editorial cleanup

.openpublishing.redirection.json

@@ -19564,6 +19564,16 @@
       "source_path": "education/windows/get-minecraft-device-promotion.md",
       "redirect_url": "/education/windows/get-minecraft-for-education",
       "redirect_document_id": false
+     },
+     {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy",
+      "redirect_document_id": false
+     },
+     {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
+      "redirect_document_id": false
      }
   ]
 }

windows/security/threat-protection/windows-defender-application-control/TOC.yml

@@ -74,11 +74,11 @@
       items: 
         - name: Deploy WDAC policies with MDM
           href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
-        - name: Deploy WDAC policies with MEMCM
+        - name: Deploy WDAC policies with Configuration Manager
           href: deployment/deploy-wdac-policies-with-memcm.md
         - name: Deploy WDAC policies with script
           href: deployment/deploy-wdac-policies-with-script.md
-        - name: Deploy WDAC policies with Group Policy
+        - name: Deploy WDAC policies with group policy
           href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
         - name: Audit WDAC policies
           href: audit-windows-defender-application-control-policies.md

windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md

@@ -1,22 +1,19 @@
 ---
-title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)
+title: Deploy Windows Defender Application Control policies with Configuration Manager
-description: You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
+description: You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-keywords: security, malware
 ms.prod: m365-security
-audience: ITPro
-ms.collection: M365-security-compliance
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
-ms.manager: jsuther
-manager: dansimp
-ms.date: 06/27/2022
 ms.technology: windows-sec
-ms.topic: article
+ms.collection: M365-security-compliance
+author: jgeurten
+ms.reviewer: aaroncz
+ms.author: jogeurte
+manager: jsuther
+ms.date: 06/27/2022
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
-# Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM)
+# Deploy WDAC policies by using Microsoft Endpoint Configuration Manager
 
 **Applies to:**
 
@@ -24,14 +21,14 @@ ms.localizationpriority: medium
 - Windows 11
 - Windows Server 2016 and above
 
->[!NOTE]
+> [!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
 You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines.
 
 ## Use Configuration Manager's built-in policies
 
-Microsoft Endpoint Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
+Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
 
 - Windows components
 - Microsoft Store apps
@@ -39,60 +36,58 @@ Microsoft Endpoint Configuration Manager includes native support for WDAC, which
 - (Optional) Reputable apps as defined by the Intelligent Security Graph (ISG)
 - (Optional) Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints.
 
-Note that Configuration Manager does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
+Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
 
 ### Create a WDAC Policy in Configuration Manager
 
 1. Select **Asset and Compliance** > **Endpoint Protection** > **Windows Defender Application Control** > **Create Application Control Policy**
 
-![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy.jpg)
+    ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy.jpg)
 
 2. Enter the name of the policy > **Next**
 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes**
-4. Select the mode which you want the policy to run (Enforcement enabled / Audit Only) 
+4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only)
-5. Click **Next**
+5. Select **Next**
 
-![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy-2.jpg)
+    ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy-2.jpg)
 
 6. Select **Add** to begin creating rules for trusted software
 
-![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-wdac-rule.jpg)
+    ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-wdac-rule.jpg)
 
 7. Select **File** or **Folder** to create a path rule > **Browse**
 
-![Select a file or folder to create a path rule.](../images/memcm/memcm-create-wdac-rule-2.jpg)
+    ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-wdac-rule-2.jpg)
 
 8. Select the executable or folder for your path rule > **OK**
 
-![Select the executable file or folder.](../images/memcm/memcm-create-wdac-rule-3.jpg)
+    ![Select the executable file or folder.](../images/memcm/memcm-create-wdac-rule-3.jpg)
 
 9. Select **OK** to add the rule to the table of trusted files or folder
 10. Select **Next** to navigate to the summary page > **Close**
 
-![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-wdac-rule.jpg)
+    ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-wdac-rule.jpg)
 
-### Deploy the WDAC Policy in Configuration Manager
+### Deploy the WDAC policy in Configuration Manager
 
 1. Right-click the newly created policy > **Deploy Application Control Policy**
 
-![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-wdac.jpg)
+    ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-wdac.jpg)
 
 2. Select **Browse**
 
-![Select Browse.](../images/memcm/memcm-deploy-wdac-2.jpg)
+    ![Select Browse.](../images/memcm/memcm-deploy-wdac-2.jpg)
 
 3. Select the Device Collection you created earlier > **OK**
 
-![Select the device collection.](../images/memcm/memcm-deploy-wdac-3.jpg)
+    ![Select the device collection.](../images/memcm/memcm-deploy-wdac-3.jpg)
 
 4. Change the schedule > **OK**
 
-![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-wdac-4.jpg)
+    ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-wdac-4.jpg)
 
 For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
 
-The entire WDAC in Configuration Manager Lab Paper is available for download [here](/pdfs/WDAC-Deploy-WDAC-using-MEMCM.pdf).
-
 ## Deploy custom WDAC policies using Packages/Programs or Task Sequences
 
 Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.

windows/security/threat-protection/windows-defender-application-control/feature-availability.md

@@ -1,31 +1,26 @@
 ---
-title:  Windows Defender Application Control Feature Availability
+title:  Windows Defender Application Control feature availability
 description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
-ms.mktglfcycl: deploy
+ms.technology: windows-sec
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
 ms.collection: M365-security-compliance
-author: denisebmsft
+author: jgeurten
-ms.reviewer: jgeurten
+ms.reviewer: aaroncz
-ms.author: deniseb
+ms.author: jogeurte
-manager: dansimp
+manager: jsuther
 ms.date: 06/27/2022
 ms.custom: asr
-ms.technology: windows-sec
+ms.topic: overview
 ---
 
 # Windows Defender Application Control and AppLocker feature availability
 
 **Applies to:**
 
-- Windows 10
+- Windows 10
-- Windows 11
+- Windows 11
-- Windows Server 2016 and above
+- Windows Server 2016 and above
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.
@@ -34,7 +29,7 @@ ms.technology: windows-sec
 |-------------|------|-------------|
 | Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later  | Available on Windows 8 or later   |
 | SKU availability     | Cmdlets are available on all SKUs on 1909+ builds.<br>For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.  | Policies deployed through GP are only effective on Enterprise devices.<br>Policies deployed through MDM are effective on all SKUs.  |
-| Management solutions   | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Manager Configuration Manager (MEMCM)](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via Software Distribution)</li><li>[Group Policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>MEMCM (custom policy deployment via Software Distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
+| Management solutions   | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
 | Per-User and Per-User group rules | Not available (policies are device-wide)  | Available on Windows 8+  |
 | Kernel mode policies  | Available on all Windows 10 versions and Windows 11  | Not available |
 | Per-app rules  | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md)  | Not available |

windows/security/threat-protection/windows-defender-application-control/index.yml

@@ -100,11 +100,11 @@ landingContent:
         links:
           - text: Deployment with MDM
             url: deployment/deploy-windows-defender-application-control-policies-using-intune.md
-          - text: Deployment with MEMCM
+          - text: Deployment with Configuration Manager
             url: deployment/deploy-wdac-policies-with-memcm.md
           - text: Deployment with script and refresh policy
             url: deployment/deploy-wdac-policies-with-script.md
-          - text: Deployment with Group Policy
+          - text: Deployment with group policy
             url: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
   # Card
   - title: Learn how to monitor WDAC events

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md

@@ -1,21 +1,16 @@
 ---
-title: Deploying Windows Defender Application Control (WDAC) policies (Windows)
+title: Deploying Windows Defender Application Control (WDAC) policies
 description: Learn how to plan and implement a WDAC deployment.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-ms.collection: M365-security-compliance
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: dansimp
-manager: dansimp
-ms.date: 06/27/2022
 ms.technology: windows-sec
+ms.localizationpriority: medium
+ms.collection: M365-security-compliance
+author: jgeurten
+ms.reviewer: aaroncz
+ms.author: jogeurte
+manager: jsuther
+ms.date: 06/27/2022
+ms.topic: overview
 ---
 
 # Deploying Windows Defender Application Control (WDAC) policies
@@ -41,7 +36,7 @@ All Windows Defender Application Control policy changes should be deployed in au
 
 There are several options to deploy Windows Defender Application Control policies to managed endpoints, including:
 
-1. [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune
+- [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune
-2. [Deploy using Microsoft Endpoint Configuration Manager (MEMCM)](deployment/deploy-wdac-policies-with-memcm.md)
+- [Deploy using Microsoft Endpoint Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md)
-3. [Deploy via script](deployment/deploy-wdac-policies-with-script.md)
+- [Deploy via script](deployment/deploy-wdac-policies-with-script.md)
-4. [Deploy via Group Policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md)
+- [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md)