Merge branch 'main' into WDAC-Docs

windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md

@@ -91,7 +91,7 @@ However, the device may still be eligible for other managed updates. For more in
 
 ## Allow or block Microsoft 365 App updates
 
-For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. You can choose to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
+For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
 
 **To allow or block Microsoft 365 App updates:**
 

windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md

@@ -31,18 +31,18 @@ This article describes how to deploy Windows Defender Application Control (WDAC)
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. Skip all steps below that use citool.exe, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
 ## Deploying policies for Windows 11 22H2 and above
 
-You can use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the following example with the actual path to your WDAC policy binary file.
+You can use the inbox [CiTool](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the following example with the actual path to your WDAC policy binary file.
 
 ```powershell
 # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
 $PolicyBinary = "<Path to policy binary file to deploy>"
-citool.exe --update-policy $PolicyBinary --json
+CiTool --update-policy $PolicyBinary [-json]
 ```
 
 ## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above

windows/security/threat-protection/windows-defender-application-control/index.yml

@@ -91,8 +91,10 @@ landingContent:
         links:
           - text: Using signed policies to protect against tampering
             url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
-          - text: Audit and enforce policies
-            url: audit-and-enforce-windows-defender-application-control-policies.md
+          - text: Audit mode policies
+            url: audit-windows-defender-application-control-policies.md
+          - text: Enforcement mode policies
+            url: enforce-windows-defender-application-control-policies.md
           - text: Disabling WDAC policies
             url: disable-windows-defender-application-control-policies.md
       - linkListType: tutorial

windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md

@@ -11,9 +11,9 @@ ms.prod: windows-client
 ms.technology: itpro-security
 ---
 
-# CITool.exe technical reference
+# CiTool technical reference
 
-CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies.  CI Tool is currently included in Windows 11, version 22H2.
+CiTool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CiTool to update and manage policies.  CiTool is currently included as part of the Windows image in Windows 11 version 22H2.
 
 ## Policy Commands
 
@@ -44,33 +44,45 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 
 ## Examples
 
-1. Deploy a WDAC policy onto the system
+1. Deploy a WDAC policy
 
     ```powershell
-    PS C:\Users\<USER> CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
-    Operation Successful
-    Press Enter to Continue
+    CiTool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
     ```
 
-2. Refresh the WDAC policies
+2. Refresh the WDAC policies on the system
 
     ```powershell
-    PS C:\Users\<USER> CITool --refresh
-    Operation Successful
+    CiTool --refresh
     ```
 
 3. Remove a specific WDAC policy by its policy ID
 
     ```powershell
-    PS C:\Users\<USER> CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
-    Operation Successful
-    Press Enter to Continue
+    CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
     ```
 
-4. Display the help menu
+4. List the actively enforced WDAC policies on the system
 
     ```powershell
-    PS C:\Users\<USER> CITool -h
+    $wdacPolicies = (CiTool -lp -json | ConvertFrom-Json).Policies
+   
+    # Check each policy's IsEnforced state and return only the enforced policies
+    foreach($wdacPolicy in $wdacPolicies ){
+    
+        if($wdacPolicy.IsEnforced)
+        {
+            Write-Host $wdacPolicy.FriendlyName
+            Write-Host $wdacPolicy.PolicyID "`n"
+        }
+    }
+    
+    ```
+
+5. Display the help menu
+
+    ```powershell
+    CiTool -h
 
     ----------------------------- Policy Commands ---------------------------------
       --update-policy /Path/To/Policy/File