diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index 38a2894c80..54589ae7b4 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -80,6 +80,11 @@
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/apps.md",
       "redirect_url": "/windows/security/application-security",
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
index 70c937a286..3815f2af27 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
@@ -55,8 +55,8 @@
               href: design/create-wdac-policy-using-reference-computer.md
             - name: Create a WDAC deny list policy
               href: design/create-wdac-deny-policy.md
-            - name: Microsoft recommended block rules
-              href: design/microsoft-recommended-block-rules.md
+            - name: Applications that can bypass WDAC and how to block them
+              href: design/applications-that-can-bypass-wdac.md
             - name: Microsoft recommended driver block rules
               href: design/microsoft-recommended-driver-block-rules.md
         - name: Use the WDAC Wizard tool
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
index ebc63fd06e..bcce7c5578 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
@@ -1,15 +1,15 @@
 ---
-title: Microsoft recommended block rules
+title: Applications that can bypass WDAC and how to block them
 description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
 ms.localizationpriority: medium
 ms.date: 06/14/2023
 ms.topic: reference
 ---
 
-# Microsoft recommended block rules
+# Applications that can bypass WDAC and how to block them
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
 
 Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
index 116b217e84..1b1d46e536 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
@@ -33,8 +33,8 @@ landingContent:
         links:
           - text: Using code signing to simplify application control
             url: deployment/use-code-signing-for-better-control-and-protection.md
-          - text: Microsoft's Recommended Blocklist
-            url: design/microsoft-recommended-block-rules.md
+          - text: Applications that can bypass WDAC and how to block them
+            url: design/applications-that-can-bypass-wdac.md
           - text: Microsoft's Recommended Driver Blocklist
             url: design/microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
index dee33405bb..7ee7a13013 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
@@ -47,7 +47,7 @@ Smart App Control is only available on clean installation of Windows 11 version
 
 ### Smart App Control Enforced Blocks
 
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control:
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control:
 
 - Infdefaultinstall.exe
 - Microsoft.Build.dll
diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 834f56a321..809b88492a 100644
--- a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -1,19 +1,25 @@
 ---
-title: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
-ms.date: 09/23/2021
+title: How to configure cryptographic settings for IKEv2 VPN connections
+description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections.
+ms.date: 06/28/2023
 ms.topic: how-to
 ---
 
-# How to configure Diffie Hellman protocol over IKEv2 VPN connections
+# How to configure cryptographic settings for IKEv2 VPN connections
 
-In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges.
+In IKEv2 VPN connections, the default setting for IKEv2 cryptographic settings are:
+
+- Encryption Algorithm           : DES3  
+- Integrity, Hash Algorithm      : SHA1  
+- Diffie Hellman Group (Key Size): DH2
+
+These settings aren't secure for IKE exchanges.  
 
 To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.
 
 ## VPN server
 
-For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration.
+For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. These settings are effective for all IKEv2 VPN connections.
 
 ```powershell
 Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy
@@ -30,7 +36,43 @@ Set-VpnServerIPsecConfiguration -CustomPolicy
 For VPN client, you need to configure each VPN connection. 
 For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection:
 
-
 ```powershell
 Set-VpnConnectionIPsecConfiguration -ConnectionName <String>
-```
\ No newline at end of file
+```
+
+## IKEv2 Crypto Settings Example
+
+The following commands configure the IKEv2 cryptographic settings to:  
+
+- Encryption Algorithm           : AES128  
+- Integrity, Hash Algorithm      : SHA256  
+- Diffie Hellman Group (Key Size): DH14  
+
+### IKEv2 VPN Server  
+
+```powershell
+Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -SALifeTimeSeconds 28800 -MMSALifeTimeSeconds 86400 -SADataSizeForRenegotiationKilobytes 1024000  
+restart-service RemoteAccess -PassThru
+```
+
+If you need to switch back to the default IKEv2 settings, use this command:
+
+```powershell
+Set-VpnServerConfiguration -TunnelType IKEv2 -RevertToDefault  
+restart-service RemoteAccess -PassThru
+```
+
+### IKEv2 VPN Client  
+
+```powershell
+Set-VpnConnectionIPsecConfiguration -ConnectionName <String - your VPN connection name> -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -Force
+```
+
+If you need to switch back to the default IKEv2 settings, use this command:
+
+```powershell
+Set-VpnConnectionIPsecConfiguration -ConnectionName <String - your VPN connection name> -RevertToDefault -Force
+```
+
+> [!TIP]  
+> If you're configuring a all-user VPN connection or a Device Tunnel you must use the `-AllUserConnection` parameter in the `Set-VpnConnectionIPsecConfiguration` command.  
\ No newline at end of file