Minor changes to deploying WDAC with script related topics

windows/security/threat-protection/windows-defender-application-control/TOC.yml

@@ -115,7 +115,7 @@
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
       href: configure-wdac-managed-installer.md
-    - name: Managing WDAC Policies with CI Tool
+    - name: CITool.exe technical reference
       href: operations/citool-commands.md
 - name: WDAC AppId Tagging guide
   href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md

windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md

@@ -10,7 +10,7 @@ ms.reviewer: aaroncz
 ms.author: jogeurte
 ms.manager: jsuther
 manager: aaroncz
-ms.date: 10/06/2022
+ms.date: 12/03/2022
 ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
@@ -29,13 +29,22 @@ ms.localizationpriority: medium
 
 This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host.
 
-> [!NOTE]
-> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
-
-## Deploying policies for Windows 10 version 1903 and above
-
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
+## Deploying policies for Windows 11 22H2 and above
+
+You can use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **<Path to policy binary file to deploy>** in the example below with the actual path to your WDAC policy binary file.
+
+```powershell
+# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
+$PolicyBinary = "<Path to policy binary file to deploy>"
+citool.exe --update-policy $PolicyBinary --json
+```
+
+## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above
+
+To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
+
 1. Initialize the variables to be used by the script.
 
     ```powershell
@@ -58,7 +67,9 @@ You should now have one or more WDAC policies converted into binary form. If not
    & $RefreshPolicyTool
    ```
 
-## Deploying policies for Windows 10 versions earlier than 1903
+## Deploying policies for all other versions of Windows and Windows Server
+
+Use WMI to apply policies on all other versions of Windows and Windows Server.
 
 1. Initialize the variables to be used by the script.
 

windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md

@@ -3,15 +3,15 @@ title: Managing CI Policies and Tokens with CiTool
 description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
 author: valemieux
 ms.author: jogeurte
-ms.reviewer: jogeurte
+ms.reviewer: jsuther1974
 ms.topic: how-to
-ms.date: 08/07/2022
+ms.date: 12/03/2022
 ms.custom: template-how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ---
 
-# Manage Windows Defender Application Control (WDAC) Policies with CI Tool
+# CITool.exe technical reference
 
 CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies.  CI Tool is currently included in Windows 11, version 22H2.
 
@@ -21,7 +21,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 |--------|---------|---------|
 | --update-policy `</Path/To/Policy/File>` | Add or update a policy on the current system | -up |
 | --remove-policy `<PolicyGUID>` | Remove a policy indicated by PolicyGUID from the system | -rp |
-| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp |
+| --list-policies | Dump information about all policies on the system, whether they're active or not | -lp |
 
 ## Token Commands
 
@@ -32,7 +32,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 | --list-tokens | Dump information about all tokens on the system | -lt |
 
 > [!NOTE]
-> Regarding --add-token, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
+> Regarding `--add-token`, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
 
 ## Miscellaneous Commands