1,5 +1,5 @@
 ---
-title: Create Your AppLocker policies (Windows 10)
+title: Create Your AppLocker policies (Windows)
 description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create Your AppLocker policies
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 

windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Create Your AppLocker rules (Windows 10)
+title: Create Your AppLocker rules (Windows)
 description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Create Your AppLocker rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 

windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md

@@ -1,5 +1,5 @@
 ---
-title: Delete an AppLocker rule (Windows 10)
+title: Delete an AppLocker rule (Windows)
 description: This article for IT professionals describes the steps to delete an AppLocker rule.
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Delete an AppLocker rule
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article for IT professionals describes the steps to delete an AppLocker rule. 
 

windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy AppLocker policies by using the enforce rules setting (Windows 10)
+title: Deploy AppLocker policies by using the enforce rules setting (Windows)
 description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Deploy AppLocker policies by using the enforce rules setting
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 

windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy the AppLocker policy into production (Windows 10)
+title: Deploy the AppLocker policy into production (Windows)
 description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Deploy the AppLocker policy into production
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 

windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md

@@ -1,5 +1,5 @@
 ---
-title: Determine the Group Policy structure and rule enforcement (Windows 10)
+title: Determine the Group Policy structure and rule enforcement (Windows)
 description: This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Determine the Group Policy structure and rule enforcement
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 

windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md

@@ -1,5 +1,5 @@
 ---
-title: Find digitally signed apps on a reference device (Windows 10)
+title: Find digitally signed apps on a reference device (Windows)
 description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Determine which apps are digitally signed on a reference device
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 

windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md

@@ -1,5 +1,5 @@
 ---
-title: Determine your application control objectives (Windows 10)
+title: Determine your application control objectives (Windows)
 description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Determine your application control objectives
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This article helps with decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md

@@ -1,5 +1,5 @@
 ---
-title: Display a custom URL message when users try to run a blocked app (Windows 10)
+title: Display a custom URL message when users try to run a blocked app (Windows)
 description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Display a custom URL message when users try to run a blocked app
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 

windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: DLL rules in AppLocker (Windows 10)
+title: DLL rules in AppLocker (Windows)
 description: This topic describes the file formats and available default rules for the DLL rule collection.
 ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # DLL rules in AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the DLL rule collection.
 

windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md

@@ -1,5 +1,5 @@
 ---
-title: Document Group Policy structure & AppLocker rule enforcement (Windows 10)
+title: Document Group Policy structure & AppLocker rule enforcement (Windows)
 description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Document the Group Policy structure and AppLocker rule enforcement
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md

@@ -1,5 +1,5 @@
 ---
-title: Document your app list (Windows 10)
+title: Document your app list (Windows)
 description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Document your app list
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Document your AppLocker rules (Windows 10)
+title: Document your AppLocker rules (Windows)
 description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation.
 ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Document your AppLocker rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes what AppLocker rule conditions to associate with each file, how to associate these rule conditions, the source of the rule, and whether the file should be included or excluded.
 

windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md

@@ -1,5 +1,5 @@
 ---
-title: Edit an AppLocker policy (Windows 10)
+title: Edit an AppLocker policy (Windows)
 description: This topic for IT professionals describes the steps required to modify an AppLocker policy.
 ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Edit an AppLocker policy
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps required to modify an AppLocker policy.
 

windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Edit AppLocker rules (Windows 10)
+title: Edit AppLocker rules (Windows)
 description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Edit AppLocker rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md

@@ -1,5 +1,5 @@
 ---
-title: Enable the DLL rule collection (Windows 10)
+title: Enable the DLL rule collection (Windows)
 description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Enable the DLL rule collection
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md

@@ -1,5 +1,5 @@
 ---
-title: Enforce AppLocker rules (Windows 10)
+title: Enforce AppLocker rules (Windows)
 description: This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Enforce AppLocker rules
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Executable rules in AppLocker (Windows 10)
+title: Executable rules in AppLocker (Windows)
 description: This topic describes the file formats and available default rules for the executable rule collection.
 ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Executable rules in AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the executable rule collection.
 

windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md

@@ -1,5 +1,5 @@
 ---
-title: Export an AppLocker policy from a GPO (Windows 10)
+title: Export an AppLocker policy from a GPO (Windows)
 description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Export an AppLocker policy from a GPO
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 

windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md

@@ -1,5 +1,5 @@
 ---
-title: Export an AppLocker policy to an XML file (Windows 10)
+title: Export an AppLocker policy to an XML file (Windows)
 description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Export an AppLocker policy to an XML file
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.

windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md

@@ -1,5 +1,5 @@
 ---
-title: How AppLocker works (Windows 10)
+title: How AppLocker works (Windows)
 description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
 ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # How AppLocker works
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md

@@ -1,5 +1,5 @@
 ---
-title: Import an AppLocker policy from another computer (Windows 10)
+title: Import an AppLocker policy from another computer (Windows)
 description: This topic for IT professionals describes how to import an AppLocker policy.
 ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Import an AppLocker policy from another computer
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to import an AppLocker policy.
 

windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md

@@ -1,5 +1,5 @@
 ---
-title: Import an AppLocker policy into a GPO (Windows 10)
+title: Import an AppLocker policy into a GPO (Windows)
 description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Import an AppLocker policy into a GPO
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).

windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md

@@ -1,5 +1,5 @@
 ---
-title: Maintain AppLocker policies (Windows 10)
+title: Maintain AppLocker policies (Windows)
 description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies.
 ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
 ms.reviewer: 
@@ -20,8 +20,13 @@ ms.technology: mde
 # Maintain AppLocker policies
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes how to maintain rules within AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Manage packaged apps with AppLocker (Windows 10)
+title: Manage packaged apps with AppLocker (Windows)
 description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy.
 ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Manage packaged apps with AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
 

windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md

@@ -1,5 +1,5 @@
 ---
-title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows 10)
+title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows)
 description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Merge AppLocker policies by using Set-ApplockerPolicy
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 

windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md

@@ -1,5 +1,5 @@
 ---
-title: Merge AppLocker policies manually (Windows 10)
+title: Merge AppLocker policies manually (Windows)
 description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Merge AppLocker policies manually
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 

windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Monitor app usage with AppLocker (Windows 10)
+title: Monitor app usage with AppLocker (Windows)
 description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Monitor app usage with AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 

windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md

@@ -1,5 +1,5 @@
 ---
-title: Optimize AppLocker performance (Windows 10)
+title: Optimize AppLocker performance (Windows)
 description: This topic for IT professionals describes how to optimize AppLocker policy enforcement.
 ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Optimize AppLocker performance
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes how to optimize AppLocker policy enforcement.
 

windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Packaged apps and packaged app installer rules in AppLocker (Windows 10)
+title: Packaged apps and packaged app installer rules in AppLocker (Windows)
 description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Packaged apps and packaged app installer rules in AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 

windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md

@@ -1,5 +1,5 @@
 ---
-title: Plan for AppLocker policy management (Windows 10)
+title: Plan for AppLocker policy management (Windows)
 description: This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Plan for AppLocker policy management
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md

@@ -1,5 +1,5 @@
 ---
-title: Refresh an AppLocker policy (Windows 10)
+title: Refresh an AppLocker policy (Windows)
 description: This topic for IT professionals describes the steps to force an update for an AppLocker policy.
 ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Refresh an AppLocker policy
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to force an update for an AppLocker policy.
 

windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md

@@ -1,5 +1,5 @@
 ---
-title: Requirements for deploying AppLocker policies (Windows 10)
+title: Requirements for deploying AppLocker policies (Windows)
 description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Requirements for deploying AppLocker policies
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 

windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Requirements to use AppLocker (Windows 10)
+title: Requirements to use AppLocker (Windows)
 description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Requirements to use AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 
@@ -38,11 +43,11 @@ To use AppLocker, you need:
  
 ## Operating system requirements
 
-The following table show the on which operating systems AppLocker features are supported.
+The following table shows the on which operating systems AppLocker features are supported.
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016. |
+| Windows 10 and Windows 11| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) to configure AppLocker policies on any edition of Windows 10 and Windows 11 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, and Windows Server 2016. |
 | Windows Server 2019<br/>Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
 | Windows 8.1 Pro| Yes| No| N/A||
 | Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |

windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md

@@ -1,5 +1,5 @@
 ---
-title: Run the Automatically Generate Rules wizard (Windows 10)
+title: Run the Automatically Generate Rules wizard (Windows)
 description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Run the Automatically Generate Rules wizard
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 

windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Script rules in AppLocker (Windows 10)
+title: Script rules in AppLocker (Windows)
 description: This topic describes the file formats and available default rules for the script rule collection.
 ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Script rules in AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic describes the file formats and available default rules for the script rule collection.
 

windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md

@@ -1,5 +1,5 @@
 ---
-title: Security considerations for AppLocker (Windows 10)
+title: Security considerations for AppLocker (Windows)
 description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
 ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Security considerations for AppLocker
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md

@@ -1,5 +1,5 @@
 ---
-title: Select the types of rules to create (Windows 10)
+title: Select the types of rules to create (Windows)
 description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
 ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
 ms.reviewer: 
@@ -21,8 +21,13 @@ ms.technology: mde
 # Select the types of rules to create
 
 **Applies to**
-- Windows 10
+
-- Windows Server
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+>[!NOTE]
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
 

windows/security/threat-protection/windows-defender-application-control/types-of-devices.md

@@ -1,5 +1,5 @@
 ---
-title: Policy creation for common WDAC usage scenarios (Windows 10)
+title: Policy creation for common WDAC usage scenarios (Windows)
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -23,9 +23,13 @@ ms.technology: mde
 **Applies to**
 
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above
 
-Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is very common for organizations to have device use cases across each of the categories described.
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
+Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is common for organizations to have device use cases across each of the categories described.
 
 ## Types of devices
 
@@ -34,7 +38,7 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes
 | **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | WDAC can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | 
 | **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request additional software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.<br>WDAC policies are supported by the HVCI service. | 
 | **Fixed-workload devices**: Perform same tasks every day.<br>Lists of approved applications rarely change.<br>Examples: kiosks, point-of-sale systems, call center computers. | WDAC can be deployed fully, and deployment and ongoing administration are relatively straightforward.<br>After WDAC deployment, only approved applications can run. This is because of protections offered by WDAC. | 
-| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a block-list only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. | 
+| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a blocklist only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. | 
 
 ## An introduction to Lamna Healthcare Company
 

windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md

@@ -1,5 +1,5 @@
 ---
-title: Understand Windows Defender Application Control policy design decisions  (Windows 10)
+title: Understand Windows Defender Application Control policy design decisions  (Windows)
 description: Understand Windows Defender Application Control policy design decisions.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -22,8 +22,12 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2016 and above
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 This topic is for the IT professional and lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using Windows Defender Application Control (WDAC) within a Windows operating system environment.
 
@@ -70,7 +74,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 | Possible answers | Design considerations |
 | - | - |
 | All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. WDAC rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can  [use built-in Windows 10 tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | 
+| Apps used in your organization do not need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | 
  
 ### Are there specific groups in your organization that need customized application control policies?
 
@@ -79,7 +83,7 @@ Most business teams or departments have specific security requirements that pert
 | Possible answers | Design considerations |
 | - | - |
 | Yes | WDAC policies can be created unique per team, or team-specific supplemental policies can be used to expand what is allowed by a common, centrally defined base policy.|
-| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|
+| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10 and Windows 11. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|
 
 ### Does your IT department have resources to analyze application usage, and to design and manage the policies?
 
@@ -88,7 +92,7 @@ The time and resources that are available to you to perform the research and ana
 | Possible answers | Design considerations |
 | - | - |
 | Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are constructed as simply as possible.|
-| No | Consider a focused and phased deployment for specific groups by using a small number of rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. |
+| No | Consider a focused and phased deployment for specific groups by using few rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. |
 
 ### Does your organization have Help Desk support?
 

windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

@@ -1,5 +1,5 @@
 ---
-title: Use code signing to simplify application control for classic Windows applications (Windows 10)
+title: Use code signing to simplify application control for classic Windows applications (Windows)
 description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -22,8 +22,12 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2016
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 This topic covers guidelines for using code signing control classic Windows apps.
 
@@ -49,20 +53,20 @@ To use catalog signing, you can choose from the following options:
 
 ### Catalog files
 
-Catalog files (which you can create in Windows 10 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application.
+Catalog files (which you can create in Windows 10 and Windows 11 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you do not want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by WDAC in the same way as any other signed application.
 
 Catalog files are simply Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries' hash values are updated each time an application is updated, which requires the catalog file to be updated also.
 
 After you have created and signed your catalog files, you can configure your WDAC policies to trust the signer or signing certificate of those files.
 
 > [!NOTE]
-> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT.
+> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, Windows 2016 Server, or Windows Enterprise IoT.
 
 For procedures for working with catalog files, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
 
 ## Windows Defender Application Control policy formats and signing
 
-When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 Enterprise, along with restrictions on Windows 10 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **<Rules>** section of the file.
+When you generate a WDAC policy, you are generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 and Windows 11 Enterprise, along with restrictions on Windows 10 and Windows 11 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **<Rules>** section of the file.
 
 We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command.
 

windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md

@@ -1,5 +1,5 @@
 ---
-title: Use the Device Guard Signing Portal in the Microsoft Store for Business  (Windows 10)
+title: Use the Device Guard Signing Portal in the Microsoft Store for Business  (Windows)
 description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -22,9 +22,12 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2019
+- Windows 11
--   Windows Server 2016
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
 

windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

@@ -1,6 +1,6 @@
 ---
-title: Use signed policies to protect Windows Defender Application Control against tampering  (Windows 10)
+title: Use signed policies to protect Windows Defender Application Control against tampering  (Windows)
-description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10.
+description: Signed WDAC policies give organizations the highest level of malware protection available in Windows 10 and Windows 11.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
@@ -22,11 +22,14 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2016
+- Windows 11
+- Windows Server 2016 and above
 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
-Signed WDAC policies give organizations the highest level of malware protection available in Windows 10. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
+Signed WDAC policies give organizations the highest level of malware protection available in Windows. In addition to their enforced policy rules, signed policies cannot be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this in mind, it is much more difficult to remove signed WDAC policies. Note that SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
 
 Before you sign and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run. 
 

windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md

@@ -1,5 +1,5 @@
 ---
-title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules  (Windows 10)
+title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows)
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -22,8 +22,12 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2016
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 As of Windows 10, version 1703, you can use WDAC policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
 

windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md

@@ -1,5 +1,5 @@
 ---
-title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windows 10)
+title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windows)
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -22,8 +22,12 @@ ms.technology: mde
 
 **Applies to:**
 
-- Windows 10
+- Windows 10
-- Windows Server 2016 and above
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy.
 

windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md

@@ -23,14 +23,18 @@ ms.technology: mde
 
 **Applies to:**
 
-- Windows 10
+- Windows 10
-- Windows Server 2016 and above
+- Windows 11
+- Windows Server 2016 and above
 
-Windows 10 includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
+Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
 
 ## Windows Defender Application Control
 
-WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows 10 clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
+WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
 
 WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on:
 
@@ -45,9 +49,9 @@ Note that prior to Windows 10 version 1709, Windows Defender Application Control
 
 ### WDAC System Requirements
 
-WDAC policies can be created on any client edition of Windows 10 build 1903+, or on Windows Server 2016 and above.
+WDAC policies can be created on any client edition of Windows 10 build 1903+, or Windows 11, or on Windows Server 2016 and above.
 
-WDAC policies can be applied to devices running any edition of Windows 10, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
+WDAC policies can be applied to devices running any edition of Windows 10, Windows 11, or Windows Server 2016 and above, via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 and Windows 11 Enterprise edition, or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
 For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md).
 

windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md

@@ -22,8 +22,13 @@ ms.technology: mde
 # Creating a new Base Policy with the Wizard
 
 **Applies to**
--   Windows 10
+
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start with a template policy and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. 
 
@@ -63,7 +68,7 @@ A description of each policy rule, beginning with the left-most column, is provi
 |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
 | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
 | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
-| **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. |
+| **Require WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows–compatible driver must be WHQL certified. |
 | **Update Policy without Rebooting** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
 | **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
 | **User Mode Code Integrity** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
@@ -82,7 +87,7 @@ Selecting the **+ Advanced Options** label will show another column of policy ru
 | **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
 | **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
 | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| 
-| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later drivers will meet this requirement. |
+| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. |
 
 ![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png)
 

windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md

@@ -22,8 +22,13 @@ ms.technology: mde
 # Creating a new Supplemental Policy with the Wizard
 
 **Applies to**
--   Windows 10
+
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 Beginning in Windows 10 version 1903, WDAC supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When using supplemental policies, applications allowed by the base or its supplemental policy/policies will be allowed to execute.
 

windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md

@@ -22,8 +22,13 @@ ms.technology: mde
 # Editing existing base and supplemental WDAC policies with the Wizard
 
 **Applies to**
--   Windows 10
+
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 The WDAC Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: 
 <ul>

windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md

@@ -23,10 +23,14 @@ ms.technology: mde
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows Server 2016 and above
+- Windows 11
+- Windows Server 2016 and above
 
-The Windows Defender Application Control (WDAC) policy Wizard is an open source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects, security and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical. 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
+The Windows Defender Application Control (WDAC) policy Wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. The Wizard was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge WDAC policies. The Wizard desktop application uses the [ConfigCI PowerShell Cmdlets](/powershell/module/configci) in the backend so the output policy of the Wizard and PowerShell cmdlets is identical.
 
 ## Downloading the application
 

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md

@@ -1,5 +1,5 @@
 ---
-title: Deploying Windows Defender Application Control (WDAC) policies (Windows 10)
+title: Deploying Windows Defender Application Control (WDAC) policies (Windows)
 description: Learn how to plan and implement a WDAC deployment.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -23,8 +23,12 @@ ms.technology: mde
 **Applies to**
 
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above
 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 You should now have one or more WDAC policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding.
 
 ## Plan your deployment

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md

@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Application Control design guide (Windows 10)
+title: Windows Defender Application Control design guide (Windows)
-description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows 10 devices.
+description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows devices.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
@@ -22,19 +22,24 @@ ms.technology: mde
 # Windows Defender Application Control design guide
 
 **Applies to**
-- Windows 10
+
+- Windows 10
+- Windows 11
 - Windows Server 2016 and above
 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 This guide covers design and planning for Windows Defender Application Control (WDAC). It is intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization.
 
 ## Plan for success
 
-A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be very successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning:
+A common refrain you may hear about application control is that it is "too hard". While it is true that application control is not as simple as flipping a switch, organizations can be successful if they take a methodical approach and carefully plan their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning:
 
 -   Executive sponsorship and organizational buy-in is in place.
 -   There is a clear **business** objective for using application control and it is not being planned as a purely technical problem from IT.
 -   The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps.
--   The organization has considered where application control can be most useful (e.g. securing sensitive workloads or business functions) and also where it may be difficult to achieve (e.g. developer workstations).
+-   The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations).
 
 Once these business factors are in place, you are ready to begin planning your WDAC deployment. The following topics can help guide you through your planning process.
 
@@ -46,6 +51,6 @@ Once these business factors are in place, you are ready to begin planning your W
 | [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. |
 | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
 | [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios and helps you begin to develop a plan for deploying WDAC in your organization. |
-| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit and merge WDAC policies. |
+| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. |
 
 After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md

@@ -1,5 +1,5 @@
 ---
-title: Managing and troubleshooting Windows Defender Application Control policies (Windows 10)
+title: Managing and troubleshooting Windows Defender Application Control policies (Windows)
 description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -23,8 +23,12 @@ ms.technology: mde
 **Applies to**
 
 - Windows 10
+- Windows 11
 - Windows Server 2016 and above
 
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
+
 After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
 
 ## WDAC Events Overview

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md

@@ -23,8 +23,12 @@ ms.technology: mde
 
 **Applies to:**
 
-- Windows 10
+- Windows 10
-- Windows Server 2016 and above
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks.
 
@@ -37,7 +41,7 @@ Application control is a crucial line of defense for protecting enterprises give
 > [!NOTE]
 > Although application control can significantly harden your computers against malicious code, we recommend that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.
 
-Windows 10 includes two technologies that can be used for application control depending on your organization's specific scenarios and requirements:
+Windows 10 and Windows 11 include two technologies that can be used for application control depending on your organization's specific scenarios and requirements:
 
 - **Windows Defender Application Control**; and
 - **AppLocker**

windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md

@@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox architecture
-description: 
+description: Windows Sandbox architecture
 ms.prod: m365-security
 audience: ITPro
 author: dansimp

windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

@@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox configuration
-description: 
+description: Windows Sandbox configuration
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
@@ -16,7 +16,7 @@ ms.technology: mde
 
 # Windows Sandbox configuration
 
-Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later. Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the `.wsb` file extension.
+Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or Windows 11. Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the `.wsb` file extension.
 
 A configuration file enables the user to control the following aspects of Windows Sandbox:
 

windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md

@@ -1,6 +1,6 @@
 ---
 title: Windows Sandbox
-description: 
+description: Windows Sandbox overview
 ms.prod: m365-security
 audience: ITPro
 author: dansimp
@@ -36,7 +36,7 @@ The following video provides an overview of Windows Sandbox.
 
 ## Prerequisites
  
-- Windows 10 Pro, Enterprise or Education build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- Windows 10 Pro, Enterprise or Education build 18305 or Windows 11 (*Windows Sandbox is currently not supported on Windows Home edition*)
 - AMD64 architecture
 - Virtualization capabilities enabled in BIOS
 - At least 4 GB of RAM (8 GB recommended)
@@ -45,7 +45,7 @@ The following video provides an overview of Windows Sandbox.
 
 ## Installation
 
-1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or later.
+1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or Windows 11.
 
 2. Enable virtualization on the machine.