diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 59b76ac590..1a07013ef3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -37,7 +37,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme
 
 - A well-connected, working network
 - Internet access
-- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning
+- Multi-factor Authentication is required during Windows Hello for Business provisioning
 - Proper name resolution, both internal and external names
 - Active Directory and an adequate number of domain controllers per site to support authentication
 - Active Directory Certificate Services 2012 or later
@@ -78,4 +78,4 @@ Following are the various deployment guides and models included in this topic:
 Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
 
 > [!NOTE]
-> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
\ No newline at end of file
+> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index d100941402..3aed014401 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -28,13 +28,12 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
 > [!NOTE]
 > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
 
-## Script-based deployment process for WDAC policy
+## Script-based deployment process for Windows 10 version 1903 and above
 
 1. Initialize the variables to be used by the script.
 
     ```powershell
     # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
-    # Single policy format binaries should be named as SiPolicy.p7b.
     $PolicyBinary = "<Path to policy binary file to deploy>"
     $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\"
     $RefreshPolicyTool = "<Path where RefreshPolicy.exe can be found from managed endpoints>"
@@ -43,7 +42,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
 2. Copy WDAC policy binary to the destination folder.
 
    ```powershell
-   cp $PolicyBinary $DestinationFolder
+   Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force
    ```
 
 3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies.
@@ -53,4 +52,24 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
    & $RefreshPolicyTool
    ```
 
-5. If successful, you should see the message **Rebootless ConfigCI Policy Refreshing Succeeded!**
+## Script-based deployment process for Windows 10 versions earlier than 1903
+
+1. Initialize the variables to be used by the script.
+
+    ```powershell
+    # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903
+    $PolicyBinary = "<Path to policy binary file to deploy>"
+    $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b"
+    ```
+
+2. Copy WDAC policy binary to the destination.
+
+   ```powershell
+   Copy-Item  -Path $PolicyBinary -Destination $DestinationBinary -Force
+   ```
+
+3. Refresh and activate WDAC policy using WMI
+
+   ```powershell
+   Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
+   ```