Added examples for MDM CSP paths and values.

windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md

@@ -81,8 +81,8 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr
 
 4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section:
     - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows:
-        -  Block (enable ASR rule) = 1
         -  Disable = 0
+        -  Block (enable ASR rule) = 1
         -  Audit = 2
 
 	![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png)
@@ -102,32 +102,32 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr
     Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled
     ```
 
-To enable ASR rules in audit mode, use the following cmdlet:
+	To enable ASR rules in audit mode, use the following cmdlet:
 
-```PowerShell
+	```PowerShell
-Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode
+	Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode
-```
+	```
 
-To turn off ASR rules, use the following cmdlet:
+	To turn off ASR rules, use the following cmdlet:
 
-```PowerShell
+	```PowerShell
-Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled
+	Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled
-```
+	```
 
->[!IMPORTANT]
+	>[!IMPORTANT]
->You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list. 
+	>You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list. 
->
+	>
->In the following example, the first two rules will be enabled, the third rule will be disabled, and the fourth rule will be enabled in audit mode:
+	>In the following example, the first two rules will be enabled, the third rule will be disabled, and the fourth rule will be enabled in audit mode:
->
+	>
->```PowerShell
+	>```PowerShell
->Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID 1>,<rule ID 2>,<rule ID 3>,<rule ID 4> -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode
+	>Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID 1>,<rule ID 2>,<rule ID 3>,<rule ID 4> -AttackSurfaceReductionRules_Actions Enabled, Enabled, Disabled, AuditMode
->```
+	>```
 
-You can also the `Add-MpPreference` PowerShell verb to add new rules to the existing list. 
+	You can also the `Add-MpPreference` PowerShell verb to add new rules to the existing list. 
 
->[!WARNING]
+	>[!WARNING]
->`Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead.
+	>`Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead.
->You can obtain a list of rules and their current state by using `Get-MpPreference`
+	>You can obtain a list of rules and their current state by using `Get-MpPreference`
 
 3. To exclude files and folders from ASR rules, use the following cmdlet:
 
@@ -135,17 +135,44 @@ You can also the `Add-MpPreference` PowerShell verb to add new rules to the exis
     Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>"
     ```
 
-Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more files and folders to the list. 
+	Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add more files and folders to the list. 
 
->[!IMPORTANT]
+	>[!IMPORTANT]
->Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. 
+	>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. 
 
 ### Enable ASR rules with MDM CSPs
 
 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule.
 
+The following is a sample for reference, using the [GUID value for the ASR rule](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules). The values to enable, disable, or enable in audit mode are:
+
+-  Disable = 0
+-  Block (enable ASR rule) = 1
+-  Audit = 2
+
+```OMA-URI path
+./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
+```
+
+```OMA-URI value
+{75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1
+```
+
 Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
 
+Example:
+
+```OMA-URI path
+./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions
+```
+
+```OMA-URI value
+c:\path|e:\path|c:\Whitelisted.exe
+```
+
+>[!NOTE]
+>Be sure to enter OMA-URI values without spaces.
+
 ## Related topics
 
 - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md)