Merge pull request #657 from Justinha/963317

963317

windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md

@@ -63,7 +63,7 @@ netsh advfirewall set allprofiles state on
 Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
 ```
 
-### Control firewall behavior
+### Control Windows Firewall behavior
 
 The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security console.
 
@@ -84,6 +84,30 @@ Windows PowerShell
 Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
 ```
 
+### Disable Windows Firewall
+
+Disabling Windows Firewall with Advanced Security can cause the following problems:
+
+- Start menu can stop working
+- Modern applications can fail to install or update
+- Activation of Windows via phone fails 
+- Application or OS incompatibilities that depend on Windows Firewall
+
+Do not disable Windows Firewall with Advanced Security service by stopping the service. 
+The proper method to disable the Windows Firewall is to disable the Windows Firewall Profiles and leave the service running.
+Use the following procedure to turn the firewall off, or disable the Group Policy setting **Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Prolfile|Windows Firewall:Protect all network connections**. 
+For more information, see [Windows firewall with advanced security deployment guide](windows-firewall-with-advanced-security-deployment-guide.md).
+If you turn off the Windows Firewall with Advanced Security service, you lose other benefits provided by the service, such as the ability to use Internet Protocol security (IPsec) connection security rules, network protection from attacks that employ network fingerprinting, [Windows Service Hardening](http://go.microsoft.com/fwlink/?linkid=104976), and [boot time filters](https://blogs.technet.microsoft.com/networking/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy/). 
+Non-Microsoft firewall software can programmatically disable only the parts of Windows Firewall with Advanced Security that need to be disabled for compatibility. 
+You should not disable the firewall yourself for this purpose. 
+Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft.
+
+The following example disables Windows Firewall with Advanced Security for all profiles.
+
+```powershell
+Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
+```
+
 ## Deploy basic firewall rules
 
 This section provides scriptlet examples for creating, modifying, and deleting firewall rules.

windows/device-security/device-guard/deploy-device-guard-deploy-code-integrity-policies.md

@@ -20,6 +20,7 @@ This section includes the following topics:
 - [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md)
 - [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
 - [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
+- [Deploy Managed Installer for Device Guard](deploy-managed-installer-for-device-guard.md)
 
 To increase the protection for devices that meet certain hardware requirements, you can use virtualization-based security (VBS) with your code integrity policies.
 - For requirements, see [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard) in "Requirements and deployment planning guidelines for Device Guard."