Edited select-type and event-id documents.

- select-type-of-rules-to-create: added option 20 to table 1.
- event-id-explanations:  Added a new System Integrity Policy Options table for event ID 3099.

windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md

@@ -86,6 +86,35 @@ To enable 3090 allow events, and 3091 and 3092 events, you must instead create a
 reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
 ```
 
+## System Integrity Policy Options
+Below are the policy options in event 3099.
+
+| Bit Address | Policy Rule Option |
+|-------|------|
+| 2 | Enabled:UMCI |
+| 3 | Enabled:Boot Menu Protection |
+| 4 | Enabled:Intelligent Security Graph Authorization |
+| 5 | Enabled:Invalidate EAs on Reboot |
+| 7 |Required:WHQL |
+| 8 | Enabled:Developer Dynamic Code Security |
+| 9 | Enabled: No Revalidation Upon Refresh |
+| 10 | Enabled:Allow Supplemental Policies |
+| 11 | Disabled:Runtime FilePath Rule Protection |
+| 13 | Enabled: Revoked Expired As Unsigned |
+| 16 |Enabled:Audit Mode (Default) |
+| 17 | Disabled:Flight Signing |
+| 18 | Enabled:Inherit Default Policy |
+| 19 | Enabled:Unsigned System Integrity Policy (Default) |
+| 20 | Enabled:Dynamic Code Security |
+| 21 | Required:EV Signers |
+| 22 | Enabled:Boot Audit on Failure |
+| 23 | Enabled:Advanced Boot Options Menu |
+| 24 | Disabled:Script Enforcement |
+| 25 | Required:Enforce Store Applications |
+| 26 | Enabled: Host Policy Enforcement |
+| 27 |Enabled:Managed Installer  |
+| 28 |Enabled:Update Policy No Reboot |
+
 ## Appendix
 A list of other relevant event IDs and their corresponding description.
 

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -70,6 +70,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above. | No |
 | **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. NOTE: This option is only supported on Windows 10, version 1903, and above. | Yes |
 | **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | No |
+| **20 Enabled:Revoked Expired As Unsigned** | Use this option to treat binaries signed with an expired and/or revoked certificates as "Unsigned binaries" for user mode process/components under enterprise signing scenarios. | No |
 
 ## Windows Defender Application Control file rule levels