From aa9b1e8552c7a73c4eb885b9e594196c5a181dcd Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Tue, 20 Apr 2021 12:24:35 -0700
Subject: [PATCH] Addressed reviewer issues

---
 ...d-security-and-windows-defender-application-control.md | 8 ++++----
 ...-defender-application-control-policies-using-intune.md | 4 ++--
 .../deployment/deploy-wdac-policies-using-memcm.md        | 6 ++++--
 .../deployment/deploy-wdac-policies-using-script.md       | 8 +++++---
 .../operations/known-issues.md                            | 8 +++++---
 ...defender-application-control-with-managed-installer.md | 4 ++--
 6 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index a2ce2af711..0ecb7c4e45 100644
--- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -42,7 +42,7 @@ We hope this change will help us better communicate options for adopting applica
 
 ## Related articles
 
-[Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
-[Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
-[Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
-[Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10))
+- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
+- [Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender](https://channel9.msdn.com/Events/Ignite/2015/BRK2336)
+- [Driver compatibility with Windows Defender in Windows 10](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10)
+- [Code integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10))
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
index bca3a95134..e9fddbd043 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
@@ -58,7 +58,7 @@ The steps to use Intune's custom OMA-URI functionality are:
 
 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
 
-3. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10).
+3. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
 
 4. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
     - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy
@@ -80,7 +80,7 @@ The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocke
 
 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
 
-2. Open the Microsoft Intune portal and [create a profile with custom settings](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10).
+2. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
 
 3. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
     - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy)
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md
index 7f56bfe99a..392b2ce9a7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-memcm.md
@@ -7,10 +7,13 @@ audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
-ms.author: jsuther
+ms.author: jogeurte
+ms.manager: jsuther
 manager: dansimp
 ms.date: 04/14/2021
 ms.technology: mde
+ms.topic: article
+ms.localizationpriority: medium
 ---
 
 # Deploy WDAC policies by using Microsoft Endpoint Configuration Manager (MEMCM)
@@ -35,6 +38,5 @@ MEMCM includes native support for WDAC, which allows you to configure Windows 10
 For more information on using MEMCM's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager)
 
 ## Deploy custom WDAC policies using Packages/Programs or Task Sequences
-<!-- Add step-by-step guide for SWD/OSD deployment -->
 
 Using MEMCM's built-in policies can be a helpful starting point, but customers may find the available circle-of-trust options available in MEMCM too limiting. To define your own circle-of-trust, you can use MEMCM to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-using-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md
index 023a0e7b4a..a72d3a0bb4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-using-script.md
@@ -2,16 +2,18 @@
 title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows 10)
 description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
 keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: m365-security
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
-ms.author: dansimp
+ms.author: jogeurte
+ms.manager: jsuther
 manager: dansimp
-ms.date: 04/12/2021
+ms.date: 04/14/2021
 ms.technology: mde
+ms.topic: article
+ms.localizationpriority: medium
 ---
 
 # Deploy WDAC policies using script
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
index e4a1552233..c525c8832f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
@@ -7,11 +7,13 @@ audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
-ms.author: deniseb
+ms.author: jogeurte
+ms.manager: jsuther
 manager: dansimp
-ms.date: 04/09/2021
-ms.custom: asr
+ms.date: 04/14/2021
 ms.technology: mde
+ms.topic: article
+ms.localizationpriority: medium
 ---
 
 # WDAC Admin Tips & Known Issues
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
index c115ecd3a1..66afc7f933 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: dansimp
 manager: dansimp
-ms.date: 08/14/2020
+ms.date: 04/20/2021
 ms.technology: mde
 ---
 
@@ -52,7 +52,7 @@ Some application installers may automatically run the application at the end of
 
 - Application control based on managed installer does not support applications that self-update. If an application deployed by a managed installer later updates itself, the updated application files won't include the managed installer origin information and may not be able to run. When you rely on managed installers, you must deploy and install all application updates using a managed installer or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
 
-- [Packaged apps (MSIX)](https://docs.microsoft.com/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md).
+- [Packaged apps (MSIX)](/windows/msix/) deployed through a managed installer aren't tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. See [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md).
 
 - Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method.