cfa topics drafted

windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md

@@ -1,6 +1,7 @@
 ---
-title:
-keywords: 
+title: Prevent ransomware and other threats from encrypting and changing important files
+description: Files in default folders, such as Documents and Desktop, can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -28,23 +29,20 @@ ms.author: iawilt
 
 **Manageability available with**
 
+- Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Windows Management Instrumentation (WMI)
-- Microsoft Intune
-- Windows Defender Security Center app
+- Configuration service providers for mobile device management
 
 
 Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of Windows Defender Exploit Guard, which is itself a component in the new Windows Defender Advanced Threat Protection offering of security and threat prevention products.
 
+All apps (any executable file, including .exe, .scr, .dll files and others) are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
 
-All apps (any executable file, including .exe, .scr, .dll files and others )are assessed by Windows Defender Antivirus, which then determines if the app is malicious or safe. If the app is determined to be malicious or suspicious, then it will not be allowed to make changes to any files in any protected folder.
+This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
 
 A notification will appear on the machine where the app attempted to make changes to a protected folder.
 
-Controlled Folder Access monitors the changes that apps make to files in certain protected folders. 
-If an app attempts to make a change to these files, and the app is blacklisted by the feature, you’ll get a notification about the attempt. 
-
 The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specifc-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders.
 
 As with other features of Windows Defender Exploit Guard, you can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Controlled Folder Access would impact your organization if it were enabled.

windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -1,6 +1,7 @@
 ---
-title:
-keywords: controlled folder access
+title: Add additional folders and apps to be protected by Windows 10
+description: Add additional folders that should be protected by Controlled Folder Access, or whitelist apps that are incorrectly blocking changes to important files.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, customize, add folder, add app, whitelist, add executable
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -14,7 +15,7 @@ ms.author: iawilt
 
 
 
-# Protect important folders with Controlled Folder Access
+# Customize Controlled Folder Access
 
 
 **Applies to:**
@@ -28,11 +29,10 @@ ms.author: iawilt
 
 **Manageability available with**
 
+- Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Windows Management Instrumentation (WMI)
-- Microsoft Intune
-- Windows Defender Security Center app
+- Configuration service providers for mobile device management
 
 
 Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
@@ -87,11 +87,26 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 ### Use PowerShell to protect additional folders
 
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
 
-### Use MDM CSPs or Intune to protect additional folders
+    ```PowerShell
+    Add-MpPreference -ControlledFolderAccessProtectedFolders "<the folder to be protected>"
+    ```
 
 
-### Use System Center Configuration Manager to protect additional folders
+Continue to use `Add-MpPreference -ControlledFolderAccessProtectedFolders` to add more folders to the list. Folders added using this cmdlet will appear in the Windows Defender Security Center app.
+
+
+![](images/cfa-allow-folder-ps.png)
+
+
+>[!IMPORTANT]
+>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. 
+
+### Use MDM CSPs to protect additional folders
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. 
 
 
 
@@ -99,8 +114,15 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you’re finding a particular app that you know and trust is being blocked by the Controlled Folder Access feature. 
 
+>[!IMPORTANT]
+>By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Defender Security Center app or by using the associated PowerShell cmdlets.
+>You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness.
+
+
 You can use the Windows Defender Security Center app or Group Policy to add and remove apps that should be allowed to access protected folders.
 
+When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the whitelist and may be blocked by Controlled Folder Access.
+
 ### Use the Windows Defender Security app to whitelist specific apps
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@@ -131,12 +153,33 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 ### Use PowerShell to whitelist specific apps
 
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
 
-### Use MDM CSPs or Intune to whitelist specific apps
-./Vendor/MSFT/Policy/Config/Defender/EnableGuardMyFolders
+    ```PowerShell
+    Add-MpPreference -ControlledFolderAccessAllowedApplications "<the app that should be whitelisted, including the path>"
+    ```
 
-### Use System Center Configuration Manager to whitelist specific apps
+    For example, to add the executable *test.exe*, located in the folder *C:\apps*, the cmdlet would be as follows:
 
+    ```PowerShell
+    Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe"
+    ```
+
+Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Defender Security Center app.
+
+
+![](images/cfa-allow-app-ps.png)
+
+
+>[!IMPORTANT]
+>Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. 
+
+
+
+### Use MDM CSPs to whitelist specific apps
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersAllowedApplications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfoldersallowedapplications) configuration service provider (CSP) to allow apps to make changes to protected folders. 
 
 
 

windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -1,6 +1,7 @@
 ---
-title:
-keywords: 
+title: Turn on the protected folders feature in Windows 10
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders, enable, turn on, use
+description: Learn how to protect your important files by enabling Controlled Folder Access
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -19,7 +20,7 @@ ms.author: iawilt
 
 **Applies to:**
 
-- Windows 10 Insider Preview, build 16232 and later
+- Windows 10 Insider Preview
 
 **Audience**
 
@@ -28,11 +29,10 @@ ms.author: iawilt
 
 **Manageability available with**
 
+- Windows Defender Security Center app
 - Group Policy
 - PowerShell
-- Windows Management Instrumentation (WMI)
-- Microsoft Intune
-- Windows Defender Security Center app
+- Configuration service providers for mobile device management
 
 
 Controlled Folder Access helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
@@ -83,11 +83,18 @@ For further details on how audit mode works, and when you might want to use it,
 
 ### Use PowerShell to enable Controlled Folder Access
 
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+2. Enter the following cmdlet:
 
-### Use MDM CSPs or Intune to enable Controlled Folder Access
+    ```PowerShell
+    Set-MpPreference -EnableControlledFolderAccess 1
+    ```
 
 
-### Use System Center Configuration Manager to enable Controlled Folder Access
+### Use MDM CSPs to enable Controlled Folder Access
+
+Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-guardedfolderslist) configuration service provider (CSP) to allow apps to make changes to protected folders. 
+
 
 ## Related topics
 

windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md

@@ -1,7 +1,7 @@
 ---
-title: 
-description: 
-keywords: 
+title: See how Windows 10 can protect your files from being changed by malicious apps
+description: Use a custom tool to see how Controlled Folder Access works in Windows 10.
+keywords: controlled folder access, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -19,6 +19,8 @@ ms.author: iawilt
 
 Controlled Folder Access is a feature that is part of Windows Defender Exploit Guard [that helps protect your documents and files from modification by suspicious or malicious apps](controlled-folders-exploit-guard.md). 
 
+It is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.
+
 This topic helps you evaluate Controlled Folder Access. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organisation.
 
 >[NOTE]
@@ -93,8 +95,6 @@ To enable audit mode, use the following PowerShell cmdlet:
 Set-MpPreference -EnableControlledFolderAccess AuditMode
 ```
 
-![](images/cfa-audit-gp.png)
-
 >[!TIP]
 >If you want to fully audit how Controlled Folder Access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
 You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main  [Controlled Folder Access topic](controlled-folders-exploit-guard.md).
@@ -108,7 +108,7 @@ For further details on how audit mode works, and when you might want to use it,
 
 During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files. 
 
-See the following sections in the main [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy and MDM CSPs: 
+See the following sections in the main [Protect important folders with Controlled Folder Access](controlled-folders-exploit-guard.md) topic for configuring the feature with management tools, including Group Policy, PowerShell, and MDM CSPs: 
 
 - [Protect additional folders](controlled-folders-exploit-guard.md#protect-additional-folders)
 - [Allow specifc apps to make changes to controlled folders](controlled-folders-exploit-guard.md#allow-specifc-apps-to-make-changes-to-controlled-folders)