WDAC --> App Control for Business

windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md

@@ -20,15 +20,15 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg
 
 ## Deploy AppId tagging policies with MDM
 
-Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
+Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
 
 ## Deploy AppId tagging policies with Configuration Manager
 
-Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-wdac-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
+Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-appcontrol-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
 
 ### Deploy AppId tagging Policies via Scripting
 
-Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-wdac-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later.
+Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-appcontrol-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later.
 
 ### Deploying policies via the ApplicationControl CSP
 

windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md

@@ -13,13 +13,13 @@ ms.topic: conceptual
 
 ## Create the policy using the WDAC Wizard
 
-You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md).
+You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md).
 
 1. Create a new base policy using the templates:
 
-	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
+	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
 
-	![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
+	![Configuring the policy base and template.](../images/appid-appcontrol-wizard-1.png)
 
 	> [!NOTE]
 	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
@@ -27,7 +27,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 2. 	Set the following rule-options using the Wizard toggles:
 
-	![Configuring the policy rule-options.](../images/appid-wdac-wizard-2.png)
+	![Configuring the policy rule-options.](../images/appid-appcontrol-wizard-2.png)
 
 3. Create custom rules:
 
@@ -39,7 +39,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 	- Package app name rules: Create a rule based off the package family name of an appx/msix.
 	- Hash rules: Create a rule based off the PE Authenticode hash of a file.
 
-	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
+	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/appcontrol-wizard-create-base-policy.md#creating-custom-file-rules).
 
 4. Convert to AppId Tagging Policy:
 
@@ -52,7 +52,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 ## Create the policy using PowerShell
 
-Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
+Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). In an elevate PowerShell instance:
 
 1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules:
 

windows/security/application-security/application-control/app-control-for-business/TOC.yml

@@ -1,110 +1,110 @@
 - name: Application Control for Windows
   href: index.yml
 - name: About application control for Windows
-  href: wdac.md
+  href: appcontrol.md
   expanded: true
   items:
     - name: WDAC and AppLocker Overview
-      href: wdac-and-applocker-overview.md
+      href: appcontrol-and-applocker-overview.md
     - name: WDAC and AppLocker Feature Availability
       href: feature-availability.md
     - name: Virtualization-based protection of code integrity
       href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
 - name: WDAC design guide
-  href: design/wdac-design-guide.md
+  href: design/appcontrol-design-guide.md
   items:
     - name: Plan for WDAC policy lifecycle management
-      href: design/plan-wdac-management.md
+      href: design/plan-appcontrol-management.md
     - name: Design your WDAC policy
       items:
         - name: Understand WDAC policy design decisions
-          href: design/understand-wdac-policy-design-decisions.md
+          href: design/understand-appcontrol-policy-design-decisions.md
         - name: Understand WDAC policy rules and file rules
           href: design/select-types-of-rules-to-create.md
           items:
             - name: Allow apps installed by a managed installer
               href: design/configure-authorized-apps-deployed-with-a-managed-installer.md
             - name: Allow reputable apps with Intelligent Security Graph (ISG)
-              href: design/use-wdac-with-intelligent-security-graph.md
+              href: design/use-appcontrol-with-intelligent-security-graph.md
             - name: Allow COM object registration
-              href: design/allow-com-object-registration-in-wdac-policy.md
+              href: design/allow-com-object-registration-in-appcontrol-policy.md
             - name: Use WDAC with .NET hardening
-              href: design/wdac-and-dotnet.md
+              href: design/appcontrol-and-dotnet.md
             - name: Script enforcement with Windows Defender Application Control
               href: design/script-enforcement.md
             - name: Manage packaged apps with WDAC
-              href: design/manage-packaged-apps-with-wdac.md
+              href: design/manage-packaged-apps-with-appcontrol.md
             - name: Use WDAC to control specific plug-ins, add-ins, and modules
-              href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+              href: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md
             - name: Understand WDAC policy settings
-              href: design/understanding-wdac-policy-settings.md
+              href: design/understanding-appcontrol-policy-settings.md
         - name: Use multiple WDAC policies
-          href: design/deploy-multiple-wdac-policies.md
+          href: design/deploy-multiple-appcontrol-policies.md
     - name: Create your WDAC policy
       items:
         - name: Example WDAC base policies
-          href: design/example-wdac-base-policies.md
+          href: design/example-appcontrol-base-policies.md
         - name: Policy creation for common WDAC usage scenarios
-          href: design/common-wdac-use-cases.md
+          href: design/common-appcontrol-use-cases.md
           items:
             - name: Create a WDAC policy for lightly managed devices
-              href: design/create-wdac-policy-for-lightly-managed-devices.md
+              href: design/create-appcontrol-policy-for-lightly-managed-devices.md
             - name: Create a WDAC policy for fully managed devices
-              href: design/create-wdac-policy-for-fully-managed-devices.md
+              href: design/create-appcontrol-policy-for-fully-managed-devices.md
             - name: Create a WDAC policy for fixed-workload devices
-              href: design/create-wdac-policy-using-reference-computer.md
+              href: design/create-appcontrol-policy-using-reference-computer.md
             - name: Create a WDAC deny list policy
-              href: design/create-wdac-deny-policy.md
+              href: design/create-appcontrol-deny-policy.md
             - name: Applications that can bypass WDAC and how to block them
-              href: design/applications-that-can-bypass-wdac.md
+              href: design/applications-that-can-bypass-appcontrol.md
             - name: Microsoft recommended driver block rules
               href: design/microsoft-recommended-driver-block-rules.md
         - name: Use the WDAC Wizard tool
-          href: design/wdac-wizard.md
+          href: design/appcontrol-wizard.md
           items:
             - name: Create a base WDAC policy with the Wizard
-              href: design/wdac-wizard-create-base-policy.md
+              href: design/appcontrol-wizard-create-base-policy.md
             - name: Create a supplemental WDAC policy with the Wizard
-              href: design/wdac-wizard-create-supplemental-policy.md
+              href: design/appcontrol-wizard-create-supplemental-policy.md
             - name: Editing a WDAC policy with the Wizard
-              href: design/wdac-wizard-editing-policy.md
+              href: design/appcontrol-wizard-editing-policy.md
             - name: Creating WDAC Policy Rules from WDAC Events
-              href: design/wdac-wizard-parsing-event-logs.md
+              href: design/appcontrol-wizard-parsing-event-logs.md
             - name: Merging multiple WDAC policies with the Wizard
-              href: design/wdac-wizard-merging-policies.md
+              href: design/appcontrol-wizard-merging-policies.md
 - name: WDAC deployment guide
-  href: deployment/wdac-deployment-guide.md
+  href: deployment/appcontrol-deployment-guide.md
   items:
     - name: Deploy WDAC policies with MDM
-      href: deployment/deploy-wdac-policies-using-intune.md
+      href: deployment/deploy-appcontrol-policies-using-intune.md
     - name: Deploy WDAC policies with Configuration Manager
-      href: deployment/deploy-wdac-policies-with-memcm.md
+      href: deployment/deploy-appcontrol-policies-with-memcm.md
     - name: Deploy WDAC policies with script
-      href: deployment/deploy-wdac-policies-with-script.md
+      href: deployment/deploy-appcontrol-policies-with-script.md
     - name: Deploy WDAC policies with group policy
-      href: deployment/deploy-wdac-policies-using-group-policy.md
+      href: deployment/deploy-appcontrol-policies-using-group-policy.md
     - name: Audit WDAC policies
-      href: deployment/audit-wdac-policies.md
+      href: deployment/audit-appcontrol-policies.md
     - name: Merge WDAC policies
-      href: deployment/merge-wdac-policies.md
+      href: deployment/merge-appcontrol-policies.md
     - name: Enforce WDAC policies
-      href: deployment/enforce-wdac-policies.md
+      href: deployment/enforce-appcontrol-policies.md
     - name: Use code signing for added control and protection with WDAC
       href: deployment/use-code-signing-for-better-control-and-protection.md
       items:
         - name: Deploy catalog files to support WDAC
-          href: deployment/deploy-catalog-files-to-support-wdac.md
+          href: deployment/deploy-catalog-files-to-support-appcontrol.md
         - name: Use signed policies to protect Windows Defender Application Control against tampering
-          href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md
+          href: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
         - name: "Optional: Create a code signing cert for WDAC"
-          href: deployment/create-code-signing-cert-for-wdac.md
+          href: deployment/create-code-signing-cert-for-appcontrol.md
     - name: Disable WDAC policies
-      href: deployment/disable-wdac-policies.md
+      href: deployment/disable-appcontrol-policies.md
 - name: WDAC operational guide
-  href: operations/wdac-operational-guide.md
+  href: operations/appcontrol-operational-guide.md
   items:
     - name: WDAC debugging and troubleshooting
-      href: operations/wdac-debugging-and-troubleshooting.md
+      href: operations/appcontrol-debugging-and-troubleshooting.md
     - name: Understanding Application Control event IDs
       href: operations/event-id-explanations.md
     - name: Understanding Application Control event tags
@@ -114,13 +114,13 @@
     - name: Known Issues
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
-      href: operations/configure-wdac-managed-installer.md
+      href: operations/configure-appcontrol-managed-installer.md
     - name: CITool.exe technical reference
       href: operations/citool-commands.md
     - name: Inbox WDAC policies
-      href: operations/inbox-wdac-policies.md
+      href: operations/inbox-appcontrol-policies.md
 - name: WDAC AppId Tagging guide
-  href: AppIdTagging/wdac-appid-tagging-guide.md
+  href: AppIdTagging/appcontrol-appid-tagging-guide.md
   items:
     - name: Creating AppId Tagging Policies
       href: AppIdTagging/design-create-appid-tagging-policies.md

windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md

@@ -21,7 +21,7 @@ WDAC policies apply to the managed computer as a whole and affects all users of
 
 - Attributes of the codesigning certificate(s) used to sign an app and its binaries
 - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
-- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-wdac-with-intelligent-security-graph.md)
+- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-appcontrol-with-intelligent-security-graph.md)
 - The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md))
 - The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
 - The process that launched the app or binary

windows/security/application-security/application-control/app-control-for-business/appcontrol.md

@@ -31,7 +31,7 @@ Windows 10 and Windows 11 include two technologies that can be used for applicat
 
 ## WDAC and Smart App Control
 
-Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
+Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-appcontrol-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
 
 Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect.
 
@@ -46,7 +46,7 @@ Smart App Control is only available on clean installation of Windows 11 version
 
 ### Smart App Control Enforced Blocks
 
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-appcontrol.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
 
 - Infdefaultinstall.exe
 - Microsoft.Build.dll
@@ -57,7 +57,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](design
 
 ## Related articles
 
-- [WDAC design guide](design/wdac-design-guide.md)
-- [WDAC deployment guide](deployment/wdac-deployment-guide.md)
-- [WDAC operational guide](operations/wdac-operational-guide.md)
+- [WDAC design guide](design/appcontrol-design-guide.md)
+- [WDAC deployment guide](deployment/appcontrol-deployment-guide.md)
+- [WDAC operational guide](operations/appcontrol-operational-guide.md)
 - [AppLocker overview](applocker/applocker-overview.md)

windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md

@@ -19,7 +19,7 @@ To understand if AppLocker is the correct application control solution for your
 | Article | Description |
 | --- | --- |
 | [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) | This article describes AppLocker design questions, possible answers, and other considerations when you plan a deployment of application control policies by using AppLocker. |
-| [Determine your application control objectives](determine-your-application-control-objectives.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. |
+| [Determine your application control objectives](../appcontrol-and-applocker-overview.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. |
 | [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) | This article describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. |
 | [Select the types of rules to create](select-types-of-rules-to-create.md) | This article lists resources you can use when selecting your application control policy rules by using AppLocker. |
 | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview article describes the process to follow when you're planning to deploy AppLocker rules. |

windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md

@@ -77,7 +77,7 @@ There are three different types of conditions that can be applied to rules:
 
 An AppLocker policy is a set of rule collections and their corresponding configured enforcement mode settings applied to one or more computers.
 
-- [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md)
+- [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes)
 
     Rule enforcement is applied only to collections of rules, not individual rules. AppLocker divides the rules into four collections: executable files, Windows Installer files, scripts, and DLL files. The options for rule enforcement are **Not configured**, **Enforce rules**, or **Audit only**. Together, all AppLocker rule collections compose the application control policy, or AppLocker policy. By default, if enforcement isn't configured and rules are present in a rule collection, those rules are enforced.
 

windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md

@@ -44,7 +44,7 @@ The following articles describe how to perform each method:
 Identify the business group and each organizational unit (OU) within that group for application control policies. In addition, you should identify whether or not AppLocker is the most appropriate solution for these policies. For info about these steps, see the following articles:
 
 - [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-- [Determine your application control objectives](determine-your-application-control-objectives.md)
+- [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 
 ## Next steps
 

windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md

@@ -18,7 +18,7 @@ You can develop an application control policy plan to guide you in making succes
 
 1. [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
 2. [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-3. [Determine your application control objectives](determine-your-application-control-objectives.md)
+3. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 4. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 5. [Select the types of rules to create](select-types-of-rules-to-create.md)
 6. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)

windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md

@@ -14,7 +14,7 @@ This article for IT professionals describes the steps to deploy AppLocker polici
 
 These procedures assume that your AppLocker policies are deployed with the enforcement mode set to **Audit only**, and you have been collecting data through the AppLocker event logs and other channels to determine what effect these policies have on your environment and the policy's adherence to your application control design.
 
-For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md).
+For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes).
 
 For info about how to plan an AppLocker policy deployment, see [AppLocker Design Guide](applocker-policies-design-guide.md).
 
@@ -24,7 +24,7 @@ Updating an AppLocker policy that is currently enforced in your production envir
 
 ## Step 2: Alter the enforcement setting
 
-Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](understand-applocker-enforcement-settings.md). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
+Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](working-with-applocker-rules.md#enforcement-modes). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
 
 ## Step 3: Update the policy
 

windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md

@@ -14,7 +14,7 @@ This overview article describes the process to follow when you're planning to de
 
 | Article | Description |
 | --- | --- |
-| [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) | This article describes the AppLocker enforcement settings for rule collections. |
+| [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes) | This article describes the AppLocker enforcement settings for rule collections. |
 | [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) | This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.|
 | [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md) | This planning article describes what you need to investigate, determine, and document for your policy plan when you use AppLocker. |
 

windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md

@@ -14,7 +14,7 @@ This planning article describes what you should include in your plan when you us
 
 To complete this AppLocker planning document, you should first complete the following steps:
 
-1. [Determine your application control objectives](determine-your-application-control-objectives.md)
+1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3. [Select the types of rules to create](select-types-of-rules-to-create.md)
 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)

windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md

@@ -101,7 +101,7 @@ Before editing the rule collection, first determine what rule is preventing the
 
 To complete this AppLocker planning document, you should first complete the following steps:
 
-1. [Determine your application control objectives](determine-your-application-control-objectives.md)
+1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3. [Select the types of rules to create](select-types-of-rules-to-create.md)
 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)

windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md

@@ -11,7 +11,7 @@ ms.topic: overview
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding.
+You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/appcontrol-design-guide.md), do so now before proceeding.
 
 ## Convert your WDAC policy XML to binary
 
@@ -44,13 +44,13 @@ All Windows Defender Application Control policy changes should be deployed in au
 ## Choose how to deploy WDAC policies
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
 There are several options to deploy Windows Defender Application Control policies to managed endpoints, including:
 
-- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune
-- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md)
-- [Deploy via script](deploy-wdac-policies-with-script.md)
-- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md)
+- [Deploy using a Mobile Device Management (MDM) solution](deploy-appcontrol-policies-using-intune.md), such as Microsoft Intune
+- [Deploy using Microsoft Configuration Manager](deploy-appcontrol-policies-with-memcm.md)
+- [Deploy via script](deploy-appcontrol-policies-with-script.md)
+- [Deploy via group policy](deploy-appcontrol-policies-using-group-policy.md)

windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md

@@ -18,7 +18,7 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav
 ## Overview of the process to create WDAC policy to allow apps using audit events
 
 > [!Note]
-> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md).
+> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](appcontrol-deployment-guide.md).
 
 To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy.
 
@@ -29,7 +29,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
    **Figure 1. Exceptions to the deployed WDAC policy**
    ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png)
 
-3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
+3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
 
    ```powershell
    $PolicyName= "Lamna_FullyManagedClients_Audit"
@@ -47,7 +47,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
    > [!NOTE]
    > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
 
-5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)).
+5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/appcontrol-wizard-editing-policy.md)).
 
 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level.
 
@@ -56,6 +56,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy.
 
-    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md).
+    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-appcontrol-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-appcontrol-policies.md).
 
 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.

windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md

@@ -11,7 +11,7 @@ ms.date: 12/01/2022
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](appcontrol-deployment-guide.md).
 
 If you have an internal CA, complete these steps to create a code signing certificate.
 

windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md

@@ -32,7 +32,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po
 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**.
 
    > [!NOTE]
-   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md).
+   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-appcontrol-management.md).
 
    ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png)
 
@@ -42,7 +42,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po
 
 5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then select **Edit**.
 
-    ![Edit the Group Policy for Windows Defender Application Control.](../images/wdac-edit-gp.png)
+    ![Edit the Group Policy for Windows Defender Application Control.](../images/appcontrol-edit-gp.png)
 
 6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path.
 

windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md

@@ -14,7 +14,7 @@ ms.topic: how-to
 You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-appcontrol-policies-with-script.md) and activate the policy with a system restart.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
@@ -38,7 +38,7 @@ To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windo
 ## Deploy WDAC policies with custom OMA-URI
 
 > [!NOTE]
-> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy.
+> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-appcontrol-policies.md) which allow more granular policy.
 
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
@@ -58,7 +58,7 @@ The steps to use Intune's custom OMA-URI functionality are:
     - **Data type**: Base64 (file)
     - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf.
 
-    :::image type="content" alt-text="Configure custom WDAC." source="../images/wdac-intune-custom-oma-uri.png" lightbox="../images/wdac-intune-custom-oma-uri.png":::
+    :::image type="content" alt-text="Configure custom WDAC." source="../images/appcontrol-intune-custom-oma-uri.png" lightbox="../images/appcontrol-intune-custom-oma-uri.png":::
 
 > [!NOTE]
 > For the _Policy GUID_ value, do not include the curly brackets.

windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md

@@ -29,49 +29,49 @@ Configuration Manager doesn't remove policies once deployed. To stop enforcement
 
 1. Select **Asset and Compliance** > **Endpoint Protection** > **Windows Defender Application Control** > **Create Application Control Policy**
 
-    ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy.jpg)
+    ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy.jpg)
 
 2. Enter the name of the policy > **Next**
 3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes**
 4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only)
 5. Select **Next**
 
-    ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy-2.jpg)
+    ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-appcontrol-policy-2.jpg)
 
 6. Select **Add** to begin creating rules for trusted software
 
-    ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-wdac-rule.jpg)
+    ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-appcontrol-rule.jpg)
 
 7. Select **File** or **Folder** to create a path rule > **Browse**
 
-    ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-wdac-rule-2.jpg)
+    ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-appcontrol-rule-2.jpg)
 
 8. Select the executable or folder for your path rule > **OK**
 
-    ![Select the executable file or folder.](../images/memcm/memcm-create-wdac-rule-3.jpg)
+    ![Select the executable file or folder.](../images/memcm/memcm-create-appcontrol-rule-3.jpg)
 
 9. Select **OK** to add the rule to the table of trusted files or folder
 10. Select **Next** to navigate to the summary page > **Close**
 
-    ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-wdac-rule.jpg)
+    ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-appcontrol-rule.jpg)
 
 ### Deploy the WDAC policy in Configuration Manager
 
 1. Right-click the newly created policy > **Deploy Application Control Policy**
 
-    ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-wdac.jpg)
+    ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-appcontrol.jpg)
 
 2. Select **Browse**
 
-    ![Select Browse.](../images/memcm/memcm-deploy-wdac-2.jpg)
+    ![Select Browse.](../images/memcm/memcm-deploy-appcontrol-2.jpg)
 
 3. Select the Device Collection you created earlier > **OK**
 
-    ![Select the device collection.](../images/memcm/memcm-deploy-wdac-3.jpg)
+    ![Select the device collection.](../images/memcm/memcm-deploy-appcontrol-3.jpg)
 
 4. Change the schedule > **OK**
 
-    ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-wdac-4.jpg)
+    ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-appcontrol-4.jpg)
 
 For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
 
@@ -79,4 +79,4 @@ Download the entire [WDAC in Configuration Manager lab paper](https://download.m
 
 ## Deploy custom WDAC policies using Packages/Programs or Task Sequences
 
-Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
+Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-appcontrol-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.

windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md

@@ -34,7 +34,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag
     $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip"
     ```
 
-    Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md).
+    Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-appcontrol-policies-with-script.md).
 
 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C:
 
@@ -301,7 +301,7 @@ At the time of the next software inventory cycle, when the targeted clients rece
 
 ## Allow apps signed by your catalog signing certificate in your WDAC policy
 
-Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md).
+Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/appcontrol-design-guide.md).
 
 On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample: