Merge pull request #651 from MicrosoftDocs/FromPrivateRepo

From private repo
2025-05-16 07:17:24 +00:00 · 2018-04-03 16:19:29 -07:00 · 2018-04-03 16:19:29 -07:00 · 44f4d71a6c
commit 44f4d71a6c
parent 7961d9fdf0 9240071acd
20 changed files with 158 additions and 66 deletions
--- a/windows/client-management/mdm/images/provisioning-csp-vpn.png
+++ b/windows/client-management/mdm/images/provisioning-csp-vpn.png
--- a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png
+++ b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@ -24,49 +24,49 @@ The following diagram shows the MultiSIM configuration service provider in tree
 <a href="" id="multisim"></a>**./Device/Vendor/MSFT/MultiSIM**  
 Root node.
-<a href="" id="tbd"></a>**_ModemID_**  
+<a href="" id="modemid"></a>**_ModemID_**  
 Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem.
-<a href="" id="modemid"></a>**_ModemID_/Identifier**  
+<a href="" id="modemid-identifier"></a>**_ModemID_/Identifier**  
 Modem ID.
 Supported operation is Get. Value type is string.
-<a href="" id="tbd"></a>**_ModemID_/IsEmbedded**  
+<a href="" id="modemid-isembedded"></a>**_ModemID_/IsEmbedded**  
 Indicates whether this modem is embedded or external.
 Supported operation is Get. Value type is bool.
-<a href="" id="tbd"></a>**_ModemID_/Slots**  
+<a href="" id="modemid-slots"></a>**_ModemID_/Slots**  
 Represents all SIM slots in the Modem.
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_**  
+<a href="" id="modemid-slots-slotid"></a>**_ModemID_/Slots/_SlotID_**  
 Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot.
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
+<a href="" id="modemid-slots-slotid-identifier"></a>**_ModemID_/Slots/_SlotID_/Identifier**  
 Slot ID.
 Supported operation is Get. Value type is integer.
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
+<a href="" id="modemid-slots-slotid-isembedded"></a>**_ModemID_/Slots/_SlotID_/IsEmbedded**  
 Indicates whether this Slot is embedded or a physical SIM slot.
 Supported operation is Get. Value type is bool.
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
+<a href="" id="modemid-slots-slotid-isselected"></a>**_ModemID_/Slots/_SlotID_/IsSelected**  
 Indicates whether this Slot is selected or not.
 Supported operation is Get and Replace. Value type is bool.
-<a href="" id="tbd"></a>**_ModemID_/Slots/_SlotID_/State**  
+<a href="" id="modemid-slots-slotid-state"></a>**_ModemID_/Slots/_SlotID_/State**  
 Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8)
 Supported operation is Get. Value type is integer.
-<a href="" id="tbd"></a>**_ModemID_/Policies**  
+<a href="" id="modemid-policies"></a>**_ModemID_/Policies**  
 Policies associated with the Modem.
-<a href="" id="tbd"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
+<a href="" id="modemid-policies-slotselectionenabled"></a>**_ModemID_/Policies/SlotSelectionEnabled**  
 Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true.
 Supported operation is Get and Replace. Value type is bool.
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1329,9 +1329,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </ul>
 </td></tr>
 <tr>
 </ul>
 </td></tr>
 <tr>
 <td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
 <td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </ul>
@ -1342,7 +1339,6 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <ul>
 <li>UntrustedCertificates</li>
 </ul>
 </td></tr>
 </tbody>
 </table>
@ -1612,6 +1608,31 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 ## Change history in MDM documentation
 ### April 2018
 <table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>New or updated topic</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
 <td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
 <ul>
 <li>Settings/AllowVirtualGPU</li>
 <li>Settings/SaveFilesToHost</li>
 </ul>
 </td></tr>
 </tbody>
 </table>
 ### March 2018
 <table class="mx-tdBreakAll">
@ -1673,6 +1694,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </ul>
 <p>The following existing policies were updated:</p>
 <ul>
 <li>Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.</li>
 <li>InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML</li>
 <li>TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.</li>
 </ul>
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/13/2018
+ms.date: 03//2018
 ---
 # Policy CSP - Browser
@ -445,8 +445,9 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
-   0 – Not allowed.
+-   0 – Block all cookies
-   1 (default) – Allowed.
+-   1 – Block only third party cookies
 -   2 - Allow cookies
 <!--/SupportedValues-->
 <!--Validation-->
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 03/12/2018
+ms.date: 04/02/2018
 ---
 # Policy CSP - EventLogService
@ -200,7 +200,7 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies the maximum size of the log file in kilobytes.
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
 If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -359,7 +359,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), then disabling the MDM unenrollment has no effect.
 > [!NOTE]
 > The MDM server can always remotely delete the account.
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 04/02/2017
 ---
 # VPN CSP
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 03/22/2018
 ---
 # WindowsDefenderApplicationGuard CSP
@ -81,6 +81,18 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
 - 0 - Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off.
 - 1 - Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
 <a href="" id="allowvirtualgpu"></a>**Settings/AllowVirtualGPU**  
 Added in Windows 10, version 1803. This policy setting allows you to determine whether Application Guard can use the virtual GPU to process graphics. Supported operations are Add, Get, Replace, and Delete. Value type is integer.  
 - 0 (default) - Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0).
 - 1 - Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container. 
 <a href="" id="savefilestohost"></a>**Settings/SaveFilesToHost**  
 Added in Windows 10, version 1803. This policy setting allows you to determine whether users can elect to download files from Edge in the container and persist files them from container to the host operating system. Supported operations are Add, Get, Replace, and Delete. Value type is integer. 
 - 0 (default) - The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0).
 - 1 - Turns on the functionality to allow users to download files from Edge in the container to the host file system.  
 <a href="" id="status"></a>**Status**  
 <p style="margin-left: 20px">Returns status on Application Guard installation and pre-requisites. Value type is integer. Supported operation is Get.</p>
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 03/22/2018
 ---
 # WindowsDefenderApplicationGuard DDF file
@ -16,6 +16,8 @@ This topic shows the OMA DM device description framework (DDF) for the **Windows
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 This XML is for Windows 10, version 1803.
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
@ -25,7 +27,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
  <VerDTD>1.2</VerDTD>
      <Node>
        <NodeName>WindowsDefenderApplicationGuard</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
        <DFProperties>
          <AccessType>
            <Get />
@ -40,7 +42,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
            <Permanent />
          </Scope>
          <DFType>
-            <MIME>com.microsoft/1.1/MDM/WindowsDefenderApplicationGuard</MIME>
+            <MIME>com.microsoft/1.2/MDM/WindowsDefenderApplicationGuard</MIME>
          </DFType>
        </DFProperties>
        <Node>
@ -200,6 +202,52 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
              </DFType>
            </DFProperties>
          </Node>
          <Node>
            <NodeName>AllowVirtualGPU</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
                <Add />
                <Delete />
                <Replace />
              </AccessType>
              <DFFormat>
                <int />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Dynamic />
              </Scope>
              <DFType>
                <MIME>text/plain</MIME>
              </DFType>
            </DFProperties>
          </Node>
          <Node>
            <NodeName>SaveFilesToHost</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
                <Add />
                <Delete />
                <Replace />
              </AccessType>
              <DFFormat>
                <int />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Dynamic />
              </Scope>
              <DFType>
                <MIME>text/plain</MIME>
              </DFType>
            </DFProperties>
          </Node>
        </Node>
        <Node>
          <NodeName>Status</NodeName>
@ -229,7 +277,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
              <Exec />
            </AccessType>
            <DFFormat>
-              <int />
+              <chr />
            </DFFormat>
            <Occurrence>
              <One />
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -9,7 +9,7 @@ ms.localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
-ms.date: 11/09/2017
+ms.date: 04/03/2018
 ---
 # Create a Windows 10 reference image
@ -20,7 +20,7 @@ ms.date: 11/09/2017
 Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
 For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.
->{!NOTE]}  
+>!NOTE]
 >For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
 ![figure 1](../images/mdt-08-fig01.png)
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/20/2018
+ms.date: 04/03/2018
 ---
 # Frequently asked questions and troubleshooting Windows Analytics
@ -33,6 +33,8 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
 [Disable Upgrade Readiness](#disable-upgrade-readiness)
 [Exporting large data sets](#exporting-large-data-sets)
 ### Devices not showing up
@ -179,6 +181,24 @@ If you want to stop using Upgrade Readiness and stop sending diagnostic data dat
 3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
 4.	**Optional step:** You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". 
 ### Exporting large data sets
 Azure Log Analytics is optimized for advanced analytics of large data sets and can efficiently generate summaries and analytics for them. The query language is not optimized (or intended) for returning large raw data sets and has built-in limits to protect against overuse. There are times when it might be necessary to get more data than this, but that should be done sparingly since this is not the intended way to use Azure Log Analytics. The following code snippet shows how to retrieve data from UAApp one “page” at a time:
 ```
 let snapshot = toscalar(UAApp | summarize max(TimeGenerated));
 let pageSize = 100000;
 let pageNumber = 0;
 UAApp
 | where TimeGenerated == snapshot and IsRollup==true and RollupLevel=="Granular" and Importance == "Low install count"
 | order by AppName, AppVendor, AppVersion desc
 | serialize
 | where row_number(0) >= (pageSize * pageNumber)
 | take pageSize
 ```
 ## Other common questions
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 03/30/2018
+ms.date: 04/03/2018
 ms.localizationpriority: high
 ---
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
-ms.date: 03/16/2018
+ms.date: 04/03/2018
 author: greg-lindsay
 ---
@ -23,7 +23,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
 - Dynamic deployment methods enable you to configure applications and settings for specific use cases. 
 - Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.<br>&nbsp;
-<table border="1">
+<table border="0">
  <tr><td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Category</b></td>
     <td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Scenario</b></td>
     <td align="center" style="width:16%; border:1;" bgcolor='#a0e4fa'><b>Description</b></td>
--- a/windows/security/threat-protection/applocker/configure-the-application-identity-service.md
+++ b/windows/security/threat-protection/applocker/configure-the-application-identity-service.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
-ms.date: 09/21/2017
+ms.date: 04/02/2018
 ---
 # Configure the Application Identity service
@ -38,4 +38,12 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
 2.  Click the **Services** tab, right-click **AppIDSvc**, and then click **Start Service**.
 3.  Verify that the status for the Application Identity service is **Running**.
-Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic**. 
+Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic** by using the Sevices snap-in. Try either of these methods instead:
 - Open an elevated commnad prompt or PowerShell session and type:
   ```powershell
   sc.exe config appidsvc start= auto
   ```
 - Create a security template that configures appidsvc to be automatic start, and apply it using secedit.exe or LGPO.exe.
--- a/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md
@ -152,7 +152,7 @@ After the catalog file is signed, add the signing certificate to a WDAC policy,
    > **Note**&nbsp;&nbsp;Include the **-UserPEs** parameter to ensure that the policy includes user mode code integrity.
-3.  Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `<policypath>` and `<certpath>`:
+3.  Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule?view=win10-ps) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `<policypath>` and `<certpath>`:
    ` Add-SignerRule -FilePath <policypath> -CertificatePath <certpath> -User `
--- a/windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md
+++ b/windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md
@ -110,7 +110,7 @@ For example:
 ### Enable the managed installer option in WDAC policy
 In order to enable trust for the binaries laid down by managed installers, the Allow: Managed Installer option must be specified in your WDAC policy.
-This can be done by using the [Set-RuleOption cmdlet](https://technet.microsoft.com/itpro/powershell/windows/configci/set-ruleoption). 
+This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps). 
 An example of the managed installer option being set in policy is shown below.
 ```code
--- a/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md
+++ b/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md
@ -42,7 +42,7 @@ If you plan to use an internal CA to sign catalog files or WDAC policies, see th
 WDAC policies include *policy rules*, which control options such as audit mode or whether UMCI is enabled in a WDAC policy. You can modify these options in a new or existing WDAC policy. (For information about *file rules*, which specify the level at which applications will be identified and trusted, see the next section, [Windows Defender Application Control file rule levels](#windows-defender-application-control-file-rule-levels).)
-To modify the policy rule options of an existing WDAC policy, use the [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) Windows PowerShell cmdlet. Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy:
+To modify the policy rule options of an existing WDAC policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps). Note the following examples of how to use this cmdlet to add and remove a rule option on an existing WDAC policy:
 -   To ensure that UMCI is enabled for a WDAC policy that was created with the `-UserPEs` (user mode) option, add rule option 0 to an existing policy by running the following command:
--- a/windows/security/threat-protection/device-guard/device-guard-deployment-guide.md
+++ b/windows/security/threat-protection/device-guard/device-guard-deployment-guide.md
@ -20,25 +20,6 @@ With thousands of new malicious files created every day, using traditional metho
 Windows Defender Device Guard also uses virtualization-based security to isolate the Code Integrity service and run it alongside the Windows kernel in a hypervisor-protected container. Even if an attacker manages to get control of the Windows kernel itself, the ability to run malicious executable code is much less likely. 
 This guide explores the individual features in Windows Defender Device Guard as well as how to plan for, configure, and deploy them. It includes:
 - [Introduction to Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 - [Requirements and deployment planning guidelines for Windows Defender Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md)
 - [Planning and getting started on the Windows Defender Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md)
 - [Deploy Windows Defender Application Control](deploy-windows-defender-application-control.md)
    - [Optional: Create a code signing certificate for Windows Defender Application Control](optional-create-a-code-signing-certificate-for-windows-defender-application-control.md)
    - [Deploy Windows Defender Application Control: policy rules and file rules](deploy-windows-defender-application-control-policy-rules-and-file-rules.md)
    - [Deploy Windows Defender Application Control: steps](steps-to-deploy-windows-defender-application-control.md)
    - [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md)
 - [Enable virtualization-based protection of code integrity](deploy-device-guard-enable-virtualization-based-security.md)
 ## Related topics
--- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@ -811,7 +811,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
    > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
-3.  Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the WDAC policy to a binary format:
+3.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format:
    ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`
@ -955,11 +955,11 @@ To merge two WDAC policies, complete the following steps in an elevated Windows
  > [!Note] 
  > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly.
-2.  Use [Merge-CIPolicy](https://technet.microsoft.com/library/mt634485.aspx) to merge two policies and create a new WDAC policy:
+2.  Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy?view=win10-ps) to merge two policies and create a new WDAC policy:
    ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy`
-3.  Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the merged WDAC policy to binary format:
+3.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format:
    ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin `
@ -987,7 +987,7 @@ Every WDAC policy is created with audit mode enabled. After you have successfull
 2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options.
-    To ensure that these options are enabled in a policy, use [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) as shown in the following commands. You can run these commands even if you're not sure whether options 9 and 10 are already enabled—if so, the commands have no effect.
+    To ensure that these options are enabled in a policy, use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) as shown in the following commands. You can run these commands even if you're not sure whether options 9 and 10 are already enabled—if so, the commands have no effect.
    ` Set-RuleOption -FilePath $InitialCIPolicy -Option 9`
@ -997,14 +997,14 @@ Every WDAC policy is created with audit mode enabled. After you have successfull
    ` copy $InitialCIPolicy $EnforcedCIPolicy`
-4.  Use [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) to delete the audit mode rule option:
+4.  Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to delete the audit mode rule option:
    ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete`
  > [!Note] 
  > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy.
-5.  Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the new WDAC policy to binary format:
+5.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format:
    ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin`
@ -1052,7 +1052,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code
    ` cd $env:USERPROFILE\Desktop `
-5.  Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add an update signer certificate to the WDAC policy:
+5.  Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule?view=win10-ps) to add an update signer certificate to the WDAC policy:
    ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update`
@ -1060,11 +1060,11 @@ If you do not have a code signing certificate, see the [Optional: Create a code
   > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
    Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see the [Disable signed Windows Defender Application Control policies within Windows](#disable-signed-windows-defender-application-control-policies-within-windows) section.
-6.  Use [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) to remove the unsigned policy rule option:
+6.  Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to remove the unsigned policy rule option:
    ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete`
-7.  Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the policy to binary format:
+7.  Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the policy to binary format:
    ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin`