Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into design

windows/security/identity-protection/hello-for-business/hello-deployment-guide.md

@@ -37,7 +37,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme
 
 - A well-connected, working network
 - Internet access
-- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning
+- Multi-factor Authentication is required during Windows Hello for Business provisioning
 - Proper name resolution, both internal and external names
 - Active Directory and an adequate number of domain controllers per site to support authentication
 - Active Directory Certificate Services 2012 or later

windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md

@@ -28,13 +28,12 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
 > [!NOTE]
 > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
 
-## Script-based deployment process for WDAC policy
+## Script-based deployment process for Windows 10 version 1903 and above
 
 1. Initialize the variables to be used by the script.
 
     ```powershell
     # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
-    # Single policy format binaries should be named as SiPolicy.p7b.
     $PolicyBinary = "<Path to policy binary file to deploy>"
     $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\"
     $RefreshPolicyTool = "<Path where RefreshPolicy.exe can be found from managed endpoints>"
@@ -43,7 +42,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
 2. Copy WDAC policy binary to the destination folder.
 
    ```powershell
-   cp $PolicyBinary $DestinationFolder
+   Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force
    ```
 
 3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies.
@@ -53,4 +52,24 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p
    & $RefreshPolicyTool
    ```
 
-5. If successful, you should see the message **Rebootless ConfigCI Policy Refreshing Succeeded!**
+## Script-based deployment process for Windows 10 versions earlier than 1903
+
+1. Initialize the variables to be used by the script.
+
+    ```powershell
+    # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903
+    $PolicyBinary = "<Path to policy binary file to deploy>"
+    $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b"
+    ```
+
+2. Copy WDAC policy binary to the destination.
+
+   ```powershell
+   Copy-Item  -Path $PolicyBinary -Destination $DestinationBinary -Force
+   ```
+
+3. Refresh and activate WDAC policy using WMI
+
+   ```powershell
+   Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
+   ```