From 7e6cb0a4b5cbb7ae9e442f768582571e76076886 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 7 Sep 2021 16:04:12 -0700
Subject: [PATCH 1/6] Corrected GUID and KEY info in this doc

I also edited for grammar and format.
---
 ...ows-defender-application-control-policy.md | 42 +++++++++----------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 107430388b..179456bab6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -35,7 +35,7 @@ The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-
 
 ### COM object configurability in WDAC policy
 
-Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allowlist for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
+Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
 
 **NOTE**: To add this functionality to other versions of Windows 10, you can install the following or later updates:
 
@@ -48,19 +48,19 @@ Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC)
 ### Get COM object GUID
 
 Get GUID of application to allow in one of the following ways:
-- Finding block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) and extracting GUID
-- Creating audit policy (using New-CIPolicy –Audit), potentially with specific provider, and use info from block events to get GUID
+- Finding a block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script), and extracting GUID
+- Creating an audit policy (using New-CIPolicy –Audit), potentially with a specific provider, and use the info from the block events to get the GUID
 
 ### Author policy setting to allow or deny COM object GUID
 
 Three elements:
 - Provider: platform on which code is running (values are  Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
-- Key: GUID for the program you with to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
+- Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
 - ValueName: needs to be set to "EnterpriseDefinedClsId"
 
 One attribute:
-- Value: needs to be “true” for allow and “false” for deny
-  - Note that deny only works in base policies, not supplemental
+- Value: needs to be “true” for allow and “false” for deny<br/>
+  **Note**: Deny only works in base policies, not supplemental policies
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
 
 ### Examples
@@ -98,17 +98,17 @@ Example 3: Allows a specific COM object to register in PowerShell
 
 Given the following example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
 
-Log Name:      Microsoft-Windows-AppLocker/MSI and Script
-Source:        Microsoft-Windows-AppLocker
-Date:          11/11/2020 1:18:11 PM
-Event ID:      8036
-Task Category: None
-Level:         Error
-Keywords:
-User:          S-1-5-21-3340858017-3068726007-3466559902-3647
-Computer:      contoso.com
-Description:
-{f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.
+Log Name: Microsoft-Windows-AppLocker/MSI and Script<br/>
+Source: Microsoft-Windows-AppLocker<br/>
+Date: 11/11/2020 1:18:11 PM<br/>
+Event ID: 8036<br/>
+Task Category: None<br/>
+Level: Error<br/>
+
+Keywords<br/>
+User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
+Computer: contoso.com<br/>
+Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>
 
 Event XML:
 
@@ -122,7 +122,7 @@ Event XML:
     <Task>0</Task>
     <Opcode>0</Opcode>
     <Keywords>0x4000000000000000</Keywords>
-    <TimeCreated SystemTime="2020-11-11T19:18:11.4029179Z" />
+    <TimeCreated SystemTime="2020-11-11T13:18:11.4029179Z" />
     <EventRecordID>819347</EventRecordID>
     <Correlation ActivityID="{61e3e871-adb0-0047-c9cc-e761b0add601}" />
     <Execution ProcessID="21060" ThreadID="23324" />
@@ -132,7 +132,7 @@ Event XML:
   </System>
   <EventData>
     <Data Name="IsApproved">false</Data>
-    <Data Name="CLSID">{f8d253d9-89a4-4daa-87b6-1168369f0b21}</Data>
+    <Data Name="CLSID">"{f8d253d9-89a4-4daa-87b6-1168369f0b21}"</Data>
   </EventData>
 </Event>
 ```
@@ -143,14 +143,14 @@ To add this CLSID to the existing policy, use the following steps:
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
 
 ```PowerShell
-PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key 8856f961-340a-11d0-a96b-00c04fd705a2 -Provider WSH -Value True -ValueName EnterpriseDefinedClsId -ValueType Boolean
+PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
 ```
 
 Once the command has been run, you will find that the following section is added to the policy XML.
 
 ```XML
   <Settings>
-    <Setting Provider="WSH" Key="8856f961-340a-11d0-a96b-00c04fd705a2" ValueName="EnterpriseDefinedClsId">
+    <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
       <Value>
         <Boolean>true</Boolean>
       </Value>

From da995f12cb73b7b2643d96af830e68cd7197be3c Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Tue, 7 Sep 2021 16:28:11 -0700
Subject: [PATCH 2/6] Added colon after Keyword and removed the extra line.

---
 ...istration-in-windows-defender-application-control-policy.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 179456bab6..7515385cee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -104,8 +104,7 @@ Date: 11/11/2020 1:18:11 PM<br/>
 Event ID: 8036<br/>
 Task Category: None<br/>
 Level: Error<br/>
-
-Keywords<br/>
+Keywords:<br/>
 User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
 Computer: contoso.com<br/>
 Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>

From dcd94f585a0d2b32e728b452e39e87c81e7a37f9 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Wed, 8 Sep 2021 14:41:45 -0700
Subject: [PATCH 3/6] Removed quotes around the GUID where they weren't needed

---
 ...stration-in-windows-defender-application-control-policy.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 7515385cee..88be69c40f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -107,7 +107,7 @@ Level: Error<br/>
 Keywords:<br/>
 User: S-1-5-21-3340858017-3068726007-3466559902-3647<br/>
 Computer: contoso.com<br/>
-Description: "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" was prevented from running due to Config CI policy.<br/>
+Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.<br/>
 
 Event XML:
 
@@ -131,7 +131,7 @@ Event XML:
   </System>
   <EventData>
     <Data Name="IsApproved">false</Data>
-    <Data Name="CLSID">"{f8d253d9-89a4-4daa-87b6-1168369f0b21}"</Data>
+    <Data Name="CLSID">{f8d253d9-89a4-4daa-87b6-1168369f0b21}</Data>
   </EventData>
 </Event>
 ```

From 8533f02468a373563699cb8c24e58f1e91fa8ba5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 23 Sep 2021 11:32:56 -0700
Subject: [PATCH 4/6] Update
 allow-com-object-registration-in-windows-defender-application-control-policy.md

---
 ...ows-defender-application-control-policy.md | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 88be69c40f..077345760e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -23,16 +23,16 @@ ms.technology: mde
 
 -   Windows 10
 -   Windows 11
--   Windows Server 2016 and above
+-   Windows Server 2016 and later
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
-
->[!IMPORTANT]
->Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](feature-availability.md).
 
 The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
 
+> [!IMPORTANT]
+> Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 ### COM object configurability in WDAC policy
 
 Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
@@ -54,11 +54,13 @@ Get GUID of application to allow in one of the following ways:
 ### Author policy setting to allow or deny COM object GUID
 
 Three elements:
+
 - Provider: platform on which code is running (values are  Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
 - Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
 - ValueName: needs to be set to "EnterpriseDefinedClsId"
 
 One attribute:
+
 - Value: needs to be “true” for allow and “false” for deny<br/>
   **Note**: Deny only works in base policies, not supplemental policies
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
@@ -96,7 +98,7 @@ Example 3: Allows a specific COM object to register in PowerShell
 ```
 ### How to configure settings for the CLSIDs
 
-Given the following example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
+Here's an example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
 
 Log Name: Microsoft-Windows-AppLocker/MSI and Script<br/>
 Source: Microsoft-Windows-AppLocker<br/>
@@ -136,7 +138,7 @@ Event XML:
 </Event>
 ```
 
-To add this CLSID to the existing policy, use the following steps:
+To add this CLSID to the existing policy, follow these steps:
 
 1. Open PowerShell ISE with Administrative privileges.
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
@@ -154,4 +156,4 @@ Once the command has been run, you will find that the following section is added
         <Boolean>true</Boolean>
       </Value>
     </Setting>
-```
\ No newline at end of file
+```

From 8a02668349e7053a64783e27a2cb67820a5d0fb2 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 23 Sep 2021 13:48:19 -0700
Subject: [PATCH 5/6] Corrected note styles

---
 ...n-in-windows-defender-application-control-policy.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 077345760e..30cf6e4905 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -37,7 +37,8 @@ The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-
 
 Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
 
-**NOTE**: To add this functionality to other versions of Windows 10, you can install the following or later updates:
+> [!NOTE]
+> To add this functionality to other versions of Windows 10, you can install the following or later updates.
 
 - Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592) (https://support.microsoft.com/help/4501371/windows-10-update-kb4501371)
 - Windows 10, 1803 June 18, 2019—KB4503288 (OS Build 17134.858) (https://support.microsoft.com/help/4503288/windows-10-update-kb4503288)
@@ -61,8 +62,11 @@ Three elements:
 
 One attribute:
 
-- Value: needs to be “true” for allow and “false” for deny<br/>
-  **Note**: Deny only works in base policies, not supplemental policies
+- Value: needs to be “true” for allow and “false” for deny
+
+  > [!NOTE]
+  > Deny only works in base policies, not supplemental policies
+
 - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
 
 ### Examples

From ec904ce7a97c76a12e67c2c26f6bd0e1764ee469 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Thu, 23 Sep 2021 13:50:23 -0700
Subject: [PATCH 6/6] Indented content in a list item

---
 ...ows-defender-application-control-policy.md | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index 30cf6e4905..5d98c29cbb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -145,19 +145,20 @@ Event XML:
 To add this CLSID to the existing policy, follow these steps:
 
 1. Open PowerShell ISE with Administrative privileges.
+
 2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
 
-```PowerShell
-PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
-```
-
-Once the command has been run, you will find that the following section is added to the policy XML.
-
-```XML
-  <Settings>
-    <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
-      <Value>
-        <Boolean>true</Boolean>
-      </Value>
-    </Setting>
-```
+    ```PowerShell
+    PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
+    ```
+    
+    Once the command has been run, you will find that the following section is added to the policy XML.
+    
+    ```XML
+      <Settings>
+        <Setting Provider="WSH" Key="{f8d253d9-89a4-4daa-87b6-1168369f0b21}" ValueName="EnterpriseDefinedClsId">
+          <Value>
+            <Boolean>true</Boolean>
+          </Value>
+        </Setting>
+    ```