Merge branch 'master' into atp-mac

windows/deployment/upgrade/resolution-procedures.md

@@ -594,7 +594,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
 <tr>
 <td>0x80240FFF </td>
 <td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a>, WSUS doesn&#39;t recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
-<td> You can prevent this by installing <a href="http://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
+<td> You can prevent this by installing <a href="https://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
 
 <ol>
 <li>Disable the Upgrades classification.</li>
@@ -603,7 +603,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
 <li>Enable the Upgrades classification.</li>
 <li>Perform a full synch.</li>
 </ol>
-<br>For detailed information on how to run these steps check out <a href="http://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
+<br>For detailed information on how to run these steps check out <a href="https://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
 </td>
 </tr>
 

windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md

@@ -23,7 +23,7 @@ ms.date: 10/30/2019
 
 -   Windows 10
 
-Beginning in Windows 10 (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications as well as Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows 10 in S mode (S mode) devices. 
+Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications as well as Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows 10 in S mode devices. 
 
 With Intune, IT Pros can now configure their managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps their business uses. This feature changes the S mode security posture from “every app is Microsoft-verified" to “every app is verified by Microsoft or your organization”. 
 

windows/security/threat-protection/windows-defender-application-control/TOC.md

@@ -13,7 +13,6 @@
 ### [Types of devices](types-of-devices.md)
 ### Use WDAC with custom policies
 #### [Create an initial default policy](create-initial-default-policy.md)
-#### [Create path-based rules](create-path-based-rules.md)
 #### [Microsoft recommended block rules](microsoft-recommended-block-rules.md)
 ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md)
 ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md)

windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md

@@ -1,72 +0,0 @@
----
-title: Windows Defender Application Control path-based rules (Windows 10)
-description: Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
-keywords: whitelisting, security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-ms.collection: M365-security-compliance
-author: jsuther1974
-ms.reviewer: isbrahm
-ms.author: dansimp
-manager: dansimp
-ms.date: 05/17/2019
----
-
-# Create Windows Defender Application Control path-based rules 
-
-**Applies to:**
-
--   Windows 10
--   Windows Server 2016
-
->[!IMPORTANT]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
-
-- New-CIPolicy parameters
-  - FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level)
-
-    ```powershell
-    New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u
-    ```
-
-    Optionally, add -UserWriteablePaths to ignore user writeability
-
-  - FilePathRule: create a rule where filepath string is directly set to value of \<any path string>
-
-    ```powershell
-    New-CIPolicyRule -FilePathRule <any path string>
-    ```
-
-    Useful for wildcards like C:\foo\\*
-
-- Usage follows the same flow as per-app rules:
-
-  ```powershell
-  $rules = New-CIPolicyRule …
-  $rules += New-CIPolicyRule …
-  …
-  New-CIPolicyRule -f .\mypolicy.xml -u
-  ```
-
-- Wildcards supported
-  - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
-    - One or the other, not both at the same time
-    - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
-- Supported Macros:
-  - %WINDIR%\\...
-  - %SYSTEM32%\\...
-  - %OSDRIVE%\\...
-
-- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
-
-  ```powershell
-  Set-RuleOption -o 18 .\policy.xml
-  ```
-