Add ApplicationControl CSP link to multiple policy docs

Adding wording edits and linking to ApplicationControl CSP docs

windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md

@@ -35,17 +35,18 @@ The restriction of only having a single code integrity policy active on a system
     - Users can deploy one or more supplemental policies to expand a base policy
     - A supplemental policy expands a single base policy, and multiple supplemental policies can expand the same base policy
     - For supplemental policies, applications that are allowed by either the base policy or its supplemental policy/policies are allowed to run
+    
+> [!NOTE]
+> Pre-1903 systems do not support the use of Multiple Policy Format WDAC policies.
 
-## How do Base and Supplemental Policies Interact?
+## Base and supplemental policy interaction
 
 - Multiple base policies: intersection
   - Only applications allowed by both policies run without generating block events
 - Base + supplemental policy: union
   - Files that are allowed by the base policy or the supplemental policy are not blocked
 
-Note that multiple policies will not work on pre-1903 systems.
-
-### Allow Multiple Policies
+## Creating WDAC policies in Multiple Policy Format
 
 In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) results in 1) random GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below is an example of creating a new policy in the multiple policy format.
 
@@ -65,9 +66,9 @@ For signed base policies that are being made supplementable, you need to ensure
 Add-SignerRule -FilePath <string> -CertificatePath <string> [-Kernel] [-User] [-Update] [-Supplemental] [-Deny]  [<CommonParameters>]
 ```
 
-### Supplemental Policy Creation
+### Supplemental policy creation
 
-In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. You can use either SupplementsBasePolicyID or BasePolicyToSupplementPath to specify the base policy.
+In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format as shown above. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. You can use either SupplementsBasePolicyID or BasePolicyToSupplementPath to specify the base policy.
 - "SupplementsBasePolicyID": GUID of base policy that the supplemental policy applies to
 - "BasePolicyToSupplementPath": path to base policy file that the supplemental policy applies to
 
@@ -81,20 +82,21 @@ Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and re
 
 When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \<ID>, then regardless of what the GUIDs and types are for any subsequent policies, the merged policy will be a base policy with ID \<ID>.
 
-### Deploying policies
+## Deploying multiple policies
 
-> [!NOTE]
-> You cannot use the "Deploy Windows Defender Application Control" group policy setting to deploy multiple CI policies. You will have to copy the `*.cip` files, both the baseline and the supplemental ones, to C:\Windows\System32\CodeIntegrity\CiPolicies\Active\.
+In order to deploy multiple WDAC policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by MEM Intune's Custom OMA-URI feature. You cannot use the "Deploy Windows Defender Application Control" group policy setting to deploy multiple CI policies.
 
-In order to deploy policies using the new multiple policy format you will need to:
+### Deploying multiple policies locally
+
+In order to deploy policies locally using the new multiple policy format you will need to:
 
 1. Ensure policies are copied to the right location
    - Policies must be copied to this directory: C:\Windows\System32\CodeIntegrity\CiPolicies\Active
 2. Binary policy files must have the correct name which takes the format {PolicyGUID}.cip
    - Ensure that the name of the binary policy file is exactly the same as the PolicyID in the policy
-   - For example if the policy XML had the ID as `<PolicyID>{A6D7FBBF-9F6B-4072-BF37-693741E1D745}</PolicyID>` the correct name for the binary policy file would be {A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip
-3. Reboot the system or use WMI to rebootlessly refresh the policy
+   - For example, if the policy XML had the ID as `<PolicyID>{A6D7FBBF-9F6B-4072-BF37-693741E1D745}</PolicyID>` then the correct name for the binary policy file would be {A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip
+3. Reboot the system
 
-```powershell
-Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = 'C:\Windows\System32\CodeIntegrity\CiPolicies\Active\{A6D7FBBF-9F6B-4072-BF37-693741E1D745}.cip'}
-```
+### Deploying multiple policies via ApplicationControl CSP
+
+Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment. Refer to [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) for more information on deploying multiple policies, optionally using MEM Intune's Custom OMA-URI capability.