Merge pull request #677 from Justinha/963317

revised section about disabling firewall

windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md

@@ -86,21 +86,27 @@ Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow
 
 ### Disable Windows Firewall
 
-Disabling Windows Firewall with Advanced Security can cause the following problems:
+Microsoft recommends that you do not disable Windows Firewall because you lose other benefits provided by the service, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, [Windows Service Hardening](http://go.microsoft.com/fwlink/?linkid=104976), and [boot time filters](https://blogs.technet.microsoft.com/networking/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy/). 
+
+Disabling Windows Firewall with Advanced Security can also cause problems, including:
 
 - Start menu can stop working
 - Modern applications can fail to install or update
 - Activation of Windows via phone fails 
 - Application or OS incompatibilities that depend on Windows Firewall
 
-Do not disable Windows Firewall with Advanced Security service by stopping the service. 
-The proper method to disable the Windows Firewall is to disable the Windows Firewall Profiles and leave the service running.
-Use the following procedure to turn the firewall off, or disable the Group Policy setting **Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Prolfile|Windows Firewall:Protect all network connections**. 
-For more information, see [Windows firewall with advanced security deployment guide](windows-firewall-with-advanced-security-deployment-guide.md).
-If you turn off the Windows Firewall with Advanced Security service, you lose other benefits provided by the service, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, [Windows Service Hardening](http://go.microsoft.com/fwlink/?linkid=104976), and [boot time filters](https://blogs.technet.microsoft.com/networking/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy/). 
+Microsoft recommends disabling Windows Firewall with Advanced Security only when installing a third-party firewall, and resetting Windows Firewall back to defaults when the third-party software is disabled or removed. 
+
+If disabling Windows Firewall with Advanced Security is required, do not disable it by stopping the Windows Firewall service (in the **Services** snap-in, the display name is Windows Firewall and the service name is MpsSvc).
+Stopping the Windows Firewall service is not supported by Microsoft.
+
 Non-Microsoft firewall software can programmatically disable only the parts of Windows Firewall with Advanced Security that need to be disabled for compatibility. 
 You should not disable the firewall yourself for this purpose. 
-Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft.
+
+The proper method to disable the Windows Firewall is to disable the Windows Firewall Profiles and leave the service running.
+
+Use the following procedure to turn the firewall off, or disable the Group Policy setting **Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Prolfile|Windows Firewall:Protect all network connections**. 
+For more information, see [Windows firewall with advanced security deployment guide](windows-firewall-with-advanced-security-deployment-guide.md).
 
 The following example disables Windows Firewall with Advanced Security for all profiles.