diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 9f11974826..d71256b0f2 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -342,8 +342,6 @@
 ###### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md)
 ###### [Document the Group Policy structure and AppLocker rule enforcement](windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md)
 ##### [Plan for AppLocker policy management](windows-defender-application-control/applocker/plan-for-applocker-policy-management.md)
-###### [Document your application control management processes](windows-defender-application-control/applocker/document-your-application-control-management-processes.md)
-##### [Create your AppLocker planning document](windows-defender-application-control/applocker/create-your-applocker-planning-document.md)
 #### [AppLocker deployment guide](windows-defender-application-control/applocker/applocker-policies-deployment-guide.md)
 ##### [Understand the AppLocker policy deployment process](windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md)
 ##### [Requirements for Deploying AppLocker Policies](windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md
index b93f453c1b..a7e31e66f8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md
@@ -84,8 +84,6 @@
 ##### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md)
 ##### [Document the Group Policy structure and AppLocker rule enforcement](applocker\document-group-policy-structure-and-applocker-rule-enforcement.md)
 #### [Plan for AppLocker policy management](applocker\plan-for-applocker-policy-management.md)
-##### [Document your application control management processes](applocker\document-your-application-control-management-processes.md)
-#### [Create your AppLocker planning document](applocker\create-your-applocker-planning-document.md)
 ### [AppLocker deployment guide](applocker\applocker-policies-deployment-guide.md)
 #### [Understand the AppLocker policy deployment process](applocker\understand-the-applocker-policy-deployment-process.md)
 #### [Requirements for Deploying AppLocker Policies](applocker\requirements-for-deploying-applocker-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index 0687ca1fc2..ec754cf12c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -37,7 +37,6 @@ The following are prerequisites or recommendations to deploying policies:
     -   [Select types of rules to create](select-types-of-rules-to-create.md)
     -   [Determine Group Policy Structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
     -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
-    -   [Create your AppLocker planning document](create-your-applocker-planning-document.md)
 
 ## Contents of this guide
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index b83c242b59..26b4d23de4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -33,7 +33,7 @@ To understand if AppLocker is the correct application control solution for your
 | [Select the types of rules to create](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using AppLocker. |
 | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview topic describes the process to follow when you are planning to deploy AppLocker rules. |
 | [Plan for AppLocker policy management](plan-for-applocker-policy-management.md) | This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. |
-| [Create your AppLocker planning document](create-your-applocker-planning-document.md) | This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document. | 
+
  
 After careful design and detailed planning, the next step is to deploy AppLocker policies. [AppLocker Deployment Guide](applocker-policies-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.
  
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
index 1153bc66a2..51965b4116 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -31,7 +31,7 @@ You can develop an application control policy plan to guide you in making succes
 5.  [Select the types of rules to create](select-types-of-rules-to-create.md)
 6.  [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 7.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
-8.  [Create your AppLocker planning document](create-your-applocker-planning-document.md)
+
 
 ## Step 2: Create your rules and rule collections
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 3843a798c0..b14ec68862 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -124,6 +124,6 @@ The following table includes the sample data that was collected when you determi
 
 After you have determined the Group Policy structure and rule enforcement strategy for each business group's apps, the following tasks remain:
 -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
--   [Create your AppLocker planning document](create-your-applocker-planning-document.md)
+
  
  
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
index ffaaf96936..da3b193ffe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -118,4 +118,3 @@ For each rule, determine whether to use the allow or deny option. Then, three ta
 
 -   [Determine Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
--   [Create your AppLocker planning document](create-your-applocker-planning-document.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index 23c4b6e8af..08cd3572ad 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -22,7 +22,7 @@ Once you set rules and deploy the AppLocker policies, it is good practice to det
 
 ### <a href="" id="bkmk-applkr-disc-effect-pol"></a>Discover the effect of an AppLocker policy
 
-You can evaluate how the AppLocker policy is currently implemented for documentation or audit purposes, or before you modify the policy. Updating your AppLocker Policy Deployment Planning document will help you track your findings. For information about creating this document, see [Create your AppLocker planning document](create-your-applocker-planning-document.md). You can perform one or more of the following steps to understand what application controls are currently enforced through AppLocker rules.
+You can evaluate how the AppLocker policy is currently implemented for documentation or audit purposes, or before you modify the policy. Updating your AppLocker Policy Deployment Planning document will help you track your findings. You can perform one or more of the following steps to understand what application controls are currently enforced through AppLocker rules.
 
 -   **Analyze the AppLocker logs in Event Viewer**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 677618dab7..0148e43cae 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -135,4 +135,4 @@ Because the effectiveness of application control policies is dependent on the ab
  
 ## Record your findings
 
-The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. This process culminates in [creating your planning document](create-your-windows-defender-application-control-planning-document.md).
\ No newline at end of file
+The next step in the process is to record and analyze your answers to the preceding questions. If WDAC is the right solution for your goals, you can set your application control policy objectives and plan your WDAC rules. 
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 1368e5124b..9b1e56f6ea 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -62,7 +62,7 @@ Set the following registry keys to enable HVCI. This provides exactly the same s
 <!--This comment ensures that the Important above and the Warning below don't merge together. -->
 
 > [!IMPORTANT]
-> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.<br>For information about how VBS uses the hypervisor to strengthen protections provided by WDAC, see [How Windows Defender Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md#how-windows-defender-device-guard-features-help-protect-against-threats).<br>
+> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.<br>
 > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers.
 
 #### For Windows 1607 and above
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/images/dg-fig11-dgproperties.png b/windows/security/threat-protection/windows-defender-exploit-guard/images/dg-fig11-dgproperties.png
new file mode 100644
index 0000000000..3c93b2b948
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-exploit-guard/images/dg-fig11-dgproperties.png differ