Merged PR 2469: AppLocker CSP - updated description for CodeIntegrity/Policy node

windows/client-management/mdm/applocker-csp.md

@@ -156,6 +156,20 @@ Each of the previous nodes contains one or more of the following leaf nodes:
 <td><p>Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.</p>
 <p>Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.</p>
 <p>For CodeIntegrity/Policy, you can use the [certutil -encode](http://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.</p>
+<p>Here is a sample certutil invocation:</p>
+
+```
+certutil -encode WinSiPolicy.p7b WinSiPolicy.txt
+```
+
+<p>Use only the data enclosed in the BEGIN CERTIFIFCATE and END CERTIFICATE section. Ensure that you have removed all line breaks before passing the data to the CSP node.</p>
+<p>An alternative to using certutil would be to use the following PowerShell invocation:</p>
+
+``` 
+[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
+```
+
+<p>If you are using Hybrid MDM management with System Center Configuration Manager please ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.</p>
 <p>Data type is string. Supported operations are Get, Add, Delete, and Replace.</p></td>
 </tr>
 <tr class="even">