added new topics

2025-05-29 13:47:23 +00:00 · 2018-04-18 16:57:56 -07:00 · 2018-04-18 16:57:56 -07:00 · 85ee6203af
commit 85ee6203af
parent f6553f05f5
5 changed files with 210 additions and 624 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md
@ -50,8 +50,6 @@
 #### [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md)
 #### [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md)
 ### [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
 #### [Document your application control management processes](document-your-application-control-management-processes.md)
 ### [Create your AppLocker planning document](create-your-applocker-planning-document.md)
 ## [AppLocker deployment guide](applocker-policies-deployment-guide.md)
 ### [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
 ### [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md)
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-planning-document.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-planning-document.md
@ -1,379 +0,0 @@
 ---
 title: Create your AppLocker planning document (Windows 10)
 description: This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document.
 ms.assetid: 41e49644-baf4-4514-b089-88adae2d624e
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
 ms.date: 09/21/2017
 ---
 # Create your AppLocker planning document
 **Applies to**
 -   Windows 10 
 -   Windows Server
 This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document.
 ## The AppLocker deployment design
 The design process and the planning document help you investigate application usage in your organization and record your findings so you can effectively deploy and maintain application control policies by using AppLocker.
 You should have completed these steps in the design and planning process:
 1.  [Determine your application control objectives](determine-your-application-control-objectives.md)
 2.  [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3.  [Select types of rules to create](select-types-of-rules-to-create.md)
 4.  [Determine Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 5.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
 ### AppLocker planning document contents
 Your planning document should contain:
 -   A list of business groups that will participate in the application control policy project, their requirements, a description of their business processes, and contact information.
 -   Application control policy project target dates, both for planning and deployment.
 -   A complete list of apps used by each business group (or organizational unit), including version information and installation paths.
 -   What condition to apply to rules governing each application (or whether to use the default set provided by AppLocker).
 -   A strategy for using Group Policy to deploy the AppLocker policies.
 -   A strategy in processing the application usage events generated by AppLocker.
 -   A strategy to maintain and manage AppLocker polices after deployment.
 ### Sample template for an AppLocker planning document
 You can use the following form to construct your own AppLocker planning document.
 **Business group**:
 **Operating system environment**: (Windows and non-Windows)
 <table>
 <colgroup>
 <col width="33%" />
 <col width="33%" />
 <col width="33%" />
 </colgroup>
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>Contacts</strong></p></td>
 <td align="left"><p>Business contact:</p></td>
 <td align="left"><p>Technical contact:</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Other departments</strong></p></td>
 <td align="left"><p>In this business group:</p></td>
 <td align="left"><p>Affected by this project:</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Security policies</strong></p></td>
 <td align="left"><p>Internal:</p></td>
 <td align="left"><p>Regulatory/compliance:</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Business goals</strong></p></td>
 <td align="left"><p>Primary:</p></td>
 <td align="left"><p>Secondary:</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Project target dates</strong></p></td>
 <td align="left"><p>Design signoff date:</p></td>
 <td align="left"><p>Policy deployment date:</p></td>
 </tr>
 </tbody>
 </table>
 **Rules**
 <table style="width:100%;">
 <colgroup>
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Organizational unit</th>
 <th align="left">Implement AppLocker?</th>
 <th align="left">Apps</th>
 <th align="left">Installation path</th>
 <th align="left">Use default rule or define new rule condition</th>
 <th align="left">Allow or deny</th>
 <th align="left">GPO name</th>
 <th align="left">Support policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p> </p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 </tbody>
 </table>
 **Event processing**
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">AppLocker event collection location</th>
 <th align="left">Archival policy</th>
 <th align="left">Analyzed?</th>
 <th align="left">Security policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p> </p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 </tbody>
 </table>
 **Policy maintenance**
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Rule update policy</th>
 <th align="left">App decommission policy</th>
 <th align="left">App version policy</th>
 <th align="left">App deployment policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p> </p></td>
 <td align="left"><p>Planned:</p>
 <p>Emergency:</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 </tbody>
 </table>
 ### Example of an AppLocker planning document
 **Rules**
 <table style="width:100%;">
 <colgroup>
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Organizational unit</th>
 <th align="left">Implement AppLocker?</th>
 <th align="left">Applications</th>
 <th align="left">Installation path</th>
 <th align="left">Use default rule or define new rule condition</th>
 <th align="left">Allow or deny</th>
 <th align="left">GPO name</th>
 <th align="left">Support policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Teller-East and Teller-West</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Teller Software</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\Teller.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>Tellers-AppLockerTellerRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p>
 <p></p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Create a path exception to the default rule to exclude \Windows\Temp</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>HR-All</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Check Payout</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Checkcut.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>HR-AppLockerHRRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Time Sheet Organizer</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Timesheet.exe</p></td>
 <td align="left"><p>File is not signed; create a file hash condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Internet Explorer 7</p></td>
 <td align="left"><p>C:\Program Files\Internet Explorer\</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Deny</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p>
 <p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Use the default rule for the Windows path</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 </tbody>
 </table>
 **Event processing**
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">AppLocker event collection location</th>
 <th align="left">Archival policy</th>
 <th align="left">Analyzed?</th>
 <th align="left">Security policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Forwarded to: AppLocker Event Repository on srvBT093</p></td>
 <td align="left"><p>Standard</p></td>
 <td align="left"><p>None</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>DO NOT FORWARD. srvHR004</p></td>
 <td align="left"><p>60 months</p></td>
 <td align="left"><p>Yes, summary reports monthly to managers</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 </tbody>
 </table>
 **Policy maintenance**
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Rule update policy</th>
 <th align="left">App decommission policy</th>
 <th align="left">App version policy</th>
 <th align="left">App deployment policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Planned: Monthly through business office triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through business office triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 12 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through business office</p>
 <p>30-day notice required</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>Planned: Monthly through HR triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through HR triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 60 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through HR</p>
 <p>30-day notice required</p></td>
 </tr>
 </tbody>
 </table>
 ### Additional resources
 -   The AppLocker Policies Design Guide is the predecessor to the AppLocker Policies Deployment Guide. When planning is complete, see the [AppLocker policies deployment guide](applocker-policies-deployment-guide.md).
 -   For more general info, see [AppLocker](applocker-overview.md).
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-control-management-processes.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-control-management-processes.md
@ -1,236 +0,0 @@
 ---
 title: Document your application control management processes (Windows 10)
 description: This planning topic describes the AppLocker policy maintenance information to record for your design document.
 ms.assetid: 6397f789-0e36-4933-9f86-f3f6489cf1fb
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
 ms.date: 09/21/2017
 ---
 # Document your application control management processes
 **Applies to**
 -   Windows 10 
 -   Windows Server
 This planning topic describes the AppLocker policy maintenance information to record for your design document.
 ## Record your findings
 To complete this AppLocker planning document, you should first complete the following steps:
 1.  [Determine your application control objectives](determine-your-application-control-objectives.md)
 2.  [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3.  [Select the types of rules to create](select-types-of-rules-to-create.md)
 4.  [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 5.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
 The three key areas to determine for AppLocker policy management are:
 1.  Support policy
    Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel know recommended troubleshooting steps and escalation points for your policy.
 2.  Event processing
    Document whether events will be collected in a central location, how that store will be archived, and whether the events will be processed for analysis.
 3.  Policy maintenance
    Detail how rules will be added to the policy, in which Group Policy Object (GPO) the rules should be defined, and how to modify rules when apps are retired, updated, or added.
 The following table contains the added sample data that was collected when determining how to maintain and manage AppLocker policies.
 <table style="width:100%;">
 <colgroup>
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Organizational unit</th>
 <th align="left">Implement AppLocker?</th>
 <th align="left">Apps</th>
 <th align="left">Installation path</th>
 <th align="left">Use default rule or define new rule condition</th>
 <th align="left">Allow or deny</th>
 <th align="left">GPO name</th>
 <th align="left">Support policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Teller-East and Teller-West</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Teller Software</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\Teller.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>Tellers-AppLockerTellerRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p>
 <p></p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Create a path exception to the default rule to exclude \Windows\Temp</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>HR-All</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Check Payout</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Checkcut.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>HR-AppLockerHRRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Time Sheet Organizer</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Timesheet.exe</p></td>
 <td align="left"><p>File is not signed; create a file hash condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Internet Explorer 7</p></td>
 <td align="left"><p>C:\Program Files\Internet Explorer\</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Deny</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p>
 <p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Use the default rule for the Windows path</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 </tbody>
 </table>
 The following two tables illustrate examples of documenting considerations to maintain and manage AppLocker policies.
 **Event processing policy**
 One discovery method for app usage is to set the AppLocker enforcement mode to **Audit only**. This will write events to the AppLocker logs, which can be managed and analyzed like other Windows logs. After apps have been identified, you can begin to develop policies regarding the processing and access to AppLocker events.
 The following table is an example of what to consider and record.
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">AppLocker event collection location</th>
 <th align="left">Archival policy</th>
 <th align="left">Analyzed?</th>
 <th align="left">Security policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Forwarded to: AppLocker Event Repository on srvBT093</p></td>
 <td align="left"><p>Standard</p></td>
 <td align="left"><p>None</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>DO NOT FORWARD. srvHR004</p></td>
 <td align="left"><p>60 months</p></td>
 <td align="left"><p>Yes, summary reports monthly to managers</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 </tbody>
 </table>
 **Policy maintenance policy**
 When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies.
 The following table is an example of what to consider and record.
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Rule update policy</th>
 <th align="left">Application decommission policy</th>
 <th align="left">Application version policy</th>
 <th align="left">Application deployment policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Planned: Monthly through business office triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through business office triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 12 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through business office</p>
 <p>30-day notice required</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>Planned: Monthly through HR triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through HR triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 60 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through HR</p>
 <p>30-day notice required</p></td>
 </tr>
 </tbody>
 </table>
 ## Next steps
 After you have determined your application control management strategy for each of the business group's applications, the following task remains:
 -   [Create your AppLocker planning document](create-your-applocker-planning-document.md)
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@ -104,12 +104,215 @@ A file could be blocked for three reasons:
 Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=160269) (https://go.microsoft.com/fwlink/p/?LinkId=160269).
-## Next steps
+## Record your findings
-After deciding how your organization will manage your AppLocker policy, record your findings.
+To complete this AppLocker planning document, you should first complete the following steps:
-   **End-user support policy.** Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the AppLocker policy, if necessary.
+1.  [Determine your application control objectives](determine-your-application-control-objectives.md)
-   **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis.
+2.  [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
-   **Policy maintenance.** Detail how rules will be added to the policy and in which GPO the rules are defined.
+3.  [Select the types of rules to create](select-types-of-rules-to-create.md)
 4.  [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 5.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
 The three key areas to determine for AppLocker policy management are:
 1.  Support policy
    Document the process that you will use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel know recommended troubleshooting steps and escalation points for your policy.
 2.  Event processing
    Document whether events will be collected in a central location, how that store will be archived, and whether the events will be processed for analysis.
 3.  Policy maintenance
    Detail how rules will be added to the policy, in which Group Policy Object (GPO) the rules should be defined, and how to modify rules when apps are retired, updated, or added.
 The following table contains the added sample data that was collected when determining how to maintain and manage AppLocker policies.
 <table style="width:100%;">
 <colgroup>
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 <col width="11%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Organizational unit</th>
 <th align="left">Implement AppLocker?</th>
 <th align="left">Apps</th>
 <th align="left">Installation path</th>
 <th align="left">Use default rule or define new rule condition</th>
 <th align="left">Allow or deny</th>
 <th align="left">GPO name</th>
 <th align="left">Support policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Teller-East and Teller-West</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Teller Software</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\Teller.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>Tellers-AppLockerTellerRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p>
 <p></p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Create a path exception to the default rule to exclude \Windows\Temp</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>HR-All</p></td>
 <td align="left"><p>Yes</p></td>
 <td align="left"><p>Check Payout</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Checkcut.exe</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p>HR-AppLockerHRRules</p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Time Sheet Organizer</p></td>
 <td align="left"><p>C:\Program Files\Woodgrove\HR\Timesheet.exe</p></td>
 <td align="left"><p>File is not signed; create a file hash condition</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Internet Explorer 7</p></td>
 <td align="left"><p>C:\Program Files\Internet Explorer\</p></td>
 <td align="left"><p>File is signed; create a publisher condition</p></td>
 <td align="left"><p>Deny</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Web help</p>
 <p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Windows files</p></td>
 <td align="left"><p>C:\Windows</p></td>
 <td align="left"><p>Use the default rule for the Windows path</p></td>
 <td align="left"><p>Allow</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>Help desk</p></td>
 </tr>
 </tbody>
 </table>
 The following two tables illustrate examples of documenting considerations to maintain and manage AppLocker policies.
 **Event processing policy**
 One discovery method for app usage is to set the AppLocker enforcement mode to **Audit only**. This will write events to the AppLocker logs, which can be managed and analyzed like other Windows logs. After apps have been identified, you can begin to develop policies regarding the processing and access to AppLocker events.
 The following table is an example of what to consider and record.
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">AppLocker event collection location</th>
 <th align="left">Archival policy</th>
 <th align="left">Analyzed?</th>
 <th align="left">Security policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Forwarded to: AppLocker Event Repository on srvBT093</p></td>
 <td align="left"><p>Standard</p></td>
 <td align="left"><p>None</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>DO NOT FORWARD. srvHR004</p></td>
 <td align="left"><p>60 months</p></td>
 <td align="left"><p>Yes, summary reports monthly to managers</p></td>
 <td align="left"><p>Standard</p></td>
 </tr>
 </tbody>
 </table>
 **Policy maintenance policy**
 When applications are identified and policies are created for application control, then you can begin documenting how you intend to update those policies.
 The following table is an example of what to consider and record.
 <table>
 <colgroup>
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 <col width="20%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Business group</th>
 <th align="left">Rule update policy</th>
 <th align="left">Application decommission policy</th>
 <th align="left">Application version policy</th>
 <th align="left">Application deployment policy</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Bank Tellers</p></td>
 <td align="left"><p>Planned: Monthly through business office triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through business office triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 12 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through business office</p>
 <p>30-day notice required</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Human Resources</p></td>
 <td align="left"><p>Planned: Monthly through HR triage</p>
 <p>Emergency: Request through help desk</p></td>
 <td align="left"><p>Through HR triage</p>
 <p>30-day notice required</p></td>
 <td align="left"><p>General policy: Keep past versions for 60 months</p>
 <p>List policies for each application</p></td>
 <td align="left"><p>Coordinated through HR</p>
 <p>30-day notice required</p></td>
 </tr>
 </tbody>
 </table>
 For information and steps how to document your processes, see [Document your application control management processes](document-your-application-control-management-processes.md).
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@ -37,7 +37,7 @@ WDAC policies also block unsigned scripts and MSIs, and Windows PowerShell runs
 ## WDAC System Requirements
 WDAC policies can only be created on computers running Windows 10 Enterprise or Windows Server 2016. 
-They can be applied to computers running any edition of Windows 10 and managed via Mobile Device Management (MDM), such as Microsoft Intune. 
+They can be applied to computers running any edition of Windows 10 or Windows Server 2016 and managed via Mobile Device Management (MDM), such as Microsoft Intune. 
 Group Policy can also be used to distribute Group Policy Objects that contain WDAC policies on computers running Windows 10 Enterprise or Windows Server 2016. 
 ## New and changed functionality