diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index a8fd296977..9eb958900a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list.md).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 9adf744212..679f8ee56b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -70,7 +70,7 @@ Before you attempt to deploy signed WDAC policy, you should first deploy an unsi
    cd $PolicyPath
    ```
 
-3. If your WDAC policy doesn't already include an **&lt;UpdatePolicySigner&gt;** rule for your policy signing certificate, you must add it. At least one **&lt;UpdatePolicySigner&gt;** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/config-ci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
+3. If your WDAC policy doesn't already include an **&lt;UpdatePolicySigner&gt;** rule for your policy signing certificate, you must add it. At least one **&lt;UpdatePolicySigner&gt;** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/configci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
 
    Otherwise, use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an **&lt;UpdatePolicySigner&gt;** rule from your certificate file (.cer). DGSS users can download the root certificate file from [Get-RootCertificate](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-rootcertificate). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.