From a252a0ecceff8ed0ea33c50e9110d2e8281cf7e0 Mon Sep 17 00:00:00 2001 From: denisebmsft Date: Mon, 27 Jun 2022 16:35:12 -0700 Subject: [PATCH] Update deploy-wdac-policies-with-memcm.md --- .../deployment/deploy-wdac-policies-with-memcm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md index 0da042c34b..f39528e656 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md @@ -36,8 +36,8 @@ Microsoft Endpoint Configuration Manager includes native support for WDAC, which - Windows components - Microsoft Store apps - Apps installed by Configuration Manager (Configuration Manager self-configured as a managed installer) -- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG) -- [Optional] Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints. +- (Optional) Reputable apps as defined by the Intelligent Security Graph (ISG) +- (Optional) Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints. Note that Configuration Manager does not remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.