Merge branch 'public' into patch-17

devices/surface/documentation/surface-system-sku-reference.md

@@ -26,6 +26,7 @@ System SKU is a variable (along with System Model and others) stored in System M
 | Surface Book 2 15inch                                        | Surface Book 2   | Surface_Book_1793                |
 | Surface Go Consumer                                          | Surface Go       | Surface_Go_1824_Consumer         |
 | Surface Go Commercial                                        | Surface Go       | Surface_Go_1824_Commercial       |
+| Surface Go 2                                                 | Surface Go 2     | Surface_Go_2_1927                |
 | Surface Pro 6 Consumer                                       | Surface Pro 6    | Surface_Pro_6_1796_Consumer      |
 | Surface Pro 6 Commercial                                     | Surface Pro 6    | Surface_Pro_6_1796_Commercial    |
 | Surface Laptop 2 Consumer                                    | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer   |

windows/client-management/troubleshoot-inaccessible-boot-device.md

@@ -110,10 +110,10 @@ To verify the BCD entries:
    >[!NOTE]
    >This output may not contain a path.
 
-2. In the **Windows Boot Loader**  that has the **{default}** identifier, make sure that **device** , **path** , **osdevice,**  and **systemroot**  point to the correct device or partition, winload file, OS partition or device, and OS folder.
+2. In the **Windows Boot Loader**  that has the **{default}** identifier, make sure that **device**, **path**, **osdevice**, and **systemroot**  point to the correct device or partition, winload file, OS partition or device, and OS folder.
  
    > [!NOTE]
-   > If the computer is UEFI-based, the **bootmgr** and **winload** entries under **{default}** will contain an **.efi** extension.
+   > If the computer is UEFI-based, the filepath value specified in the **path** parameter of **{bootmgr}** and **{default}** will contain an **.efi** extension.
 
    ![bcdedit](images/screenshot1.png)
 

windows/deployment/windows-autopilot/autopilot-faq.md

@@ -144,6 +144,7 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
 | What are some common causes of registration failures? |1.  Bad or missing hardware hash entries can lead to faulty registration attempts <br>2.    Hidden special characters in CSV files.  <br><br>To avoid this issue, after creating your CSV file, open it in Notepad to look for hidden characters or trailing spaces or other corruptions.|
 |  Is Autopilot supported on IoT devices? |  Autopilot is not supported on IoT Core devices, and there are currently no plans to add this support. Autopilot is supported on Windows 10 IoT Enterprise SAC devices. Autopilot is supported on Windows 10 Enterprise LTSC 2019 and above; it is not supported on earlier versions of LTSC.|
 |  Is Autopilot supported in all regions/countries? |  Autopilot only supports customers using global Azure. Global Azure does not include the three entities listed below:<br>- Azure Germany <br>- Azure China 21Vianet<br>- Azure Government<br>So, if a customer is set up in global Azure, there are no region restrictions. For example, if Contoso uses global Azure but has employees working in China, the Contoso employees working in China would be able to use Autopilot to deploy devices. If Contoso uses Azure China 21Vianet, the Contoso employees would not be able to use Autopilot.|
+| I need to register a device that's been previously registered to another organisation. | Partners registering devices through partner center can also deregister the device if it's moving between different customer tenants. If this isn't possible, as a last resort you can raise a ticket through the Intune "Help and Support" node and our support teams will assist you. |
 
 ## Glossary
 

windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md

@@ -75,8 +75,9 @@ Sign-in the federation server with domain administrator equivalent credentials.
 6. On the **Request Certificates** page, Select the **Internal Web Server** check box.
 7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link   
     ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link](images/hello-internal-web-server-cert.png)
-8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**.  Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role.  Click **Add**. Click **OK** when finished.
-9. Click **Enroll**.
+8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**.  
+9. Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role.  Click **Add**. Repeat the same to add device registration service name (*enterpriseregistration.contoso.com*) as another alternative name. Click **OK** when finished.
+10. Click **Enroll**.
 
 A server authentication certificate should appear in the computer’s Personal certificate store.
 

windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md

@@ -150,7 +150,7 @@ Domain controllers automatically request a certificate from the domain controlle
 7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**.
 8. In the details pane, right-click **Certificate Services Client – Auto-Enrollment** and select **Properties**.
 9. Select **Enabled** from the **Configuration Model** list.
-10. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
+10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box.
 11. Select the **Update certificates that use certificate templates** check box.
 12. Click **OK**. Close the **Group Policy Management Editor**.
 

windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md

@@ -1882,7 +1882,7 @@ This policy controls how BitLocker-enabled system volumes are handled in conjunc
 Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
 When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the **Use enhanced Boot Configuration Data validation profile** Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
 
->**Warning:**  Enabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
+>**Warning:**  Disabling this policy might result in BitLocker recovery when manufacturer-specific firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
 
 ### <a href="" id="bkmk-depopt1"></a>Provide the unique identifiers for your organization
 

windows/security/threat-protection/device-control/control-usb-devices-using-intune.md

@@ -111,7 +111,7 @@ For example:
 If you want to prevent the installation of a device class or certain devices, you can use the prevent device installation policies:
 
 1. Enable **Prevent installation of devices that match any of these device IDs**.
-2. Enable **Prevent installation of devices that match these device setup classes**.
+2. Enable **Prevent installation of devices using drivers that match these device setup classes**.
 
 > [!Note]
 > The prevent device installation policies take precedence over the allow device installation policies.
@@ -145,6 +145,14 @@ Get-WMIObject -Class Win32_DiskDrive |
 Select-Object -Property * 
 ```
 
+The **Prevent installation of devices using drivers that match these device setup classes** policy allows you to specify device setup classes that Windows is prevented from installing. 
+
+To prevent installation of particular classes of devices: 
+
+1. Find the GUID of the device setup class from [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors).
+2. Enable **Prevent installation of devices using drivers that match these device setup classes** and add the class GUID to the list.
+![Add device setup class to prevent list](images/Add-device-setup-class-to-prevent-list.png)
+
 ### Block installation and usage of removable storage
 
 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md

@@ -23,7 +23,7 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
-Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats.
+Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can proactively inspect events in your network to locate interesting indicators and entities. The flexible access to data facilitates unconstrained hunting for both known and potential threats.
 
 You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured machines.
 

windows/security/threat-protection/microsoft-defender-atp/get-alerts.md

@@ -26,7 +26,7 @@ ms.topic: article
 ## API description
 Retrieves a collection of Alerts.
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
-<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```incidentId```, ```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
+<br>The OData's ```$filter``` query is supported on: ```alertCreationTime```, ```lastUpdateTime```, ```incidentId```,```InvestigationId```, ```status```, ```severity``` and ```category``` properties.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
 
 

windows/security/threat-protection/security-policy-settings/minimum-password-length.md

@@ -26,11 +26,11 @@ Describes the best practices, location, values, policy management, and security
 
 ## Reference
 
-The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0.
+The **Minimum password length** policy setting determines the least number of characters that can make up a password for a user account. You can set a value of between 1 and 20 characters, or you can establish that no password is required by setting the number of characters to 0.
 
 ### Possible values
 
--   User-specified number of characters between 0 and 14
+- User-specified number of characters between 0 and 20
 - Not defined
 
 ### Best practices
@@ -80,7 +80,8 @@ Configure the **** policy setting to a value of 8 or more. If the number of char
 
 In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack.
 
->**Note:**  Some jurisdictions have established legal requirements for password length as part of establishing security regulations.
+> [!NOTE]
+> Some jurisdictions have established legal requirements for password length as part of establishing security regulations.
 
 ### Potential impact
 

windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

@@ -1,6 +1,6 @@
 ---
-title: Configure the Group Policy settings for Windows Defender Application Guard (Windows 10)
-description: Learn about the available Group Policy settings for Windows Defender Application Guard.
+title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10)
+description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,12 +14,12 @@ manager: dansimp
 ms.custom: asr
 ---
 
-# Configure Windows Defender Application Guard policy settings
+# Configure Microsoft Defender Application Guard policy settings
 
 **Applies to:** 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
+Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
 
 Application Guard uses both network isolation and application-specific settings.
 
@@ -36,7 +36,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
 |-----------|------------------|-----------|
 |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
 |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
-|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Proxies should be added to this list. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
 
 ## Network isolation settings wildcards
 

windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md

@@ -1,6 +1,6 @@
 ---
-title: FAQ - Windows Defender Application Guard (Windows 10)
-description: Learn about the commonly asked questions and answers for Windows Defender Application Guard.
+title: FAQ - Microsoft Defender Application Guard (Windows 10)
+description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -8,17 +8,17 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 12/04/2019
+ms.date: 06/02/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
 ---
 
-# Frequently asked questions - Windows Defender Application Guard 
+# Frequently asked questions - Microsoft Defender Application Guard 
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
+Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.
 
 ## Frequently Asked Questions
 
@@ -83,7 +83,7 @@ To trust a subdomain, you must precede your domain with two dots, for example: `
 
 ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? 
 
-When using Windows Pro or Windows Enterprise, you will have access to using Application Guard's Standalone Mode. However, when using Enterprise you will have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). 
+When using Windows Pro or Windows Enterprise, you have access to using Application Guard's Standalone Mode. However, when using Windows Enterprise, you have access to Application Guard's Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard). 
 
 ### Is there a size limit to the domain lists that I need to configure?
 
@@ -91,6 +91,7 @@ Yes, both the Enterprise Resource domains hosted in the cloud and the Domains ca
 
 ### Why does my encryption driver break Windows Defender Application Guard?
 
+
 Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT"). 
 
 ### Why do the Network Isolation policies in Group Policy and CSP look different?
@@ -101,3 +102,9 @@ Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudRes
 Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
 For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
 
+Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+
+### Why did Application Guard stop working after I turned off hyperthreading?
+
+If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. 
+

windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md

@@ -1,6 +1,6 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge (Windows 10)
-description: Learn about the Windows Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise.
+description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed) and how to install Application Guard in your enterprise.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,19 +14,19 @@ manager: dansimp
 ms.custom: asr
 ---
 
-# Prepare to install Windows Defender Application Guard
+# Prepare to install Microsoft Defender Application Guard
 
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 ## Review system requirements
  
-See [System requirements for Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard.
+See [System requirements for Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard) to review the hardware and software installation requirements for Windows Defender Application Guard.
 >[!NOTE]
->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
+>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
 
-## Prepare for Windows Defender Application Guard 
-Before you can install and use Windows Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
+## Prepare for Microsoft Defender Application Guard 
+Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
 
 ### Standalone mode
 

windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md

@@ -1,6 +1,6 @@
 ---
-title: System requirements for Windows Defender Application Guard (Windows 10)
-description: Learn about the system requirements for installing and running Windows Defender Application Guard.
+title: System requirements for Microsoft Defender Application Guard (Windows 10)
+description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,17 +14,17 @@ manager: dansimp
 ms.custom: asr
 ---
 
-# System requirements for Windows Defender Application Guard
+# System requirements for Microsoft Defender Application Guard
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
+The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
 >[!NOTE]
->Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
+>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
 
 ## Hardware requirements
-Your environment needs the following hardware to run Windows Defender Application Guard.
+Your environment needs the following hardware to run Microsoft Defender Application Guard.
 
 |Hardware|Description|
 |--------|-----------|

windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md

@@ -1,6 +1,6 @@
 ---
-title: Testing scenarios with Windows Defender Application Guard (Windows 10)
-description: Suggested testing scenarios for Windows Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
+title: Testing scenarios with Microsoft Defender Application Guard (Windows 10)
+description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library

windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md

@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Application Guard (Windows 10)
-description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
+title: Microsoft Defender Application Guard (Windows 10)
+description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,11 +14,11 @@ manager: dansimp
 ms.custom: asr
 ---
 
-# Windows Defender Application Guard overview
+# Microsoft Defender Application Guard overview
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. 
+Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. 
 
 ## What is Application Guard and how does it work?
 
@@ -44,8 +44,8 @@ Application Guard has been created to target several types of systems:
 
 |Article |Description |
 |------|------------|
-|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.|
-|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
-|[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
-|[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.|
-|[Frequently asked questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
+|[System requirements for Microsoft Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.|
+|[Prepare and install Microsoft Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
+|[Configure the Group Policy settings for Microsoft Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
+|[Testing scenarios using Microsoft Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.|
+|[Frequently asked questions - Microsoft Defender Application Guard](faq-wd-app-guard.md)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|