From 52a05f027d0741116c7275b3aebe94f4e5063c7c Mon Sep 17 00:00:00 2001 From: anaharris-ms <61602255+anaharris-ms@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:08:25 -0400 Subject: [PATCH 001/319] edit --- ...man-protocol-over-ikev2-vpn-connections.md | 58 ++++++++++++++++--- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 834f56a321..809b88492a 100644 --- a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,19 +1,25 @@ --- -title: How to configure Diffie Hellman protocol over IKEv2 VPN connections -description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. -ms.date: 09/23/2021 +title: How to configure cryptographic settings for IKEv2 VPN connections +description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections. +ms.date: 06/28/2023 ms.topic: how-to --- -# How to configure Diffie Hellman protocol over IKEv2 VPN connections +# How to configure cryptographic settings for IKEv2 VPN connections -In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. +In IKEv2 VPN connections, the default setting for IKEv2 cryptographic settings are: + +- Encryption Algorithm : DES3 +- Integrity, Hash Algorithm : SHA1 +- Diffie Hellman Group (Key Size): DH2 + +These settings aren't secure for IKE exchanges. To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets. ## VPN server -For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. +For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. These settings are effective for all IKEv2 VPN connections. ```powershell Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy @@ -30,7 +36,43 @@ Set-VpnServerIPsecConfiguration -CustomPolicy For VPN client, you need to configure each VPN connection. For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection: - ```powershell Set-VpnConnectionIPsecConfiguration -ConnectionName -``` \ No newline at end of file +``` + +## IKEv2 Crypto Settings Example + +The following commands configure the IKEv2 cryptographic settings to: + +- Encryption Algorithm : AES128 +- Integrity, Hash Algorithm : SHA256 +- Diffie Hellman Group (Key Size): DH14 + +### IKEv2 VPN Server + +```powershell +Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -SALifeTimeSeconds 28800 -MMSALifeTimeSeconds 86400 -SADataSizeForRenegotiationKilobytes 1024000 +restart-service RemoteAccess -PassThru +``` + +If you need to switch back to the default IKEv2 settings, use this command: + +```powershell +Set-VpnServerConfiguration -TunnelType IKEv2 -RevertToDefault +restart-service RemoteAccess -PassThru +``` + +### IKEv2 VPN Client + +```powershell +Set-VpnConnectionIPsecConfiguration -ConnectionName -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -Force +``` + +If you need to switch back to the default IKEv2 settings, use this command: + +```powershell +Set-VpnConnectionIPsecConfiguration -ConnectionName -RevertToDefault -Force +``` + +> [!TIP] +> If you're configuring a all-user VPN connection or a Device Tunnel you must use the `-AllUserConnection` parameter in the `Set-VpnConnectionIPsecConfiguration` command. \ No newline at end of file From 64edab790ff4fd06c4e62fdc36c45b3d1dfc5632 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Thu, 29 Jun 2023 15:54:58 -0500 Subject: [PATCH 002/319] Learn Editor: Update windows-upgrade-and-migration-considerations.md --- .../upgrade/windows-upgrade-and-migration-considerations.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index 9d45ea81e3..6df13ed120 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -34,6 +34,8 @@ With Windows Easy Transfer, files and settings can be transferred using a networ ### Migrate with the User State Migration Tool You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded. +Note USMT supports devices that are joined to an Active Directory domain. USMT does not support hybrid or AAD joined devices. + ## Upgrade and migration considerations Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations: From cc446b5b38ac490e0a81b85e38386d473f41b9bf Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Thu, 6 Jul 2023 16:19:04 -0700 Subject: [PATCH 004/319] Update media-dynamic-update.md Win11 changes due to LOF ISO changes; improve section on how to acquire DU packages. --- .../deployment/update/media-dynamic-update.md | 65 ++++++++++++------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index c1312b6132..7ec718568b 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -8,7 +8,7 @@ ms.author: mstewart manager: aaroncz ms.topic: article ms.technology: itpro-updates -ms.date: 05/09/2023 +ms.date: 07/06/2023 ms.reviewer: stevedia --- @@ -39,18 +39,37 @@ Devices must be able to connect to the internet to obtain Dynamic Updates. In so ## Acquire Dynamic Update packages -You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. For example, you could enter *1809 Dynamic Update x64*, which would return results like this: +You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. The following tables shows the key values to search for or look for in the results. -![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles.](images/update-catalog.png) +### Windows 11, version 22H2 Dynamic Update packages +| Update packages |Title | +|-----------------------------------|---------------------------------------------------------------| +|Safe OS Dynamic Update | YYYY-MM Safe OS Dynamic Update for Windows 11 Version 22H2 | +|Setup Dynamic Update | YYYY-MM Setup Dynamic Update for Windows 11 Version 22H2 | +|Latest cumulative update | YYYY-MM Cumulative Update for Windows 11 Version 22H2 | +|Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 11 Version 22H2 | -The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results. +**Note:** Titles can distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. -|To find this Dynamic Update packages, search for or check the results here |Title |Product |Description (select the **Title** link to see **Details**) | -|---------|---------|---------|---------| -|Safe OS Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update, Windows **Safe OS Dynamic Update** | ComponentUpdate: | -|Setup Dynamic Update | 2019-08 Dynamic Update... | Windows 10 Dynamic Update | **SetupUpdate** | -|Latest cumulative update | 2019-08 **Cumulative Update for Windows 10** | Windows 10 | Install this update to resolve issues in Windows... | -|Servicing stack Dynamic Update | 2019-09 **Servicing Stack Update for Windows 10** | Windows 10... | Install this update to resolve issues in Windows... | +### Windows 11, version 21H2 Dynamic Update packages +| Update packages |Title |Product |Description | +|-----------------------------------|---------------------------------------------------------------|-------------------------------------------------------------------------------|------------------| +|Safe OS Dynamic Update | YYYY-MM Dynamic Update for Windows 11 |Windows Safe OS Dynamic Update | ComponentUpdate | +|Setup Dynamic Update | YYYY-MM Dynamic Update for Windows 11 |Windows 10 and later Dynamic Update | SetupUpdate | +|Latest cumulative update | YYYY-MM Cumulative Update for Windows 11 | | | +|Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 11 Version 22H2 | | | + +**Note:** Titles, Product and Description are required to distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. + +### For Windows 10, version 22H2 Dynamic Update packages +| Update packages |Title |Product |Description | +|-----------------------------------|---------------------------------------------------------------|-------------------------------------------------------------------------------|------------------| +|Safe OS Dynamic Update | YYYY-MM Dynamic Update for Windows 10 Version 22H2 |Windows Safe OS Dynamic Update | ComponentUpdate | +|Setup Dynamic Update | YYYY-MM Dynamic Update for Windows 10 Version 22H2 |Windows 10 and later Dynamic Update | SetupUpdate | +|Latest cumulative update | YYYY-MM Cumulative Update for Windows 10 Version 22H2 | | | +|Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 10 Version 22H2 | | | + +**Note:** Titles, Product and Description are required to distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, since Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image. @@ -126,8 +145,10 @@ $LANG = "ja-jp" $LANG_FONT_CAPABILITY = "jpan" # Declare media for FOD and LPs +# Note: Starting with Windows 11, version 21H2, the language pack (LANGPACK) ISO has been superceded by the FOD ISO. +# Language packs and the \Windows Preinstallation Environment packages are par of the LOF ISO. +# If you are using this script for Windows 10, modify to mount and use the LANGPACK ISO. $FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" -$LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso" # Declare Dynamic Update packages $LCU_PATH = "C:\mediaRefresh\packages\LCU.msu" @@ -144,24 +165,23 @@ $MAIN_OS_MOUNT = "C:\mediaRefresh\temp\MainOSMount" $WINRE_MOUNT = "C:\mediaRefresh\temp\WinREMount" $WINPE_MOUNT = "C:\mediaRefresh\temp\WinPEMount" -# Mount the language pack ISO -Write-Output "$(Get-TS): Mounting LP ISO" -$LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter +# Mount the Features on Demand ISO +Write-Output "$(Get-TS): Mounting FOD ISO" +$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter + +# Note: Starting with Windows 11, version 21H2, the correct path for main OS language and optional features +# moved to \LanguagesAndOptionalFeatures instead of the root. For Windows 10, use $FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\" +$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\LanguagesAndOptionalFeatures" # Declare language related cabs -$WINPE_OC_PATH = "$LP_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs" +$WINPE_OC_PATH = "$FOD_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs" $WINPE_OC_LANG_PATH = "$WINPE_OC_PATH\$LANG" $WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -Name $WINPE_OC_LP_PATH = "$WINPE_OC_LANG_PATH\lp.cab" $WINPE_FONT_SUPPORT_PATH = "$WINPE_OC_PATH\WinPE-FontSupport-$LANG.cab" $WINPE_SPEECH_TTS_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS.cab" $WINPE_SPEECH_TTS_LANG_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS-$LANG.cab" -$OS_LP_PATH = "$LP_ISO_DRIVE_LETTER`:\x64\langpacks\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab" - -# Mount the Features on Demand ISO -Write-Output "$(Get-TS): Mounting FOD ISO" -$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter -$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\" +$OS_LP_PATH = "$FOD_PATH\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab" # Create folders for mounting images and storing temporary files New-Item -ItemType directory -Path $WORKING_PATH -ErrorAction Stop | Out-Null @@ -415,7 +435,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Perform image cleanup Write-Output "$(Get-TS): Performing image cleanup on WinPE" - DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null + DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null if ($IMAGE.ImageIndex -eq "2") { @@ -590,7 +610,6 @@ Remove-Item -Path $WORKING_PATH -Recurse -Force -ErrorAction stop | Out-Null # Dismount ISO images Write-Output "$(Get-TS): Dismounting ISO images" -Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Out-Null Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Out-Null Write-Output "$(Get-TS): Media refresh completed!" From 56e24c41f93f2871cbe00a53070a303c48f059e7 Mon Sep 17 00:00:00 2001 From: mattweberms <138896848+mattweberms@users.noreply.github.com> Date: Fri, 7 Jul 2023 10:12:19 -0600 Subject: [PATCH 005/319] Update provisioning-multivariant.md Add SocIdentifier information --- .../provisioning-packages/provisioning-multivariant.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index a22a2e2dc5..f6bda1fbba 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -66,6 +66,7 @@ The following table shows the conditions supported in Windows client provisionin | ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. | | AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. | | PowerPlatformRole | P1 | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role). | +| SocIdentifier | P1 | Supported | String | Use to target settings based on the Soc Identifier. Available since 25301 OS build version. | | Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. | | Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. | | Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). | From d540a3fd6bbd2909757876bc60c32963e0a9b9ac Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Fri, 7 Jul 2023 13:41:23 -0700 Subject: [PATCH 006/319] Update media-dynamic-update.md Spelling fixes. --- windows/deployment/update/media-dynamic-update.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 7ec718568b..1b195b6abf 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -145,7 +145,7 @@ $LANG = "ja-jp" $LANG_FONT_CAPABILITY = "jpan" # Declare media for FOD and LPs -# Note: Starting with Windows 11, version 21H2, the language pack (LANGPACK) ISO has been superceded by the FOD ISO. +# Note: Starting with Windows 11, version 21H2, the language pack (LANGPACK) ISO has been superseded by the FOD ISO. # Language packs and the \Windows Preinstallation Environment packages are par of the LOF ISO. # If you are using this script for Windows 10, modify to mount and use the LANGPACK ISO. $FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" @@ -219,7 +219,7 @@ Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MO # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and -# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined +# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the # combined cumulative update can be installed. @@ -342,7 +342,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and - # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined + # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the # combined cumulative update can be installed. @@ -374,7 +374,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { } # The second approach for Step 9 is for Windows releases that have not adopted the combined cumulative update - # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU + # but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU # update. This second approach is commented out below. # Write-Output "$(Get-TS): Adding package $SSU_PATH" @@ -478,7 +478,7 @@ You can install Optional Components, along with the .NET feature, offline, but t # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these -# cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully +# cases, the servicing stack update is not published separately; the combined cumulative update should be used for this step. However, in hopefully # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published, # and installed first before the combined cumulative update can be installed. From eef87f3a0c7b2c6e0a2e4a3c1e9e25473cfbe0ad Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Fri, 7 Jul 2023 17:03:31 -0700 Subject: [PATCH 007/319] Update mcc-isp-signup.md Adding emphasis to the free aspect of the service. --- windows/deployment/do/mcc-isp-signup.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 9ae3e9ed19..f0739c591c 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -29,6 +29,10 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). +> [!NOTE] +> Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incure any charges. +> Please be aware of any additional services that may be selected as part of the Azure sign up process. + 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. 1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. From 83ea9cfd612c5a869f8418e0eef15427cb5f2204 Mon Sep 17 00:00:00 2001 From: "Steve DiAcetis (MSFT)" <52939067+SteveDiAcetis@users.noreply.github.com> Date: Mon, 10 Jul 2023 09:46:11 -0700 Subject: [PATCH 008/319] Update media-dynamic-update.md --- windows/deployment/update/media-dynamic-update.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 1b195b6abf..f5be5e6648 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -42,6 +42,8 @@ Devices must be able to connect to the internet to obtain Dynamic Updates. In so You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. The following tables shows the key values to search for or look for in the results. ### Windows 11, version 22H2 Dynamic Update packages +**Title** can distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. + | Update packages |Title | |-----------------------------------|---------------------------------------------------------------| |Safe OS Dynamic Update | YYYY-MM Safe OS Dynamic Update for Windows 11 Version 22H2 | @@ -49,9 +51,10 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https |Latest cumulative update | YYYY-MM Cumulative Update for Windows 11 Version 22H2 | |Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 11 Version 22H2 | -**Note:** Titles can distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. ### Windows 11, version 21H2 Dynamic Update packages +**Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the Servicing Stack embedded. Servicing Stack published seperately only if required as a prerequisite for a given cumulative Update. + | Update packages |Title |Product |Description | |-----------------------------------|---------------------------------------------------------------|-------------------------------------------------------------------------------|------------------| |Safe OS Dynamic Update | YYYY-MM Dynamic Update for Windows 11 |Windows Safe OS Dynamic Update | ComponentUpdate | @@ -59,9 +62,9 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https |Latest cumulative update | YYYY-MM Cumulative Update for Windows 11 | | | |Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 11 Version 22H2 | | | -**Note:** Titles, Product and Description are required to distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. - ### For Windows 10, version 22H2 Dynamic Update packages +**Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the Servicing Stack embedded. Servicing Stack published seperately only if required as a prerequisite for a given cumulative Update. + | Update packages |Title |Product |Description | |-----------------------------------|---------------------------------------------------------------|-------------------------------------------------------------------------------|------------------| |Safe OS Dynamic Update | YYYY-MM Dynamic Update for Windows 10 Version 22H2 |Windows Safe OS Dynamic Update | ComponentUpdate | @@ -69,9 +72,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https |Latest cumulative update | YYYY-MM Cumulative Update for Windows 10 Version 22H2 | | | |Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 10 Version 22H2 | | | -**Note:** Titles, Product and Description are required to distinguish each Dynamic Package. Cumulative Update has the Servicing Stack embedded. Servicing Stack published only if required for a given Cumulative Update. - -If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, since Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image. +If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, if Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image. ## Update Windows installation media @@ -82,7 +83,7 @@ Properly updating the installation media involves a large number of actions oper - Windows operating system: one or more editions of Windows stored in \sources\install.wim - Windows installation media: the complete collection of files and folders in the Windows installation media. For example, \sources folder, \boot folder, Setup.exe, and so on. -This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). +This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding boot manager from WinPE to the new media (28). |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| From 273f10acac0246beb704da4e6e2f5002c63b2e08 Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:01:14 -0700 Subject: [PATCH 009/319] Update windows/deployment/do/mcc-isp-signup.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/do/mcc-isp-signup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index f0739c591c..b83d78d4c8 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -30,8 +30,8 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). > [!NOTE] -> Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incure any charges. -> Please be aware of any additional services that may be selected as part of the Azure sign up process. +> - Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. +> - Be aware, however, that any additional services that might be selected as part of the Azure sign-up process might incur charges. 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. From 2d9e0312e39e2ae3e172dc8971c2f2c742551dbb Mon Sep 17 00:00:00 2001 From: Amy Zhou Date: Tue, 11 Jul 2023 17:01:17 -0700 Subject: [PATCH 010/319] minor changes to the isp overview page --- windows/deployment/do/mcc-isp-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md index 9ef0352aab..976dc478da 100644 --- a/windows/deployment/do/mcc-isp-overview.md +++ b/windows/deployment/do/mcc-isp-overview.md @@ -18,7 +18,7 @@ ms.collection: tier3 - Windows 10 - Windows 11 -Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. +Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a free software-only caching solution that delivers Microsoft content. MCC can be deployed free of charge to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. ## Supported scenarios From dad65032929a11294efcc25049fd1d66e5ccb700 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 13 Jul 2023 11:53:45 -0400 Subject: [PATCH 011/319] Move files --- ...ging-operational-guide-appid-tagging-policies.md | 0 .../AppIdTagging/deploy-appid-tagging-policies.md | 0 .../design-create-appid-tagging-policies.md | 0 ...ender-application-control-appid-tagging-guide.md | 0 .../windows-defender-application-control/TOC.yml | 0 ...-packaged-apps-to-existing-applocker-rule-set.md | 0 .../applocker/administer-applocker.md | 0 .../applocker-architecture-and-components.md | 0 .../applocker/applocker-functions.md | 0 .../applocker/applocker-overview.md | 0 .../applocker-policies-deployment-guide.md | 0 .../applocker/applocker-policies-design-guide.md | 0 .../applocker/applocker-policy-use-scenarios.md | 0 .../applocker-processes-and-interactions.md | 0 .../applocker/applocker-settings.md | 0 .../applocker/applocker-technical-reference.md | 0 .../configure-an-applocker-policy-for-audit-only.md | 0 ...nfigure-an-applocker-policy-for-enforce-rules.md | 0 .../configure-exceptions-for-an-applocker-rule.md | 0 .../configure-the-appLocker-reference-device.md | 0 .../configure-the-application-identity-service.md | 0 .../applocker/create-a-rule-for-packaged-apps.md | 0 ...create-a-rule-that-uses-a-file-hash-condition.md | 0 .../create-a-rule-that-uses-a-path-condition.md | 0 ...create-a-rule-that-uses-a-publisher-condition.md | 0 .../applocker/create-applocker-default-rules.md | 0 ...-applications-deployed-to-each-business-group.md | 0 .../applocker/create-your-applocker-policies.md | 0 .../applocker/create-your-applocker-rules.md | 0 .../applocker/delete-an-applocker-rule.md | 0 ...r-policies-by-using-the-enforce-rules-setting.md | 0 .../deploy-the-applocker-policy-into-production.md | 0 ...e-group-policy-structure-and-rule-enforcement.md | 0 ...-are-digitally-signed-on-a-reference-computer.md | 0 ...determine-your-application-control-objectives.md | 0 ...e-when-users-try-to-run-a-blocked-application.md | 0 .../applocker/dll-rules-in-applocker.md | 0 ...licy-structure-and-applocker-rule-enforcement.md | 0 .../applocker/document-your-application-list.md | 0 .../applocker/document-your-applocker-rules.md | 0 .../applocker/edit-an-applocker-policy.md | 0 .../applocker/edit-applocker-rules.md | 0 .../applocker/enable-the-dll-rule-collection.md | 0 .../applocker/enforce-applocker-rules.md | 0 .../applocker/executable-rules-in-applocker.md | 0 .../export-an-applocker-policy-from-a-gpo.md | 0 .../export-an-applocker-policy-to-an-xml-file.md | 0 .../applocker/how-applocker-works-techref.md | 0 .../applocker/images/applocker-plan-inheritance.gif | Bin .../images/applocker-plandeploy-quickreference.gif | Bin .../applocker/images/blockedappmsg.gif | Bin ...ort-an-applocker-policy-from-another-computer.md | 0 .../import-an-applocker-policy-into-a-gpo.md | 0 .../applocker/maintain-applocker-policies.md | 0 .../manage-packaged-apps-with-applocker.md | 0 ...plocker-policies-by-using-set-applockerpolicy.md | 0 .../applocker/merge-applocker-policies-manually.md | 0 .../monitor-application-usage-with-applocker.md | 0 .../applocker/optimize-applocker-performance.md | 0 ...and-packaged-app-installer-rules-in-applocker.md | 0 .../plan-for-applocker-policy-management.md | 0 .../applocker/refresh-an-applocker-policy.md | 0 ...requirements-for-deploying-applocker-policies.md | 0 .../applocker/requirements-to-use-applocker.md | 0 .../run-the-automatically-generate-rules-wizard.md | 0 .../applocker/script-rules-in-applocker.md | 0 .../security-considerations-for-applocker.md | 0 .../applocker/select-types-of-rules-to-create.md | 0 ...pplocker-policy-by-using-test-applockerpolicy.md | 0 .../test-and-update-an-applocker-policy.md | 0 .../applocker/tools-to-use-with-applocker.md | 0 .../understand-applocker-enforcement-settings.md | 0 .../understand-applocker-policy-design-decisions.md | 0 ...forcement-setting-inheritance-in-group-policy.md | 0 ...stand-the-applocker-policy-deployment-process.md | 0 ...ing-applocker-allow-and-deny-actions-on-rules.md | 0 .../understanding-applocker-default-rules.md | 0 .../understanding-applocker-rule-behavior.md | 0 .../understanding-applocker-rule-collections.md | 0 .../understanding-applocker-rule-condition-types.md | 0 .../understanding-applocker-rule-exceptions.md | 0 ...ing-the-file-hash-rule-condition-in-applocker.md | 0 ...standing-the-path-rule-condition-in-applocker.md | 0 ...ing-the-publisher-rule-condition-in-applocker.md | 0 ...ter-to-create-and-maintain-applocker-policies.md | 0 ...tware-restriction-policies-in-the-same-domain.md | 0 .../use-the-applocker-windows-powershell-cmdlets.md | 0 .../applocker/using-event-viewer-with-applocker.md | 0 ...e-restriction-policies-and-applocker-policies.md | 0 .../applocker/what-is-applocker.md | 0 .../windows-installer-rules-in-applocker.md | 0 .../applocker/working-with-applocker-policies.md | 0 .../applocker/working-with-applocker-rules.md | 0 .../deployment}/LOB-win32-apps-on-s.md | 0 ...windows-defender-application-control-policies.md | 0 ...cert-for-windows-defender-application-control.md | 0 ...-support-windows-defender-application-control.md | 0 .../deployment/deploy-wdac-policies-with-memcm.md | 0 .../deployment/deploy-wdac-policies-with-script.md | 0 ...plication-control-policies-using-group-policy.md | 0 ...der-application-control-policies-using-intune.md | 0 ...windows-defender-application-control-policies.md | 0 ...windows-defender-application-control-policies.md | 0 ...windows-defender-application-control-policies.md | 0 ...tion-control-for-classic-windows-applications.md | 0 ...efender-application-control-against-tampering.md | 0 ...defender-application-control-deployment-guide.md | 0 ...n-windows-defender-application-control-policy.md | 0 ...orized-apps-deployed-with-a-managed-installer.md | 0 .../design}/create-initial-default-policy.md | 0 .../design}/create-wdac-deny-policy.md | 0 .../create-wdac-policy-for-fully-managed-devices.md | 0 ...reate-wdac-policy-for-lightly-managed-devices.md | 0 ...windows-defender-application-control-policies.md | 0 .../design}/example-wdac-base-policies.md | 0 ...pps-with-windows-defender-application-control.md | 0 .../design}/microsoft-recommended-block-rules.md | 0 .../microsoft-recommended-driver-block-rules.md | 0 ...ndows-defender-application-control-management.md | 0 .../design/script-enforcement.md | 0 .../design}/select-types-of-rules-to-create.md | 0 .../design}/types-of-devices.md | 0 ...r-application-control-policy-design-decisions.md | 0 .../design}/understanding-wdac-policy-settings.md | 0 ...control-specific-plug-ins-add-ins-and-modules.md | 0 ...pplication-control-with-dynamic-code-security.md | 0 ...ation-control-with-intelligent-security-graph.md | 0 .../design}/wdac-wizard-create-base-policy.md | 0 .../wdac-wizard-create-supplemental-policy.md | 0 .../design}/wdac-wizard-editing-policy.md | 0 .../design}/wdac-wizard-merging-policies.md | 0 .../design}/wdac-wizard-parsing-event-logs.md | 0 .../design}/wdac-wizard.md | 0 ...ows-defender-application-control-design-guide.md | 0 .../feature-availability.md | 0 .../images/appid-pid-task-mgr.png | Bin .../images/appid-pid-windbg-token.png | Bin .../images/appid-pid-windbg.png | Bin .../images/appid-wdac-wizard-1.png | Bin .../images/appid-wdac-wizard-2.png | Bin .../images/bit-toggling-keyboard-icon.png | Bin .../images/calculator-menu-icon.png | Bin .../images/calculator-with-hex-in-binary.png | Bin .../images/dg-fig12-verifysigning.png | Bin .../images/dg-fig13-createnewgpo.png | Bin .../images/dg-fig14-createnewfile.png | Bin .../images/dg-fig15-setnewfileprops.png | Bin .../images/dg-fig16-specifyinfo.png | Bin .../images/dg-fig17-specifyinfo.png | Bin .../images/dg-fig18-specifyux.png | Bin .../images/dg-fig19-customsettings.png | Bin .../images/dg-fig20-setsoftwareinv.png | Bin .../images/dg-fig21-pathproperties.png | Bin .../images/dg-fig23-exceptionstocode.png | Bin .../images/dg-fig24-creategpo.png | Bin .../images/dg-fig26-enablecode.png | Bin .../images/dg-fig27-managecerttemp.png | Bin .../images/dg-fig29-enableconstraints.png | Bin .../images/dg-fig30-selectnewcert.png | Bin .../images/dg-fig31-getmoreinfo.png | Bin .../images/event-3077.png | Bin .../images/event-3089.png | Bin .../images/event-3099-options.png | Bin .../images/hex-icon.png | Bin .../images/known-issue-appid-dll-rule-xml.png | Bin .../images/known-issue-appid-dll-rule.png | Bin .../images/memcm/memcm-confirm-wdac-rule.jpg | Bin .../images/memcm/memcm-create-wdac-policy-2.jpg | Bin .../images/memcm/memcm-create-wdac-policy.jpg | Bin .../images/memcm/memcm-create-wdac-rule-2.jpg | Bin .../images/memcm/memcm-create-wdac-rule-3.jpg | Bin .../images/memcm/memcm-create-wdac-rule.jpg | Bin .../images/memcm/memcm-deploy-wdac-2.jpg | Bin .../images/memcm/memcm-deploy-wdac-3.jpg | Bin .../images/memcm/memcm-deploy-wdac-4.jpg | Bin .../images/memcm/memcm-deploy-wdac.jpg | Bin .../images/policyflow.png | Bin .../images/wdac-edit-gp.png | Bin .../images/wdac-intune-app-catalogs.png | Bin .../images/wdac-intune-app-deployment.png | Bin .../images/wdac-intune-custom-oma-uri.png | Bin .../images/wdac-intune-policy-authorization.png | Bin ...wdac-wizard-confirm-base-policy-modification.png | Bin .../wdac-wizard-custom-file-attribute-rule.png | Bin .../images/wdac-wizard-custom-manual-pfn-rule.png | Bin .../images/wdac-wizard-custom-pfn-rule.png | Bin .../images/wdac-wizard-custom-publisher-rule.png | Bin .../images/wdac-wizard-edit-policy-rules.png | Bin .../images/wdac-wizard-edit-remove-file-rule.png | Bin .../images/wdac-wizard-event-log-files-expanded.png | Bin .../images/wdac-wizard-event-log-files.png | Bin ...wdac-wizard-event-log-mde-ah-export-expanded.png | Bin .../images/wdac-wizard-event-log-mde-ah-export.png | Bin ...dac-wizard-event-log-mde-ah-parsing-expanded.png | Bin .../images/wdac-wizard-event-log-mde-ah-parsing.png | Bin .../wdac-wizard-event-log-system-expanded.png | Bin .../images/wdac-wizard-event-log-system.png | Bin .../wdac-wizard-event-rule-creation-expanded.png | Bin .../images/wdac-wizard-event-rule-creation.png | Bin .../images/wdac-wizard-merge.png | Bin ...ac-wizard-rule-options-UI-advanced-collapsed.png | Bin .../images/wdac-wizard-rule-options-UI.png | Bin .../images/wdac-wizard-supplemental-expandable.png | Bin .../images/wdac-wizard-supplemental-not-base.png | Bin ...c-wizard-supplemental-policy-rule-options-UI.png | Bin .../images/wdac-wizard-template-selection.png | Bin .../windows-defender-application-control/index.yml | 0 .../operations/citool-commands.md | 0 .../operations}/configure-wdac-managed-installer.md | 0 .../operations}/event-id-explanations.md | 0 .../operations}/event-tag-explanations.md | 0 .../operations/inbox-wdac-policies.md | 0 .../operations/known-issues.md | 0 ...ntrol-events-centrally-using-advanced-hunting.md | 0 .../wdac-debugging-and-troubleshooting.md | 0 ...efender-application-control-operational-guide.md | 0 .../wdac-and-applocker-overview.md | 0 .../windows-defender-application-control.md | 0 218 files changed, 0 insertions(+), 0 deletions(-) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/TOC.yml (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/administer-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-architecture-and-components.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-functions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-overview.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policies-design-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-processes-and-interactions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-settings.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/applocker-technical-reference.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/configure-the-application-identity-service.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-applocker-default-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-your-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/create-your-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/delete-an-applocker-rule.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/determine-your-application-control-objectives.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/dll-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-your-application-list.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/document-your-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/edit-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/edit-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/enforce-applocker-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/executable-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/how-applocker-works-techref.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/images/blockedappmsg.gif (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/maintain-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/merge-applocker-policies-manually.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/optimize-applocker-performance.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/refresh-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/requirements-to-use-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/script-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/security-considerations-for-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/select-types-of-rules-to-create.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/tools-to-use-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-default-rules.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/what-is-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/working-with-applocker-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/applocker/working-with-applocker-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/LOB-win32-apps-on-s.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/audit-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/create-code-signing-cert-for-windows-defender-application-control.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/deploy-catalog-files-to-support-windows-defender-application-control.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/disable-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/enforce-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/merge-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/deployment}/windows-defender-application-control-deployment-guide.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/allow-com-object-registration-in-windows-defender-application-control-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/configure-authorized-apps-deployed-with-a-managed-installer.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-initial-default-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-deny-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-policy-for-fully-managed-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/create-wdac-policy-for-lightly-managed-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/deploy-multiple-windows-defender-application-control-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/example-wdac-base-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/manage-packaged-apps-with-windows-defender-application-control.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/microsoft-recommended-block-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/microsoft-recommended-driver-block-rules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/plan-windows-defender-application-control-management.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/design/script-enforcement.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/select-types-of-rules-to-create.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/types-of-devices.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/understand-windows-defender-application-control-policy-design-decisions.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/understanding-wdac-policy-settings.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-with-dynamic-code-security.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/use-windows-defender-application-control-with-intelligent-security-graph.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-create-base-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-create-supplemental-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-editing-policy.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-merging-policies.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard-parsing-event-logs.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/wdac-wizard.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/design}/windows-defender-application-control-design-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/feature-availability.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-task-mgr.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-windbg-token.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-pid-windbg.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-wdac-wizard-1.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/appid-wdac-wizard-2.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/bit-toggling-keyboard-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/calculator-menu-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/calculator-with-hex-in-binary.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig12-verifysigning.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig13-createnewgpo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig14-createnewfile.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig15-setnewfileprops.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig16-specifyinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig17-specifyinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig18-specifyux.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig19-customsettings.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig21-pathproperties.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig23-exceptionstocode.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig24-creategpo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig26-enablecode.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig27-managecerttemp.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig29-enableconstraints.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig30-selectnewcert.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/dg-fig31-getmoreinfo.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3077.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3089.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/event-3099-options.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/hex-icon.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/known-issue-appid-dll-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/policyflow.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-edit-gp.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-app-catalogs.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-app-deployment.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-intune-policy-authorization.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-files.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-log-system.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-merge.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/images/wdac-wizard-template-selection.png (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/index.yml (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/citool-commands.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/configure-wdac-managed-installer.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/event-id-explanations.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/event-tag-explanations.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/inbox-wdac-policies.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/known-issues.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/querying-application-control-events-centrally-using-advanced-hunting.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md (100%) rename windows/security/{threat-protection/windows-defender-application-control => application-security/application-control/windows-defender-application-control/operations}/windows-defender-application-control-operational-guide.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/wdac-and-applocker-overview.md (100%) rename windows/security/{threat-protection => application-security/application-control}/windows-defender-application-control/windows-defender-application-control.md (100%) diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/TOC.yml rename to windows/security/application-security/application-control/windows-defender-application-control/TOC.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md diff --git a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/types-of-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/feature-availability.md rename to windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3077.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3077.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3089.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3089.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policyflow.png b/windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/policyflow.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/index.yml rename to windows/security/application-security/application-control/windows-defender-application-control/index.yml diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/operations/windows-defender-application-control-operational-guide.md diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md rename to windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md similarity index 100% rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/windows-defender-application-control.md From abc2bbad821b38aed08d056813ef9c3908c61c1c Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Thu, 13 Jul 2023 14:40:03 -0400 Subject: [PATCH 012/319] Update Boot Image with CU Article --- windows/deployment/update-boot-image.md | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 windows/deployment/update-boot-image.md diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md new file mode 100644 index 0000000000..1e1246c0a1 --- /dev/null +++ b/windows/deployment/update-boot-image.md @@ -0,0 +1,27 @@ +--- +title: Update Windows PE boot image with the latest cumulative updates +description: This article describes how to update a Windows PE (WinPE) boot image with the latest cumulative update. +ms.prod: windows-client +ms.localizationpriority: medium +author: frankroj +manager: aaroncz +ms.author: frankroj +ms.topic: article +ms.date: 07/13/2023 +ms.technology: itpro-deploy +appliesto: + - ✅ Windows 11 + - ✅ Windows 10 + - ✅ Windows Server 2022 + - ✅ Windows Server 2019 + - ✅ Windows Server 2016 +--- +--- + +# Update Windows PE boot image with the latest cumulative update + +This walkthrough describes how to update a Windows PE (WinPE) boot image with the latest cumulative update. + +## Prerequisites + +- [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK. \ No newline at end of file From b19b980b2e4a4f94a2fa65d3677fb85f86cd65fa Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:02:18 -0400 Subject: [PATCH 013/319] Update Boot Image with CU Article 2 --- windows/deployment/update-boot-image.md | 83 ++++++++++++++++++++++++- 1 file changed, 82 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 1e1246c0a1..4c8b669cc4 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -20,8 +20,89 @@ appliesto: # Update Windows PE boot image with the latest cumulative update + + This walkthrough describes how to update a Windows PE (WinPE) boot image with the latest cumulative update. ## Prerequisites -- [Windows Assessment and Deployment Kit (ADK)](https://docs.microsoft.com/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK. \ No newline at end of file +- [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK. + +## Overview + +Note about boot.wim from installation media + +## Steps + +1. Download and install ADK +2. Download cumulative update (CU) +3. Backup existing boot image (e.g. winpe.wim or boot.wim) +4. Mount boot image to temporary mount folder +5. Add optional components to boot image +6. Add cumulative update (CU) to boot image +7. Copy boot files from mounted image to ADK installation location +8. Perform component cleanup +9. Unmount boot image and save changes +10. Export boot image to reduce size + +## Step 1: Download and install ADK + +## Step 2: Download CU + +## Step 3: Backup existing boot image + +## Step 4: Mount boot image to temporary mount folder + +## Step 5: Add optional components to boot image + +## Step 6: Add cumulative update (CU) to boot image + +## Step 7: Copy boot files from mounted image to ADK installation location + +## Step 8: Perform component cleanup + +## Step 9: Unmount boot image and save changes + +## Step 10: Export boot image to reduce size + +## Script outline + +This PowerShell script appears to be a patching script for the Windows Assessment and Deployment Kit (ADK) and the Windows Preinstallation Environment (WinPE). Here's a breakdown of what the script does: + +1. It begins with some comments explaining the purpose of the script and providing links to relevant documentation. + +2. The script defines various variables such as `$SMSProvider2012R2`, `$MountFolder`, `$downloads`, and several `$CUDownloadUrl` variables. These variables specify download URLs for cumulative updates (CUs) and other files. + +3. The script includes functions like `Test-RegistryValue` and `Get-RegistryValue` for checking and retrieving registry values. + +4. It checks if the ADK is installed on the system by checking the registry key `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots`. If the ADK is detected, it retrieves the installation location from the registry. + +5. The script verifies the existence of the WinPE image file (`winpe.wim`) and extracts the version information from it. + +6. Depending on the WinPE version, the script selects the appropriate CU download URL and sets the `$SSURequired` flag if a Servicing Stack Update (SSU) is needed. + +7. It checks if certain folders exist and creates them if necessary (`$downloads`, `$downloads\SSU`, and `$MountFolder`). + +8. If the CU file does not already exist in the specified download folder, it uses `Start-BitsTransfer` to download it from the provided URL. + +9. If an SSU is required, it performs a similar download process for the SSU file. + +10. The script creates a backup of the existing `winpe.wim` file by copying it to `winpe.bak`. If a previous backup already exists, it renames it with the current date appended. + +11. It mounts the `winpe.wim` file using `Mount-WindowsImage` to a temporary mount folder (`$MountFolder`). + +12. If an SSU is required, it adds the SSU package to the mounted image using `Add-WindowsPackage`. + +13. It then iterates through a list of optional components (`$OptionalComponents`) and adds the corresponding packages to the mounted image using `Add-WindowsPackage`. It also checks for language-specific versions of the components and adds them if available. + +14. The script adds the downloaded CU package to the mounted image using `Add-WindowsPackage`. + +15. It copies updated boot manager files (`bootmgr.efi` and `bootmgfw.efi`) from the mounted image back to the ADK installation location. + +16. It performs a component cleanup operation on the mounted image using `dism.exe` to reduce the image size. + +17. The script exports the list of installed packages in the modified image to a text file. + +18. Finally, it dismounts the image with the modifications, saves the changes, and exports the modified `winpe.wim` file as a new file with reduced file size. It also creates a backup of the original `winpe.wim` file and cleans up temporary files. + +The script appears to be designed to update and patch the WinPE image in the ADK installation based on the installed ADK version and the provided CU and SSU files. From 8e5971c66ef98ba71bffa1bfa461b3284f9054db Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:37:13 -0400 Subject: [PATCH 014/319] Update Boot Image with CU Article 3 --- windows/deployment/update-boot-image.md | 54 +++++++++++++++++++------ 1 file changed, 42 insertions(+), 12 deletions(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 4c8b669cc4..8e7895218f 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -26,11 +26,16 @@ This walkthrough describes how to update a Windows PE (WinPE) boot image with th ## Prerequisites -- [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install). Recommended to use the latest version of the ADK. +- [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install) - It's recommended to use the latest version of the ADK. +- [Windows PE add-on for the Windows ADK](/windows-hardware/get-started/adk-install). Make sure the version of Windows PE matches the version of Windows ADK that is being used. +- Boot image - This can be `winpe.wim` included with the Windows ADK. +- Latest cumulative update downloaded from the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site. ## Overview Note about boot.wim from installation media +Note about Win11 ADK only having x64 boot images +Note about Windows Server 2012 R2 ## Steps @@ -39,31 +44,56 @@ Note about boot.wim from installation media 3. Backup existing boot image (e.g. winpe.wim or boot.wim) 4. Mount boot image to temporary mount folder 5. Add optional components to boot image -6. Add cumulative update (CU) to boot image -7. Copy boot files from mounted image to ADK installation location -8. Perform component cleanup -9. Unmount boot image and save changes -10. Export boot image to reduce size +6. Add optional components OCs to boot image +7. Add cumulative update (CU) to boot image +8. Copy boot files from mounted image to ADK installation location +9. Perform component cleanup +10. Unmount boot image and save changes +11. Export boot image to reduce size ## Step 1: Download and install ADK -## Step 2: Download CU +- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). + +- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). Make sure to download and install both components. + +- It's strongly recommended to download and install the latest version of the ADK. + +- When installing the Windows ADK, it's only necessary to install the **Deployment Tools**. + +## Step 2: Download cumulative update (CU) + +- Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated. + +- When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four digit current year, `` is the two digit current month, and `` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month. + +- Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" version of the update. + +- Store the downloaded cumulative update in a known location for later use. ## Step 3: Backup existing boot image +Before modifying the desired boot image, make a backup copy of the boot image being modified. For example, + +- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`. + +- For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim` + ## Step 4: Mount boot image to temporary mount folder ## Step 5: Add optional components to boot image -## Step 6: Add cumulative update (CU) to boot image +## Step 6: Add optional components OCs to boot image -## Step 7: Copy boot files from mounted image to ADK installation location +## Step 7: Add cumulative update (CU) to boot image -## Step 8: Perform component cleanup +## Step 8: Copy boot files from mounted image to ADK installation location -## Step 9: Unmount boot image and save changes +## Step 9: Perform component cleanup -## Step 10: Export boot image to reduce size +## Step 10: Unmount boot image and save changes + +## Step 11: Export boot image to reduce size ## Script outline From 139b14ff6231958f61bbdeaf1ffa8b6d0bab301d Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Sat, 15 Jul 2023 12:26:04 -0400 Subject: [PATCH 015/319] Update Boot Image with CU Article 4 --- windows/deployment/update-boot-image.md | 200 ++++++++++++++++++++---- 1 file changed, 168 insertions(+), 32 deletions(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 8e7895218f..58a067d325 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -43,24 +43,27 @@ Note about Windows Server 2012 R2 2. Download cumulative update (CU) 3. Backup existing boot image (e.g. winpe.wim or boot.wim) 4. Mount boot image to temporary mount folder -5. Add optional components to boot image -6. Add optional components OCs to boot image +5. Add drivers to boot image +6. Add optional components to boot image 7. Add cumulative update (CU) to boot image 8. Copy boot files from mounted image to ADK installation location 9. Perform component cleanup -10. Unmount boot image and save changes -11. Export boot image to reduce size +10. Verify all desired packages have been added to boot image +11. Unmount boot image and save changes +12. Export boot image to reduce size ## Step 1: Download and install ADK -- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). +- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). -- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](windows-hardware/get-started/adk-install). Make sure to download and install both components. +- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components. - It's strongly recommended to download and install the latest version of the ADK. - When installing the Windows ADK, it's only necessary to install the **Deployment Tools**. +- The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly. + ## Step 2: Download cumulative update (CU) - Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated. @@ -71,9 +74,15 @@ Note about Windows Server 2012 R2 - Store the downloaded cumulative update in a known location for later use. +> [!TIP] +> +> It is recommended to use the full cumulative update when updating boot images with a cumulative update. However, instead of downloading the full cumulative update, the cumulative update for SafeOS can be downloaded and used instead. This will reduce the size of the final updated boot image. If any issues occur with a boot image updated with the SafeOS cumulative update, then use the full cumulative update instead. +> +> The SafeOS cumulative update can be found in the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site by searching on... + ## Step 3: Backup existing boot image -Before modifying the desired boot image, make a backup copy of the boot image being modified. For example, +Before modifying the desired boot image, make a backup copy of the boot image. For example, - For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`. @@ -81,58 +90,185 @@ Before modifying the desired boot image, make a backup copy of the boot image be ## Step 4: Mount boot image to temporary mount folder -## Step 5: Add optional components to boot image +- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`. -## Step 6: Add optional components OCs to boot image +```powershell +Mount-WindowsImage -Path "" -ImagePath "\.wim" -Index 1 -Verbose +``` + +For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage) + +```cmd +DISM.exe /Mount-image /imagefile:"" /Index:1 /MountDir:"" +``` + +For more information, see [Modify a Windows image using DISM: Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism) and [DISM Image Management Command-Line Options: /Mount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#mount-image). + +## Step 5: Add drivers to boot image + +If needed, add any drivers to the boot image. + +```powershell +Command to be determined +``` + +```cmd +DISM.exe/Image:"" /Add-Driver /Driver:"\.inf" + +DISM.exe /Image:"" /Add-Driver /Driver:" [!IMPORTANT] +> +> For Microsoft Configuration Manager boot images, don't manually add drivers to the boot image using the above steps. Instead, add drivers through Configuration Manager via the **Drivers** tab in the **Properties** of the boot image. This will ensure that the drivers in the boot image can be properly managed through Configuration Manager. Drivers are not affected by the cumulative update installed later in this walkthrough. + +## Step 6: Add optional components to boot image + +- Add any desired optional components to the boot image. +- The below examples assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly. + +```powershell +Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" -Path "" -Verbose +``` + +For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage). + +```cmd +DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\.cab" +``` + +You can add as many desired optional components as needed on a single DISM.exe command line. + +For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package). + +- Make sure that after adding the optional component to also add the language specific component for that optional component. For example, for English United States (en-us), add the following: + +```powershell +Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" -Path "" -Verbose +``` + +```cmd +DISM.exe /Image:"" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\_en-us.cab" +``` + +You can add as many desired optional components as needed on a single DISM.exe command line. + +> [!IMPORTANT] +> +> For Microsoft Configuration Manager boot images, make sure to add any desired optional components manually using the above command lines instead of adding them through Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image. This is because the cumulative update being applied at the next step will also update any optional components as needed. If the optional components are instead added through Configuration Manager, then the optional components will not be updated with the cumulative update. This could lead to unexpected behaviors and problems. +> +> For this reason, make sure to add the following required optional components need by Configuration Manager: +> +> - Scripting (WinPE-Scripting) +> - Startup (WinPE-SecureStartup) +> - Network (WinPE-WDS-Tools) +> - WMI (WinPE-WMI) +> +> Once any optional components has been manually added to a boot image, Configuration Manager will detect that the optional component has already been added. It will not try to add the optional component again whenever it is updating the boot image. + +### List of optional components ## Step 7: Add cumulative update (CU) to boot image +- Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image. + +```powershell +Add-WindowsPackage -PackagePath "" -Path "" -Verbose +``` + +For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage) + +```cmd +DISM.exe /Image:"" /Add-Package /PackagePath:"" +``` + +For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package). + +> [!IMPORTANT] +> +> Make sure not to apply the cumulative update (CU) until all desired optional components have been installed. This will make sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update. + ## Step 8: Copy boot files from mounted image to ADK installation location +- Copy the updated bootmgr files from the updated boot image to the ADK installation location. +- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932). + +```powershell +Copy-Item "\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" -Force + +Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" -Force +``` + +```cmd +CMD commands to be determined +``` + ## Step 9: Perform component cleanup -## Step 10: Unmount boot image and save changes +- Run DISM.exe commands that will clean up the mounted image and help reduce its size -## Step 11: Export boot image to reduce size +```powershell +Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer" -Wait -LoadUserProfile -## Script outline +Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile +``` -This PowerShell script appears to be a patching script for the Windows Assessment and Deployment Kit (ADK) and the Windows Preinstallation Environment (WinPE). Here's a breakdown of what the script does: +```cmd +DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase /Defer -1. It begins with some comments explaining the purpose of the script and providing links to relevant documentation. +DISM.exe /Image:"" /Cleanup-image /StartComponentCleanup /Resetbase +``` -2. The script defines various variables such as `$SMSProvider2012R2`, `$MountFolder`, `$downloads`, and several `$CUDownloadUrl` variables. These variables specify download URLs for cumulative updates (CUs) and other files. +For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Cleanup-Image](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#cleanup-image). -3. The script includes functions like `Test-RegistryValue` and `Get-RegistryValue` for checking and retrieving registry values. +## Step 10: Verify all desired packages have been added to boot image -4. It checks if the ADK is installed on the system by checking the registry key `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows Kits\Installed Roots`. If the ADK is detected, it retrieves the installation location from the registry. +- After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed. -5. The script verifies the existence of the WinPE image file (`winpe.wim`) and extracts the version information from it. +```powershell +Get-WindowsPackage -Path "" +``` -6. Depending on the WinPE version, the script selects the appropriate CU download URL and sets the `$SSURequired` flag if a Servicing Stack Update (SSU) is needed. +For more information, see [Get-WindowsPackage](/powershell/module/dism/get-windowspackage). -7. It checks if certain folders exist and creates them if necessary (`$downloads`, `$downloads\SSU`, and `$MountFolder`). +```cmd +DISM.exe /Image:"" /Get-Packages +``` -8. If the CU file does not already exist in the specified download folder, it uses `Start-BitsTransfer` to download it from the provided URL. +For more information, see [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Get-Packages](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#get-packages). -9. If an SSU is required, it performs a similar download process for the SSU file. +## Step 11: Unmount boot image and save changes -10. The script creates a backup of the existing `winpe.wim` file by copying it to `winpe.bak`. If a previous backup already exists, it renames it with the current date appended. +- Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes. -11. It mounts the `winpe.wim` file using `Mount-WindowsImage` to a temporary mount folder (`$MountFolder`). +```powershell +Dismount-WindowsImage -Path "" -Save -Verbose +``` -12. If an SSU is required, it adds the SSU package to the mounted image using `Add-WindowsPackage`. +For more information, see [Dismount-WindowsImage](/powershell/module/dism/dismount-windowsimage). -13. It then iterates through a list of optional components (`$OptionalComponents`) and adds the corresponding packages to the mounted image using `Add-WindowsPackage`. It also checks for language-specific versions of the components and adds them if available. +```cmd +DISM.exe /Unmount-Image /MountDir:"" /Commit +``` -14. The script adds the downloaded CU package to the mounted image using `Add-WindowsPackage`. +For more information, see [Modify a Windows image using DISM: Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image) and [DISM Image Management Command-Line Options: /Unmount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#unmount-image). -15. It copies updated boot manager files (`bootmgr.efi` and `bootmgfw.efi`) from the mounted image back to the ADK installation location. +## Step 12: Export boot image to reduce size -16. It performs a component cleanup operation on the mounted image using `dism.exe` to reduce the image size. +- Once the boot image has been unmounted and saved, its size can be further reduced by exporting it. -17. The script exports the list of installed packages in the modified image to a text file. +```powershell +Export-WindowsImage -SourceImagePath "\.wim" -SourceIndex 1 -DestinationImagePath "\-export.wim" -CompressionType max -Verbose +``` -18. Finally, it dismounts the image with the modifications, saves the changes, and exports the modified `winpe.wim` file as a new file with reduced file size. It also creates a backup of the original `winpe.wim` file and cleans up temporary files. +For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage). -The script appears to be designed to update and patch the WinPE image in the ADK installation based on the installed ADK version and the provided CU and SSU files. +```cmd +DISM.exe /Export-Image /SourceImageFile:"\.wim" /SourceIndex:1 /DestinationImageFile:"\-export.wim" +``` + +For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image). + +Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image. From 41a226ea5de5399cd9bd1e26e2693c5a4052e730 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Sat, 15 Jul 2023 12:32:04 -0400 Subject: [PATCH 016/319] Update Boot Image with CU Article 5 --- windows/deployment/update-boot-image.md | 29 +++++++++++++++---------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 58a067d325..46fcd30cdd 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -39,18 +39,23 @@ Note about Windows Server 2012 R2 ## Steps -1. Download and install ADK -2. Download cumulative update (CU) -3. Backup existing boot image (e.g. winpe.wim or boot.wim) -4. Mount boot image to temporary mount folder -5. Add drivers to boot image -6. Add optional components to boot image -7. Add cumulative update (CU) to boot image -8. Copy boot files from mounted image to ADK installation location -9. Perform component cleanup -10. Verify all desired packages have been added to boot image -11. Unmount boot image and save changes -12. Export boot image to reduce size +- [Update Windows PE boot image with the latest cumulative update](#update-windows-pe-boot-image-with-the-latest-cumulative-update) + - [Prerequisites](#prerequisites) + - [Overview](#overview) + - [Steps](#steps) + - [Step 1: Download and install ADK](#step-1-download-and-install-adk) + - [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu) + - [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image) + - [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder) + - [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image) + - [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) + - [List of optional components](#list-of-optional-components) + - [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image) + - [Step 8: Copy boot files from mounted image to ADK installation location](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-location) + - [Step 9: Perform component cleanup](#step-9-perform-component-cleanup) + - [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image) + - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes) + - [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size) ## Step 1: Download and install ADK From 727d16180edb5582cc1d0ecd012c0ee02f9e4ad9 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Sat, 15 Jul 2023 12:38:23 -0400 Subject: [PATCH 017/319] Update Boot Image with CU Article 6 --- windows/deployment/update-boot-image.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 46fcd30cdd..64f6474518 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -51,7 +51,7 @@ Note about Windows Server 2012 R2 - [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) - [List of optional components](#list-of-optional-components) - [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image) - - [Step 8: Copy boot files from mounted image to ADK installation location](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-location) + - [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path) - [Step 9: Perform component cleanup](#step-9-perform-component-cleanup) - [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image) - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes) @@ -87,11 +87,11 @@ Note about Windows Server 2012 R2 ## Step 3: Backup existing boot image -Before modifying the desired boot image, make a backup copy of the boot image. For example, +- Before modifying the desired boot image, make a backup copy of the boot image. For example, -- For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`. + - For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`. -- For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim` + - For the boot image included with Microsoft Configuration Manager, the boot image is located at `\OSD\boot\x64\boot.wim` ## Step 4: Mount boot image to temporary mount folder @@ -111,7 +111,7 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w ## Step 5: Add drivers to boot image -If needed, add any drivers to the boot image. +- If needed, add any drivers to the boot image. ```powershell Command to be determined @@ -195,9 +195,9 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h > > Make sure not to apply the cumulative update (CU) until all desired optional components have been installed. This will make sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update. -## Step 8: Copy boot files from mounted image to ADK installation location +## Step 8: Copy boot files from mounted image to ADK installation path -- Copy the updated bootmgr files from the updated boot image to the ADK installation location. +- Copy the updated bootmgr files from the updated boot image to the ADK installation path. - This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932). ```powershell @@ -207,7 +207,7 @@ Copy-Item "\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files ``` ```cmd -CMD commands to be determined +Command to be determined ``` ## Step 9: Perform component cleanup @@ -276,4 +276,4 @@ DISM.exe /Export-Image /SourceImageFile:"\.wim" /So For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image). -Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image. +- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image. From 0a707c7512d5b2baea2b8b0b9effee9d650fa843 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Sat, 15 Jul 2023 13:49:25 -0400 Subject: [PATCH 018/319] Update Boot Image with CU Article 7 --- windows/deployment/update-boot-image.md | 30 +++++++++++-------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index 64f6474518..c8356bd297 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -39,23 +39,19 @@ Note about Windows Server 2012 R2 ## Steps -- [Update Windows PE boot image with the latest cumulative update](#update-windows-pe-boot-image-with-the-latest-cumulative-update) - - [Prerequisites](#prerequisites) - - [Overview](#overview) - - [Steps](#steps) - - [Step 1: Download and install ADK](#step-1-download-and-install-adk) - - [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu) - - [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image) - - [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder) - - [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image) - - [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) - - [List of optional components](#list-of-optional-components) - - [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image) - - [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path) - - [Step 9: Perform component cleanup](#step-9-perform-component-cleanup) - - [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image) - - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes) - - [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size) +- [Step 1: Download and install ADK](#step-1-download-and-install-adk) +- [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu) +- [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image) +- [Step 4: Mount boot image to temporary mount folder](#step-4-mount-boot-image-to-temporary-mount-folder) +- [Step 5: Add drivers to boot image](#step-5-add-drivers-to-boot-image) +- [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) +- [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image) +- [Step 8: Copy boot files from mounted image to ADK installation path](#step-8-copy-boot-files-from-mounted-image-to-adk-installation-path) +- [Step 9: Perform component cleanup](#step-9-perform-component-cleanup) +- [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image) +- [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes) +- [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size) + ## Step 1: Download and install ADK From 71dadf67dd0f959f043c4f83f170993608fd3a75 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Sat, 15 Jul 2023 14:01:22 -0400 Subject: [PATCH 019/319] Update Boot Image with CU Article 8 --- windows/deployment/update-boot-image.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update-boot-image.md b/windows/deployment/update-boot-image.md index c8356bd297..020627f1e1 100644 --- a/windows/deployment/update-boot-image.md +++ b/windows/deployment/update-boot-image.md @@ -52,7 +52,6 @@ Note about Windows Server 2012 R2 - [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes) - [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size) - ## Step 1: Download and install ADK - Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). @@ -273,3 +272,9 @@ DISM.exe /Export-Image /SourceImageFile:"\.wim" /So For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image). - Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image. + +## Considerations for Microsoft Configuration Manager + +## Considerations for Microsoft Deployment Toolkit (MDT) + +## Considerations for Windows Deployment Services (WDS) From e468314deed27d935be270403816beb52e325f48 Mon Sep 17 00:00:00 2001 From: Herbert Mauerer <41573578+HerbertMauerer@users.noreply.github.com> Date: Mon, 17 Jul 2023 10:45:36 +0200 Subject: [PATCH 020/319] Update how-it-works.md Reflect Pasting is disabled for almost six years...customer who notice today were on WS16 so far. --- .../application-control/user-account-control/how-it-works.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/application-security/application-control/user-account-control/how-it-works.md b/windows/security/application-security/application-control/user-account-control/how-it-works.md index 861c6bc68b..2b31205aaa 100644 --- a/windows/security/application-security/application-control/user-account-control/how-it-works.md +++ b/windows/security/application-security/application-control/user-account-control/how-it-works.md @@ -93,6 +93,8 @@ The elevation process is further secured by directing the prompt to the *secure When an executable file requests elevation, the *interactive desktop*, also called the *user desktop*, is switched to the secure desktop. The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. When the user selects **Yes** or **No**, the desktop switches back to the user desktop. +On the secure desktop it is not possible to paste a password you may have in the clipboard. This ability was removed in Windows 10 1709 and is present in all subsequent releases. + Malware can present an imitation of the secure desktop, but when the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting is set to **Prompt for consent**, the malware doesn't gain elevation if the user selects **Yes** on the imitation. If the policy setting is set to **Prompt for credentials**, malware imitating the credential prompt may be able to gather the credentials from the user. However, the malware doesn't gain elevated privilege and the system has other protections that mitigate malware from taking control of the user interface even with a harvested password. While malware could present an imitation of the secure desktop, this issue can't occur unless a user previously installed the malware on the PC. Because processes requiring an administrator access token can't silently install when UAC is enabled, the user must explicitly provide consent by selecting **Yes** or by providing administrator credentials. The specific behavior of the UAC elevation prompt is dependent upon security policies. From d755cc90c3057646ca696c8b4210bd26f40b3f2e Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 17 Jul 2023 12:37:16 -0400 Subject: [PATCH 021/319] Rename files, Fix links --- .openpublishing.redirection.json | 717 +++++++++++++++++- ...nd-windows-defender-application-control.md | 2 +- .../application-control/toc.yml | 4 +- .../settings-and-configuration.md | 2 +- ...perational-guide-appid-tagging-policies.md | 4 +- .../deploy-appid-tagging-policies.md | 2 +- .../design-create-appid-tagging-policies.md | 12 +- ...g-guide.md => wdac-appid-tagging-guide.md} | 0 .../TOC.yml | 92 +-- .../manage-packaged-apps-with-applocker.md | 2 +- .../deployment/LOB-win32-apps-on-s.md | 14 +- ...rol-policies.md => audit-wdac-policies.md} | 16 +- ...d => create-code-signing-cert-for-wdac.md} | 12 +- ...> deploy-catalog-files-to-support-wdac.md} | 28 +- ...eploy-wdac-policies-using-group-policy.md} | 4 +- ...d => deploy-wdac-policies-using-intune.md} | 4 +- .../deploy-wdac-policies-with-script.md | 2 +- ...l-policies.md => disable-wdac-policies.md} | 2 +- ...l-policies.md => enforce-wdac-policies.md} | 8 +- ...rol-policies.md => merge-wdac-policies.md} | 8 +- ...ning-for-better-control-and-protection.md} | 6 +- ...cies-to-protect-wdac-against-tampering.md} | 12 +- ...ment-guide.md => wdac-deployment-guide.md} | 14 +- ...com-object-registration-in-wdac-policy.md} | 2 +- ...of-devices.md => common-wdac-use-cases.md} | 2 +- ...-apps-deployed-with-a-managed-installer.md | 8 +- .../design/create-wdac-deny-policy.md | 2 +- ...e-wdac-policy-for-fully-managed-devices.md | 8 +- ...wdac-policy-for-lightly-managed-devices.md | 10 +- ...e-wdac-policy-using-reference-computer.md} | 4 +- ...es.md => deploy-multiple-wdac-policies.md} | 3 +- .../design/example-wdac-base-policies.md | 2 +- ...l.md => manage-packaged-apps-with-wdac.md} | 6 +- .../microsoft-recommended-block-rules.md | 4 +- ...icrosoft-recommended-driver-block-rules.md | 2 +- ...-management.md => plan-wdac-management.md} | 10 +- .../design/select-types-of-rules-to-create.md | 4 +- ...nderstand-wdac-policy-design-decisions.md} | 12 +- ...-specific-plug-ins-add-ins-and-modules.md} | 2 +- ...e-wdac-with-intelligent-security-graph.md} | 4 +- ...ic-code-security.md => wdac-and-dotnet.md} | 0 ...l-design-guide.md => wdac-design-guide.md} | 10 +- .../design/wdac-wizard-create-base-policy.md | 18 +- .../wdac-wizard-create-supplemental-policy.md | 18 +- .../design/wdac-wizard-editing-policy.md | 6 +- .../design/wdac-wizard-merging-policies.md | 4 +- .../design/wdac-wizard-parsing-event-logs.md | 14 +- .../design/wdac-wizard.md | 4 +- .../feature-availability.md | 2 +- .../index.yml | 58 +- .../configure-wdac-managed-installer.md | 2 +- .../operations/event-id-explanations.md | 2 +- .../operations/event-tag-explanations.md | 12 +- .../operations/known-issues.md | 4 +- .../wdac-debugging-and-troubleshooting.md | 4 +- ...nal-guide.md => wdac-operational-guide.md} | 2 +- .../wdac-and-applocker-overview.md | 6 +- ...efender-application-control.md => wdac.md} | 10 +- .../security/application-security/index.md | 2 +- .../hello-how-it-works-technology.md | 4 +- .../hello-hybrid-aadj-sso.md | 2 +- ...o-hybrid-cloud-kerberos-trust-provision.md | 4 +- .../hello-hybrid-key-trust-provision.md | 4 +- .../hello-planning-guide.md | 2 +- .../includes/hello-join-domain.md | 2 +- windows/security/index.yml | 22 +- .../tpm/tpm-recommendations.md | 2 +- ...m-module-services-group-policy-settings.md | 2 +- .../create-wip-policy-using-configmgr.md | 2 +- .../create-wip-policy-using-intune-azure.md | 4 +- .../mandatory-settings-for-wip.md | 4 +- .../bitlocker/bitlocker-countermeasures.md | 8 +- ...r-device-encryption-overview-windows-10.md | 2 +- .../bitlocker-management-for-enterprises.md | 4 +- .../bitlocker-recovery-guide-plan.md | 16 +- .../data-protection/bitlocker/index.md | 2 +- .../vpn/vpn-office-365-optimization.md | 8 +- .../best-practices-configuring.md | 10 +- .../filter-origin-documentation.md | 2 +- .../secure-the-windows-10-boot-process.md | 4 +- .../virus-and-threat-protection/toc.yml | 2 +- ...advanced-security-audit-policy-settings.md | 2 +- .../auditing/advanced-security-auditing.md | 4 +- ...udit-kerberos-service-ticket-operations.md | 4 +- .../auditing/security-auditing-overview.md | 5 +- .../threat-protection/fips-140-validation.md | 2 +- windows/security/threat-protection/index.md | 2 +- ...iew-of-threat-mitigations-in-windows-10.md | 2 +- ...r-accounts-to-be-trusted-for-delegation.md | 2 +- ...lients-allowed-to-make-remote-sam-calls.md | 2 +- ...arding-to-assist-in-intrusion-detection.md | 2 +- 91 files changed, 1040 insertions(+), 329 deletions(-) rename windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/{windows-defender-application-control-appid-tagging-guide.md => wdac-appid-tagging-guide.md} (100%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{audit-windows-defender-application-control-policies.md => audit-wdac-policies.md} (84%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{create-code-signing-cert-for-windows-defender-application-control.md => create-code-signing-cert-for-wdac.md} (93%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-catalog-files-to-support-windows-defender-application-control.md => deploy-catalog-files-to-support-wdac.md} (94%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-windows-defender-application-control-policies-using-group-policy.md => deploy-wdac-policies-using-group-policy.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{deploy-windows-defender-application-control-policies-using-intune.md => deploy-wdac-policies-using-intune.md} (93%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{disable-windows-defender-application-control-policies.md => disable-wdac-policies.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{enforce-windows-defender-application-control-policies.md => enforce-wdac-policies.md} (89%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{merge-windows-defender-application-control-policies.md => merge-wdac-policies.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{use-code-signing-to-simplify-application-control-for-classic-windows-applications.md => use-code-signing-for-better-control-and-protection.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md => use-signed-policies-to-protect-wdac-against-tampering.md} (92%) rename windows/security/application-security/application-control/windows-defender-application-control/deployment/{windows-defender-application-control-deployment-guide.md => wdac-deployment-guide.md} (81%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{allow-com-object-registration-in-windows-defender-application-control-policy.md => allow-com-object-registration-in-wdac-policy.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{types-of-devices.md => common-wdac-use-cases.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{create-initial-default-policy.md => create-wdac-policy-using-reference-computer.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{deploy-multiple-windows-defender-application-control-policies.md => deploy-multiple-wdac-policies.md} (99%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{manage-packaged-apps-with-windows-defender-application-control.md => manage-packaged-apps-with-wdac.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{plan-windows-defender-application-control-management.md => plan-wdac-management.md} (91%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{understand-windows-defender-application-control-policy-design-decisions.md => understand-wdac-policy-design-decisions.md} (83%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md => use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md} (96%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-with-intelligent-security-graph.md => use-wdac-with-intelligent-security-graph.md} (97%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{use-windows-defender-application-control-with-dynamic-code-security.md => wdac-and-dotnet.md} (100%) rename windows/security/application-security/application-control/windows-defender-application-control/design/{windows-defender-application-control-design-guide.md => wdac-design-guide.md} (74%) rename windows/security/application-security/application-control/windows-defender-application-control/operations/{windows-defender-application-control-operational-guide.md => wdac-operational-guide.md} (97%) rename windows/security/application-security/application-control/windows-defender-application-control/{windows-defender-application-control.md => wdac.md} (83%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b8e929d41e..408dea7a97 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -21949,6 +21949,721 @@ "source_path": "windows/security/security-foundations.md", "redirect_url": "/windows/security/security-foundations/index", "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", + "redirect_document_id": false + }, + { + "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac", + "redirect_document_id": false } ] -} \ No newline at end of file +} diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 83799f7674..2f0412decb 100644 --- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -44,6 +44,6 @@ WDAC has no specific hardware or software requirements. ## Related articles -- [Windows Defender Application Control](../../threat-protection/windows-defender-application-control/windows-defender-application-control.md) +- [Windows Defender Application Control](windows-defender-application-control/wdac.md) - [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) - [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml index a0b92c4987..117ebc744f 100644 --- a/windows/security/application-security/application-control/toc.yml +++ b/windows/security/application-security/application-control/toc.yml @@ -10,6 +10,6 @@ items: - name: Windows Defender Application Control and virtualization-based protection of code integrity href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: Windows Defender Application Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md - name: Smart App Control - href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md + href: windows-defender-application-control/wdac.md diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md index 131622bbf4..9fd23384ff 100644 --- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md +++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md @@ -41,7 +41,7 @@ The following instructions provide details how to configure your devices. Select To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Local Policies Security Options`**: -:::image type="content" source="./images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="./images/uac-settings-catalog.png" border="True"::: +:::image type="content" source="images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="images/uac-settings-catalog.png" border="True"::: Assign the policy to a security group that contains as members the devices or users that you want to configure. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md index ab8014b9a5..3214920ad9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md @@ -29,7 +29,7 @@ ms.topic: article > [!NOTE] > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. +After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. ## Verifying Tags on Running Processes @@ -53,4 +53,4 @@ After verifying the policy has been deployed, the next step is to verify that th Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field. - ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) \ No newline at end of file + ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md index bf48be5b8d..e16747c375 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md @@ -32,7 +32,7 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg ## Deploy AppId tagging policies with MDM -Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). ## Deploy AppId tagging policies with Configuration Manager diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md index 0ed35d4d57..6b0042600b 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md @@ -31,11 +31,11 @@ ms.topic: article ## Create the policy using the WDAC Wizard -You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). +You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). 1. Create a new base policy using the templates: - Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. + Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. ![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png) @@ -59,7 +59,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power - Hash rules: Create a rule based off the PE Authenticode hash of a file. - For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../wdac-wizard-create-base-policy.md#creating-custom-file-rules). + For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules). 4. Convert to AppId Tagging Policy: @@ -72,9 +72,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power ## Create the policy using PowerShell -Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance: +Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance: -1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: +1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules: ```powershell $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath @@ -121,4 +121,4 @@ After creating your AppId Tagging policy in the above steps, you can deploy the RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925). ## Next Steps -For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](./debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). \ No newline at end of file +For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index b48a27a876..70c937a286 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -1,7 +1,7 @@ - name: Application Control for Windows href: index.yml - name: About application control for Windows - href: windows-defender-application-control.md + href: wdac.md expanded: true items: - name: WDAC and AppLocker Overview @@ -9,120 +9,120 @@ - name: WDAC and AppLocker Feature Availability href: feature-availability.md - name: Virtualization-based protection of code integrity - href: ../../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md + href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - name: WDAC design guide - href: windows-defender-application-control-design-guide.md + href: design/wdac-design-guide.md items: - name: Plan for WDAC policy lifecycle management - href: plan-windows-defender-application-control-management.md + href: design/plan-wdac-management.md - name: Design your WDAC policy items: - name: Understand WDAC policy design decisions - href: understand-windows-defender-application-control-policy-design-decisions.md + href: design/understand-wdac-policy-design-decisions.md - name: Understand WDAC policy rules and file rules - href: select-types-of-rules-to-create.md + href: design/select-types-of-rules-to-create.md items: - name: Allow apps installed by a managed installer - href: configure-authorized-apps-deployed-with-a-managed-installer.md + href: design/configure-authorized-apps-deployed-with-a-managed-installer.md - name: Allow reputable apps with Intelligent Security Graph (ISG) - href: use-windows-defender-application-control-with-intelligent-security-graph.md + href: design/use-wdac-with-intelligent-security-graph.md - name: Allow COM object registration - href: allow-com-object-registration-in-windows-defender-application-control-policy.md + href: design/allow-com-object-registration-in-wdac-policy.md - name: Use WDAC with .NET hardening - href: use-windows-defender-application-control-with-dynamic-code-security.md + href: design/wdac-and-dotnet.md - name: Script enforcement with Windows Defender Application Control href: design/script-enforcement.md - name: Manage packaged apps with WDAC - href: manage-packaged-apps-with-windows-defender-application-control.md + href: design/manage-packaged-apps-with-wdac.md - name: Use WDAC to control specific plug-ins, add-ins, and modules - href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md + href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md - name: Understand WDAC policy settings - href: understanding-wdac-policy-settings.md + href: design/understanding-wdac-policy-settings.md - name: Use multiple WDAC policies - href: deploy-multiple-windows-defender-application-control-policies.md + href: design/deploy-multiple-wdac-policies.md - name: Create your WDAC policy items: - name: Example WDAC base policies - href: example-wdac-base-policies.md + href: design/example-wdac-base-policies.md - name: Policy creation for common WDAC usage scenarios - href: types-of-devices.md + href: design/common-wdac-use-cases.md items: - name: Create a WDAC policy for lightly managed devices - href: create-wdac-policy-for-lightly-managed-devices.md + href: design/create-wdac-policy-for-lightly-managed-devices.md - name: Create a WDAC policy for fully managed devices - href: create-wdac-policy-for-fully-managed-devices.md + href: design/create-wdac-policy-for-fully-managed-devices.md - name: Create a WDAC policy for fixed-workload devices - href: create-initial-default-policy.md + href: design/create-wdac-policy-using-reference-computer.md - name: Create a WDAC deny list policy - href: create-wdac-deny-policy.md + href: design/create-wdac-deny-policy.md - name: Microsoft recommended block rules - href: microsoft-recommended-block-rules.md + href: design/microsoft-recommended-block-rules.md - name: Microsoft recommended driver block rules - href: microsoft-recommended-driver-block-rules.md + href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool - href: wdac-wizard.md + href: design/wdac-wizard.md items: - name: Create a base WDAC policy with the Wizard - href: wdac-wizard-create-base-policy.md + href: design/wdac-wizard-create-base-policy.md - name: Create a supplemental WDAC policy with the Wizard - href: wdac-wizard-create-supplemental-policy.md + href: design/wdac-wizard-create-supplemental-policy.md - name: Editing a WDAC policy with the Wizard - href: wdac-wizard-editing-policy.md + href: design/wdac-wizard-editing-policy.md - name: Creating WDAC Policy Rules from WDAC Events - href: wdac-wizard-parsing-event-logs.md + href: design/wdac-wizard-parsing-event-logs.md - name: Merging multiple WDAC policies with the Wizard - href: wdac-wizard-merging-policies.md + href: design/wdac-wizard-merging-policies.md - name: WDAC deployment guide - href: windows-defender-application-control-deployment-guide.md + href: deployment/wdac-deployment-guide.md items: - name: Deploy WDAC policies with MDM - href: deployment/deploy-windows-defender-application-control-policies-using-intune.md + href: deployment/deploy-wdac-policies-using-intune.md - name: Deploy WDAC policies with Configuration Manager href: deployment/deploy-wdac-policies-with-memcm.md - name: Deploy WDAC policies with script href: deployment/deploy-wdac-policies-with-script.md - name: Deploy WDAC policies with group policy - href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md + href: deployment/deploy-wdac-policies-using-group-policy.md - name: Audit WDAC policies - href: audit-windows-defender-application-control-policies.md + href: deployment/audit-wdac-policies.md - name: Merge WDAC policies - href: merge-windows-defender-application-control-policies.md + href: deployment/merge-wdac-policies.md - name: Enforce WDAC policies - href: enforce-windows-defender-application-control-policies.md + href: deployment/enforce-wdac-policies.md - name: Use code signing for added control and protection with WDAC - href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md + href: deployment/use-code-signing-for-better-control-and-protection.md items: - name: Deploy catalog files to support WDAC - href: deploy-catalog-files-to-support-windows-defender-application-control.md + href: deployment/deploy-catalog-files-to-support-wdac.md - name: Use signed policies to protect Windows Defender Application Control against tampering - href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md + href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md - name: "Optional: Create a code signing cert for WDAC" - href: create-code-signing-cert-for-windows-defender-application-control.md + href: deployment/create-code-signing-cert-for-wdac.md - name: Disable WDAC policies - href: disable-windows-defender-application-control-policies.md + href: deployment/disable-wdac-policies.md - name: LOB Win32 Apps on S Mode - href: LOB-win32-apps-on-s.md + href: deployment/LOB-win32-apps-on-s.md - name: WDAC operational guide - href: windows-defender-application-control-operational-guide.md + href: operations/wdac-operational-guide.md items: - name: WDAC debugging and troubleshooting href: operations/wdac-debugging-and-troubleshooting.md - name: Understanding Application Control event IDs - href: event-id-explanations.md + href: operations/event-id-explanations.md - name: Understanding Application Control event tags - href: event-tag-explanations.md + href: operations/event-tag-explanations.md - name: Query WDAC events with Advanced hunting - href: querying-application-control-events-centrally-using-advanced-hunting.md + href: operations/querying-application-control-events-centrally-using-advanced-hunting.md - name: Known Issues href: operations/known-issues.md - name: Managed installer and ISG technical reference and troubleshooting guide - href: configure-wdac-managed-installer.md + href: operations/configure-wdac-managed-installer.md - name: CITool.exe technical reference href: operations/citool-commands.md - name: Inbox WDAC policies href: operations/inbox-wdac-policies.md - name: WDAC AppId Tagging guide - href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md + href: AppIdTagging/wdac-appid-tagging-guide.md items: - name: Creating AppId Tagging Policies href: AppIdTagging/design-create-appid-tagging-policies.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index d04546c8ee..53939061e2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -70,7 +70,7 @@ Just as there are differences in managing each rule collection, you need to mana 1. Gather information about which Packaged apps are running in your environment. For information about how to gather this information, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md). -2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](./understanding-applocker-default-rules.md). +2. Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](understanding-applocker-default-rules.md). 3. Continue to update the AppLocker policies as new package apps are introduced into your environment. To do this update, see [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md index 04b3c1eaac..7091e768a8 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md @@ -19,7 +19,7 @@ ms.topic: how-to - Windows 10 > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe. @@ -31,7 +31,7 @@ For an overview and brief demo of this feature, see this video: ## Policy authorization process -![Basic diagram of the policy authorization flow.](images/wdac-intune-policy-authorization.png) +![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png) The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning. @@ -39,7 +39,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more. - For more information on creating supplemental policies, see [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md). + For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). The following instructions are a basic set for creating an S mode supplemental policy: @@ -81,7 +81,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi 2. Sign the policy. - Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md). + Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md). > [!TIP] > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669). @@ -97,19 +97,19 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi ## Standard process for deploying apps through Intune -![Basic diagram for deploying apps through Intune.](images/wdac-intune-app-deployment.png) +![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png) For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management). ## Optional: Process for deploying apps using catalogs -![Basic diagram for deploying Apps using catalogs.](images/wdac-intune-app-catalogs.png) +![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png) Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well. Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate. -The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md). +The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md). > [!NOTE] > Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md similarity index 84% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md index 356adb95d7..686a78ea90 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included. @@ -36,18 +36,18 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav ## Overview of the process to create WDAC policy to allow apps using audit events > [!Note] -> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md). +> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md). To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy. 1. Install and run an application not allowed by the WDAC policy but that you want to allow. -2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). +2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md). **Figure 1. Exceptions to the deployed WDAC policy** - ![Event showing exception to WDAC policy.](images/dg-fig23-exceptionstocode.png) + ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png) -3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. +3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. ```powershell $PolicyName= "Lamna_FullyManagedClients_Audit" @@ -63,9 +63,9 @@ To familiarize yourself with creating WDAC rules from audit events, follow these ``` > [!NOTE] - > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md). + > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md). -5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)). +5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)). 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level. @@ -74,6 +74,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy. - For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md). + For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md). 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md index 8050e17b08..60cb8e35f1 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md @@ -27,9 +27,9 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md). +As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md). If you have an internal CA, complete these steps to create a code signing certificate. @@ -45,7 +45,7 @@ If you have an internal CA, complete these steps to create a code signing certif 2. When connected, right-click **Certificate Templates**, and then select **Manage** to open the Certification Templates Console. - ![CA snap-in showing Certificate Templates.](images/dg-fig27-managecerttemp.png) + ![CA snap-in showing Certificate Templates.](../images/dg-fig27-managecerttemp.png) Figure 1. Manage the certificate templates @@ -61,7 +61,7 @@ If you have an internal CA, complete these steps to create a code signing certif 8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2. - ![Edit Basic Constraints Extension.](images/dg-fig29-enableconstraints.png) + ![Edit Basic Constraints Extension.](../images/dg-fig29-enableconstraints.png) Figure 2. Select constraints on the new template @@ -77,7 +77,7 @@ When this certificate template has been created, you must publish it to the CA p 1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then select **Certificate Template to Issue**, as shown in Figure 3. - ![Select Certificate Template to Issue.](images/dg-fig30-selectnewcert.png) + ![Select Certificate Template to Issue.](../images/dg-fig30-selectnewcert.png) Figure 3. Select the new certificate template to issue @@ -95,7 +95,7 @@ Now that the template is available to be issued, you must request one from the c 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4. - ![Request Certificates: more information required.](images/dg-fig31-getmoreinfo.png) + ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png) Figure 4. Get more information for your code signing certificate diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md similarity index 94% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md index e49832fb80..70818583a2 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md @@ -21,11 +21,11 @@ ms.technology: itpro-security - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). *Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging. -You need to [obtain a code signing certificate for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. +You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism. Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned. @@ -46,7 +46,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip" ``` - Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deployment/deploy-wdac-policies-with-script.md). + Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md). 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C: @@ -121,7 +121,7 @@ For the code signing certificate that you use to sign the catalog file, import i 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. - ![Digital Signature list in file Properties.](images/dg-fig12-verifysigning.png) + ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png) Figure 1. Verify that the signing certificate exists. @@ -144,7 +144,7 @@ The following process walks you through the deployment of a signed catalog file > [!NOTE] > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies. - ![Group Policy Management, create a GPO.](images/dg-fig13-createnewgpo.png) + ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png) Figure 2. Create a new GPO. @@ -154,7 +154,7 @@ The following process walks you through the deployment of a signed catalog file 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3. - ![Group Policy Management Editor, New File.](images/dg-fig14-createnewfile.png) + ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png) Figure 3. Create a new file. @@ -164,7 +164,7 @@ The following process walks you through the deployment of a signed catalog file 7. To keep versions consistent, in the **New File Properties** dialog box as shown in Figure 4, select **Replace** from the **Action** list so that the newest version is always used. - ![File Properties, Replace option.](images/dg-fig15-setnewfileprops.png) + ![File Properties, Replace option.](../images/dg-fig15-setnewfileprops.png) Figure 4. Set the new file properties. @@ -197,7 +197,7 @@ Complete the following steps to create a new deployment package for catalog file 3. Name the package, set your organization as the manufacturer, and select an appropriate version number. - ![Create Package and Program Wizard.](images/dg-fig16-specifyinfo.png) + ![Create Package and Program Wizard.](../images/dg-fig16-specifyinfo.png) Figure 5. Specify information about the new package. @@ -218,7 +218,7 @@ Complete the following steps to create a new deployment package for catalog file - From the **Program can run** list, select **Whether or not a user is logged on**. - From the **Drive mode** list, select **Runs with UNC name**. - ![Standard Program page of wizard.](images/dg-fig17-specifyinfo.png) + ![Standard Program page of wizard.](../images/dg-fig17-specifyinfo.png) Figure 6. Specify information about the standard program. @@ -246,7 +246,7 @@ After you create the deployment package, deploy it to a collection so that the c - Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box. - ![Deploy Software Wizard, User Experience page.](images/dg-fig18-specifyux.png) + ![Deploy Software Wizard, User Experience page.](../images/dg-fig18-specifyux.png) Figure 7. Specify the user experience. @@ -271,13 +271,13 @@ You can configure software inventory to find catalog files on your managed syste 3. Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8. - ![Create Custom Client Device Settings.](images/dg-fig19-customsettings.png) + ![Create Custom Client Device Settings.](../images/dg-fig19-customsettings.png) Figure 8. Select custom settings. 4. In the navigation pane, select **Software Inventory**, and then select **Set Types**, as shown in Figure 9. - ![Software Inventory settings for devices.](images/dg-fig20-setsoftwareinv.png) + ![Software Inventory settings for devices.](../images/dg-fig20-setsoftwareinv.png) Figure 9. Set the software inventory. @@ -290,7 +290,7 @@ You can configure software inventory to find catalog files on your managed syste 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type `C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}` in the box, as shown in Figure 10. - ![Path Properties, specifying a path.](images/dg-fig21-pathproperties.png) + ![Path Properties, specifying a path.](../images/dg-fig21-pathproperties.png) Figure 10. Set the path properties. @@ -313,7 +313,7 @@ At the time of the next software inventory cycle, when the targeted clients rece ## Allow apps signed by your catalog signing certificate in your WDAC policy -Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md). +Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md). On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md index 752243780c..872207d1e5 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md @@ -30,7 +30,7 @@ ms.topic: article > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +50,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**. > [!NOTE] - > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../plan-windows-defender-application-control-management.md). + > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md). ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md similarity index 93% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md index 0e8b582520..cd5f506394 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md @@ -26,7 +26,7 @@ ms.topic: how-to You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps. > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. @@ -50,7 +50,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo ## Deploy WDAC policies with custom OMA-URI > [!NOTE] -> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy. +> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy. You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index b674d5c2b0..3ac58c1eee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -31,7 +31,7 @@ This article describes how to deploy Windows Defender Application Control (WDAC) You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide). > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md index be973cf600..2ab7c24e05 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). ## Removing WDAC policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md similarity index 89% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md index 082b0a5d27..42f310f7fc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md @@ -24,7 +24,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode. @@ -33,11 +33,11 @@ You should now have one or more Windows Defender Application Control policies br ## Convert WDAC **base** policy from audit to enforced -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout. -Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. +Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode. 1. Initialize the variables that will be used and create the enforced policy by copying the audit version. @@ -111,4 +111,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure, ## Deploy your enforced policy and supplemental policies -Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md index 53b1e0a448..22722ec984 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md @@ -24,7 +24,7 @@ ms.localizationpriority: medium - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases. @@ -33,7 +33,7 @@ This article shows how to merge multiple policy XML files together and how to me ## Merge multiple WDAC policy XML files together -There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. +There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session. 1. Initialize the variables that will be used: @@ -57,7 +57,7 @@ There are many scenarios where you may want to merge two or more policy files to Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps: -1. Install the [WDAC Wizard](wdac-wizard.md) packaged MSIX app. +1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app. 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe. 3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard: @@ -94,4 +94,4 @@ Now that you have your new, merged policy, you can convert and deploy the policy 2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration). -3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md) +3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md index 32b34dfe20..3a3a773007 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md @@ -21,7 +21,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). ## What is code signing and why is it important? @@ -38,7 +38,7 @@ You can use catalog files to easily add a signature to an existing application w > [!NOTE] > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge. -To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md). +To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md). ## Signed WDAC policies @@ -51,5 +51,5 @@ For more information on using signed policies, see [Use signed policies to prote Some ways to obtain code signing certificates for your own use, include: - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list). -- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md similarity index 92% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md index ef0985446c..cba5e21c90 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md @@ -21,11 +21,11 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies. -If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use). +If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use). > [!WARNING] > Boot failure, or blue screen, may occur if your signing certificate doesn't follow these rules: @@ -35,7 +35,7 @@ If you don't currently have a code signing certificate you can use to sign your > - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256. > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING. -Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md). +Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](../design/select-types-of-rules-to-create.md). > [!NOTE] > When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a `` rule to the Base policy. @@ -51,7 +51,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!NOTE] - > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. + > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information. 2. Navigate to your desktop as the working directory: @@ -71,7 +71,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne ``` > [!IMPORTANT] - > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-windows-defender-application-control-policies.md#remove-wdac-policies-causing-boot-stop-failures). + > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures). 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option: @@ -101,7 +101,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files: -1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md). +1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md). 2. Sign the WDAC policy by using SignTool.exe: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md similarity index 81% rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md index 57b049afc6..5bcc3df869 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/windows-defender-application-control-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md @@ -21,9 +21,9 @@ ms.topic: overview - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding. +You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding. ## Convert your WDAC policy XML to binary @@ -56,13 +56,13 @@ All Windows Defender Application Control policy changes should be deployed in au ## Choose how to deploy WDAC policies > [!IMPORTANT] -> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deployment/deploy-wdac-policies-with-script.md) in this case. +> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case. > > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity. There are several options to deploy Windows Defender Application Control policies to managed endpoints, including: -- [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune -- [Deploy using Microsoft Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md) -- [Deploy via script](deployment/deploy-wdac-policies-with-script.md) -- [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) +- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune +- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md) +- [Deploy via script](deploy-wdac-policies-with-script.md) +- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md index abfdd65aed..c756bd371a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-windows-defender-application-control-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md). The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md index 4d96a0ba7f..b691f92753 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/types-of-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md index 9c86b54151..aef6ba62ee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. @@ -230,15 +230,15 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables Set-RuleOption -FilePath -Option 13 ``` -4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md). +4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md). > [!NOTE] > Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer. ## Remove Managed Installer feature -To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). +To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](../applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems). ## Related articles -- [Managed installer and ISG technical reference and troubleshooting guide](configure-wdac-managed-installer.md) +- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md index ff87d17d02..1fa35ceece 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md @@ -72,7 +72,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist ## Best Practices -1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md) +1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md) 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md index d19e40f9be..1a5b9cfab4 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md @@ -27,14 +27,14 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. @@ -163,5 +163,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra ## Up next -- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-initial-default-policy.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md) +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md index af912de157..baaa84f8ed 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md @@ -27,14 +27,14 @@ ms.technology: itpro-security - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later articles. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As in [Windows Defender Application Control deployment in different scenarios: types of devices](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads. @@ -97,7 +97,7 @@ Alice follows these steps to complete this task: 1. Modify the policy to remove unsupported rule: > [!NOTE] - > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. + > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step. ```powershell [xml]$xml = Get-Content $LamnaPolicy @@ -191,7 +191,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m - **Intelligent Security Graph (ISG)** - See [security considerations with the Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) + See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option) Possible mitigations: @@ -227,4 +227,4 @@ In order to minimize user productivity impact, Alice has defined a policy that m ## Up next - [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) -- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md) \ No newline at end of file +- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md index 7a10547365..4662dad7e3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-initial-default-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md @@ -27,14 +27,14 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity. > [!NOTE] > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs. -As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. +As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices. **Alice Pena** is the IT team lead tasked with the rollout of WDAC. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md index 63c927ae1a..8e813aa5e3 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios: @@ -116,4 +116,3 @@ For more information on deploying multiple policies, optionally using Microsoft * If the maximum number of policies is exceeded, the device may bluescreen referencing ci.dll with a bug check value of 0x0000003b. * If policies are loaded without requiring a reboot such as `PS_UpdateAndCompareCIPolicy`, they will still count towards this limit. * This may pose an especially large challenge if the value of `{PolicyGUID}.cip` changes between releases. It may result in a long window between a change and the resultant reboot. - diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md index fdbd1d7ecc..dbb673367a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md @@ -21,7 +21,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md). When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md index aa63cd5b61..f59bdf57ac 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy. @@ -96,7 +96,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o 7. Select **Create Rule**. 8. Create any other rules desired, then complete the Wizard. -![Create PFN rule from WDAC Wizard](images/wdac-wizard-custom-pfn-rule.png) +![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png) ##### Create a PFN rule using a custom string @@ -109,4 +109,4 @@ Use the following steps to create a PFN rule with a custom string value: 5. Select **Create Rule**. 6. Create any other rules desired, then complete the Wizard. -![Create PFN rule with custom string from WDAC Wizard](images/wdac-wizard-custom-manual-pfn-rule.png) +![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md index 3b7f22c1df..7b766bd429 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md @@ -21,7 +21,7 @@ ms.topic: reference - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC. @@ -1540,4 +1540,4 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and ## More information -- [Merge WDAC policies](merge-windows-defender-application-control-policies.md) +- [Merge WDAC policies](../deployment/merge-wdac-policies.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md index 30b8468bf4..b45d22101e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md @@ -63,7 +63,7 @@ Customers who always want the most up-to-date driver blocklist can also use Wind ## Blocking vulnerable drivers using WDAC -Microsoft recommends enabling [HVCI](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events. +Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events. > [!IMPORTANT] > Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy will prevent the existing driver from loading. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md similarity index 91% rename from windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md index ae484f697c..1680dc927c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-windows-defender-application-control-management.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above >[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies. @@ -37,7 +37,7 @@ The first step in implementing application control is to consider how your polic Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include: -1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. +1. [Define (or refine) the "circle-of-trust"](understand-wdac-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing. 2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices. 3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks. 4. Repeat steps 2-3 until the remaining block events meet expectations. @@ -45,7 +45,7 @@ Most Windows Defender Application Control policies will evolve over time and pro 6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly. 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes. -![Recommended WDAC policy deployment process.](images/policyflow.png) +![Recommended WDAC policy deployment process.](../images/policyflow.png) ### Keep WDAC policies in a source control or document management solution @@ -56,7 +56,7 @@ To effectively manage Windows Defender Application Control policies, you should Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy. > [!NOTE] -> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. +> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-wdac-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10. > PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy. In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0"). @@ -71,7 +71,7 @@ Each time that a process is blocked by Windows Defender Application Control, eve Collecting these events in a central location can help you maintain your Windows Defender Application Control policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)). -Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature. +Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md) feature. ## Application and user support policy diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md index a3454bee50..566adf1ecf 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and later > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Windows Defender Application Control (WDAC) can control what runs on Windows 10, Windows 11, and Windows Server 2016 and later, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. @@ -117,7 +117,7 @@ As part of normal operations, they'll eventually install software updates, or pe ## File rule precedence order -WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md) if allowed by the policy. +WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-wdac-with-intelligent-security-graph.md) if allowed by the policy. > [!NOTE] > To make it easier to reason over your WDAC policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple WDAC policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md similarity index 83% rename from windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md index a32f372530..260bcc2649 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-windows-defender-application-control-policy-design-decisions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment. @@ -44,7 +44,7 @@ You should consider using Windows Defender Application Control as part of your o ## Decide what policies to create -Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. +Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-wdac-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create. The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML. @@ -63,8 +63,8 @@ Organizations with well-defined, centrally managed app management and deployment | Possible answers | Design considerations| | - | - | | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. | -| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | -| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | +| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-wdac-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. | +| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. | | Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.| ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed? @@ -73,8 +73,8 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p | Possible answers | Design considerations | | - | - | -| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | -| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | +| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). | +| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | ### Are there specific groups in your organization that need customized application control policies? diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md similarity index 96% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 041c912aaf..8917ce9e35 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser): diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md similarity index 97% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md index 6fbf9468f0..0b93c72c93 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md @@ -27,7 +27,7 @@ ms.topic: article - Windows Server 2019 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy. @@ -112,4 +112,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. > [!NOTE] -> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). +> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md similarity index 100% rename from windows/security/application-security/application-control/windows-defender-application-control/design/use-windows-defender-application-control-with-dynamic-code-security.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md similarity index 74% rename from windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md index 11fc572242..975b08105c 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/windows-defender-application-control-design-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). This guide covers design and planning for Windows Defender Application Control (WDAC). It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization. @@ -46,10 +46,10 @@ Once these business factors are in place, you're ready to begin planning your Wi | Topic | Description | | - | - | -| [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | +| [Plan for WDAC policy management](plan-wdac-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | +| [Understand WDAC policy design decisions](understand-wdac-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. | | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. | -| [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | +| [Policy creation for common WDAC usage scenarios](common-wdac-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. | | [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. | -After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. +After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/wdac-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md index 90f887da4e..ae6861abc9 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md @@ -27,9 +27,9 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). -When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. +When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. ## Template Base Policies @@ -39,13 +39,13 @@ Each of the template policies has a unique set of policy allowlist rules that af |---------------------------------|-------------------------------------------------------------------| | **Default Windows Mode** | Default Windows mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
| | **Allow Microsoft Mode** | Allow mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • *All Microsoft-signed software*
| -| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-windows-defender-application-control-with-intelligent-security-graph.md)*
| +| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components:
  • Windows operating components - any binary installed by a fresh install of Windows
  • Apps installed from the Microsoft Store
  • Microsoft Office365 apps, OneDrive, and Microsoft Teams
  • Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)
  • All Microsoft-signed software
  • *Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-wdac-with-intelligent-security-graph.md)*
| *Italicized content denotes the changes in the current policy with respect to the policy prior.* More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md). -![Selecting a base template for the policy.](images/wdac-wizard-template-selection.png) +![Selecting a base template for the policy.](../images/wdac-wizard-template-selection.png) Once the base template is selected, give the policy a name and choose where to save the application control policy on disk. @@ -62,7 +62,7 @@ The following table has a description of each policy rule, beginning with the le | **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. | | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. | -|**[Hypervisor-protected code integrity (HVCI)](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| +|**[Hypervisor-protected code integrity (HVCI)](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.| | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). | | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows–compatible driver must be WHQL certified. | @@ -71,7 +71,7 @@ The following table has a description of each policy rule, beginning with the le | **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | > [!div class="mx-imgBorder"] -> ![Rule options UI for Windows Allowed mode policy.](images/wdac-wizard-rule-options-UI-advanced-collapsed.png) +> ![Rule options UI for Windows Allowed mode policy.](../images/wdac-wizard-rule-options-UI-advanced-collapsed.png) ### Advanced Policy Rules Description @@ -86,7 +86,7 @@ Selecting the **+ Advanced Options** label shows another column of policy rules, | **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files authorized by the ISG.| | **Require EV Signers** | This option isn't currently supported. | -![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-rule-options-UI.png) > [!NOTE] > We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. @@ -107,7 +107,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -125,7 +125,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Internal name** | Specifies the internal name of the binary. | > [!div class="mx-imgBorder"] -> ![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png) +> ![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) ### File Hash Rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md index a37f25ff34..832e10d402 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md @@ -27,25 +27,25 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run. -Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. +Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules. ## Expanding a Base Policy Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard verifies if the base policy allows supplementals and shows the following confirmation. -![Base policy allows supplemental policies.](images/wdac-wizard-supplemental-expandable.png) +![Base policy allows supplemental policies.](../images/wdac-wizard-supplemental-expandable.png) If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed. -![Wizard confirms modification of base policy.](images/wdac-wizard-confirm-base-policy-modification.png) +![Wizard confirms modification of base policy.](../images/wdac-wizard-confirm-base-policy-modification.png) -Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-windows-defender-application-control-policies.md). +Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-wdac-policies.md). -![Wizard detects a bad base policy.](images/wdac-wizard-supplemental-not-base.png) +![Wizard detects a bad base policy.](../images/wdac-wizard-supplemental-not-base.png) ## Configuring Policy Rules @@ -63,7 +63,7 @@ Supplemental policies can only configure three policy rules. The following table | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. | | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. | -![Rule options UI for Windows Allowed mode.](images/wdac-wizard-supplemental-policy-rule-options-UI.png) +![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-supplemental-policy-rule-options-UI.png) ## Creating custom file rules @@ -81,7 +81,7 @@ The Publisher file rule type uses properties in the code signing certificate cha | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. | -![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png) +![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png) ### Filepath Rules @@ -98,7 +98,7 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c | **Product name** | Specifies the name of the product with which the binary ships. | | **Internal name** | Specifies the internal name of the binary. | -![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png) +![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png) ### File Hash Rules diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md index 89d6fab2aa..22efa4f283 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md @@ -27,7 +27,7 @@ ms.technology: itpro-security - Windows Server 2016 and above > [!NOTE] -> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md). The Windows Defender Application Control Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: