Document Intune's default policy

Customers have requested more insight into Intune's built-in policy

windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md

@@ -14,12 +14,9 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 05/17/2018
+ms.date: 02/28/2020
 ---
 
-> [!NOTE]
-> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/).
-
 # Deploy Windows Defender Application Control policies by using Microsoft Intune
 
 **Applies to:**
@@ -33,6 +30,10 @@ In order to deploy a custom policy through Intune and define your own circle of
 
 ## Using Intune's Built-In Policies
 
+Intune's built-in WDAC support enables you to deploy a policy which only allows Windows components and Microsoft Store apps to run. This policy is the non-Multiple Policy Format version of the DefaultWindows policy; the Multiple Policy Format version can be found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies.
+
+Setting "Trust apps with good reputation" to enabled is equivalent to adding [Option 14 (Enabled: Intelligent Security Graph Authorization)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-policy-rules) to the DefaultWindows policy.
+
 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**.
 
 2. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**.