diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index fc3a796e95..94caccffcb 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -1,115 +1,825 @@
 {
   "redirections": [
     {
-      "source_path": "windows/security//information-protection/kernel-dma-protection-for-thunderbolt.md",
+      "source_path": "windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md",
       "redirect_url": "/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md",
+      "source_path": "windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md",
       "redirect_url": "/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
+      "source_path": "windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
       "redirect_url": "/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md",
-      "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md",
-      "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md",
-      "redirect_url": "/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security//threat-protection/mbsa-removal-and-guidance.md",
+      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/install-md-app-guard.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md",
-      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md",
+      "source_path": "windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md",
       "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md",
+      "source_path": "windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md",
       "redirect_url": "/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md",
+      "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md",
       "redirect_url": "/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md",
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md",
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md",
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md",
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/windows-security-baselines.md",
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md",
       "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules#enforcement-modes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/feature-availability",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/index.yml",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/wdac.md",
+      "redirect_url": "/windows/security/application-security/application-control/app-control-for-business/appcontrol",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/apps.md",
       "redirect_url": "/windows/security/application-security",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/cloud-security/index.md",
+      "redirect_url": "/windows/security/cloud-services",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/cloud.md",
       "redirect_url": "/windows/security",
@@ -260,36 +970,221 @@
       "redirect_url": "/windows/security/operating-system-security/data-protection/configure-s-mime",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-considerations.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-known-issues.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-manage.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/configure",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md",
       "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-requirements.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md",
       "redirect_url": "/windows/security",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
       "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md",
+      "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-event-300.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-faq.yml",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/faq",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/pin-reset",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md",
       "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso",
@@ -310,11 +1205,31 @@
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
@@ -335,6 +1250,16 @@
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust",
@@ -360,6 +1285,21 @@
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
@@ -390,16 +1330,76 @@
       "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-overview.md",
       "redirect_url": "/windows/security/identity-protection/hello-for-business",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/prepare-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-videos.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md",
       "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/passwordless-strategy.md",
+      "redirect_url": "/windows/security/identity-protection/passwordless-strategy/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md",
       "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
@@ -427,12 +1427,12 @@
     },
     {
       "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_url": "https:/support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/identity-protection/password-support-policy.md",
-      "redirect_url": "https://support.microsoft.com/help/4490115",
+      "redirect_url": "https:/support.microsoft.com/help/4490115",
       "redirect_document_id": false
     },
     {
@@ -850,11 +1850,41 @@
       "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
@@ -865,16 +1895,86 @@
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/how-to-disable-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/how-to-disable-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/limitations-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/using-owa-with-wip.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/wip-learning.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-learning",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/introduction/index.md",
       "redirect_url": "/windows/security/introduction",
@@ -895,21 +1995,61 @@
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/countermeasures",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#bitlocker-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#$bitlocker-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/install-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
@@ -920,6 +2060,11 @@
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-security-faq.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
@@ -935,16 +2080,636 @@
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/operations-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-process#bitlocker-recovery-password-viewer",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml",
       "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/plan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/csv-san",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system-security/data-protection/index.md",
       "redirect_url": "/windows/security/operating-system-security/#data-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717262(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717263(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770289(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717260(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721530(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770729(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725978(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771822(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731463(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717237(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947845(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947794(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947848(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947836(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947800(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947783(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947791(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947799(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947827(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947819(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717261(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717238(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717284(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717277(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717279(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717293(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717253(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717249(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717270(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717275(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717278(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717245(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717246(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717247(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717274(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717243(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717283(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753540(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753825(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732933(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725818(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717281(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717259(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770426(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753367(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717292(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732202(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771233(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731164(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771366(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770899(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc726039(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771791(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731454(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770565(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754085(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731123(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770836(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731908(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732023(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717256(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731447(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731788(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717264(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721532(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717265(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717290(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717269(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717266(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717254(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730835(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771044(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771733(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732752(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725693(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771664(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732615(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754986(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771716(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947826(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730841(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc772556(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770865(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753064(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725659(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717267(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831807(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732486(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732413(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721528(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717251(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731951(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717273(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717241(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732024(v=ws.10)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/operating-system.md",
       "redirect_url": "/windows/security/operating-system-security",
@@ -955,6 +2720,11 @@
       "redirect_url": "/windows/security/security-foundations/index",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/security-foundations/msft-security-dev-lifecycle.md",
+      "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
@@ -1385,6 +3155,11 @@
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/change-history-for-threat-protection.md",
       "redirect_url": "/windows/security/threat-protection",
@@ -1427,7 +3202,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md",
-      "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78",
+      "redirect_url": "https:/support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78",
       "redirect_document_id": false
     },
     {
@@ -4082,7 +5857,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md",
-      "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
+      "redirect_url": "https:/feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
       "redirect_document_id": false
     },
     {
@@ -4100,6 +5875,11 @@
       "redirect_url": "/windows/security/security-foundations/msft-security-dev-lifecycle",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md",
       "redirect_url": "/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices",
@@ -4110,16 +5890,751 @@
       "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-this-computer-from-the-network",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-duration.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-duration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-threshold",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/account-policies.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-administrator-account-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-guest-account-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-administrator-account",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-guest-account",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/add-workstations-to-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/administer-security-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-locally",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/audit-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/back-up-files-and-directories",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/bypass-traverse-checking",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/change-the-system-time.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-system-time",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/change-the-time-zone.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-time-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/create-a-pagefile.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-pagefile",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/create-a-token-object.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-token-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/create-global-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-global-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-permanent-shared-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/create-symbolic-links.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-symbolic-links",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/debug-programs.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/debug-programs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-locally",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/enforce-password-history.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-password-history",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/generate-security-audits.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/generate-security-audits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-a-process-working-set",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-scheduling-priority",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/kerberos-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/kerberos-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/load-and-unload-device-drivers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/lock-pages-in-memory",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-batch-job",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/manage-auditing-and-security-log",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-password-age.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
       "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md",
       "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-age.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-length.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-length",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/modify-an-object-label.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-an-object-label",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-firmware-environment-values",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-list-manager-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/password-policy.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/profile-single-process.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-single-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/profile-system-performance.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-system-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/remove-computer-from-docking-station",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/replace-a-process-level-token",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/restore-files-and-directories",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/security-options.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/shut-down-the-system.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shut-down-the-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md",
       "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
@@ -4140,14 +6655,119 @@
       "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/synchronize-directory-service-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-optional-subsystems",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/user-rights-assignment.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-rights-assignment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md",
-      "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/",
+      "redirect_url": "https:/www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_url": "https:/support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
@@ -4580,11 +7200,6 @@
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference",
@@ -4685,11 +7300,6 @@
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
@@ -4860,11 +7470,6 @@
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions",
@@ -4935,11 +7540,6 @@
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets",
@@ -4955,11 +7555,6 @@
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md",
-      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md",
       "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker",
@@ -5207,7 +7802,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md",
-      "redirect_url": "https://aka.ms/AzureCodeSigning",
+      "redirect_url": "https:/aka.ms/AzureCodeSigning",
       "redirect_document_id": false
     },
     {
@@ -6727,7 +9322,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
-      "redirect_url": "https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
+      "redirect_url": "https:/feedback.smartscreen.microsoft.com/smartscreenfaq.aspx",
       "redirect_document_id": false
     },
     {
@@ -6975,6 +9570,11 @@
       "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
       "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices",
@@ -7337,27 +9937,27 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md",
       "redirect_document_id": false
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md",
       "redirect_document_id": false
     },
     {
@@ -7367,7 +9967,7 @@
     },
     {
       "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md",
+      "redirect_url": "https:/github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md",
       "redirect_document_id": false
     },
     {
@@ -7381,1914 +9981,9 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-considerations.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-known-issues.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-manage.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-requirements.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#$bitlocker-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure#bitlocker-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/countermeasures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-process#bitlocker-recovery-password-viewer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/network-unlock",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/plan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/operations-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/csv-san",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/install-server",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md",
-      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker#device-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721530(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725978(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770729(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731463(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771822(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753825(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725818(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732933(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753367(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770426(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732202(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771233(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731164(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770565(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754085(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731123(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770836(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731908(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731788(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731447(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721532(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730835(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771044(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771733(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732752(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725693(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771664(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732615(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc754986(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771716(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947826(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc730841(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732486(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj721528(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732413(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770289(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947845(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947794(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947848(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947836(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947800(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947783(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947791(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947799(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947827(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc947819(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717261(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717238(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717284(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717277(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732023(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717256(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc772556(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770865(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753064(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc725659(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731951(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717241(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc732024(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717262(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717263(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717260(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717237(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717279(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717293(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717253(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717249(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717270(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717275(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717278(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717245(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717246(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717247(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717274(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717243(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717283(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717288(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717281(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717259(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717292(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717264(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717265(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717290(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717269(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717266(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717254(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717267(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717251(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj717273(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc731454(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc770899(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771366(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc726039(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771791(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc753540(v=ws.10)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831807(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831418(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-logging",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/rdp-sign-in",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/security-foundations/msft-security-dev-lifecycle.md",
-      "redirect_url": "/compliance/assurance/assurance-microsoft-security-development-lifecycle",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/pin-reset",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md",
-      "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/prepare-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/passwordless-strategy.md",
-      "redirect_url": "/windows/security/identity-protection/passwordless-strategy/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/cloud.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-videos.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-faq.yml",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/access-this-computer-from-the-network",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-duration.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-duration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-lockout-threshold",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/account-policies.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/account-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-administrator-account-status",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-guest-account-status",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-administrator-account",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/accounts-rename-guest-account",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/add-workstations-to-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/administer-security-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-locally",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/audit-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/back-up-files-and-directories",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/bypass-traverse-checking",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/change-the-system-time.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-system-time",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/change-the-time-zone.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/change-the-time-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/create-a-pagefile.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-pagefile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/create-a-token-object.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-a-token-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/create-global-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-global-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-permanent-shared-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/create-symbolic-links.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/create-symbolic-links",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/debug-programs.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/debug-programs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-as-a-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-locally",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/enforce-password-history.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-password-history",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/generate-security-audits.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/generate-security-audits",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-a-process-working-set",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/increase-scheduling-priority",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/kerberos-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/kerberos-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/load-and-unload-device-drivers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/lock-pages-in-memory",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-batch-job",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/log-on-as-a-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/manage-auditing-and-security-log",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-password-age.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-password-age",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-age.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-age",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/minimum-password-length.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/minimum-password-length",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/modify-an-object-label.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-an-object-label",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/modify-firmware-environment-values",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-list-manager-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/password-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/password-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/profile-single-process.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-single-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/profile-system-performance.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/profile-system-performance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/remove-computer-from-docking-station",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/replace-a-process-level-token",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/restore-files-and-directories",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/security-options.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-options",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/security-policy-settings-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/shut-down-the-system.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/shut-down-the-system",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/synchronize-directory-service-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-optional-subsystems",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/user-rights-assignment.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/user-rights-assignment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/cloud-security/index.md",
-      "redirect_url": "/windows/security/cloud-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/dual-enrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/app-behavior-with-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/how-to-disable-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/how-to-disable-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/limitations-with-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/limitations-with-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/overview-create-wip-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/using-owa-with-wip.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/using-owa-with-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-app-enterprise-context",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/wip-learning.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/wip-learning",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/s-mode/wdac-allow-lob-win32-apps",
+      "source_path": "windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md",
       "redirect_document_id": false
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index 52264205ff..87446bab24 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 09/18/2023
+ms.date: 09/23/2024
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows Defender Application Control (WDAC):
+The following table lists the Windows editions that support App Control for Business:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses:
+App Control license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index ae406114d7..2fe6bc1844 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -9,7 +9,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 06/28/2024
+  ms.date: 09/27/2024
   ms.topic: landing-page
   ms.service: windows-client
   ms.subservice: itpro-apps
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 9e6cefb8ae..f1cf07572c 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -4,7 +4,7 @@ description: Learn about per-user services, how to change the template service s
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 12/22/2023
+ms.date: 10/01/2024
 ms.topic: how-to
 ms.service: windows-client
 ms.subservice: itpro-apps
@@ -99,7 +99,7 @@ $services = Get-Service
 foreach ( $service in $services ) {
   # For each specific service, check if the service type property includes the 64 bit using the bitwise AND operator (-band).
   # If the result equals the flag value, then the service is a per-user service.
-  if ( ( $service.ServiceType -band $flag ) -eq $flag ) { 
+  if ( ( $service.ServiceType -band $flag ) -eq $flag ) {
     # When a per-user service is found, then add that service object to the results array.
     $serviceList += $service
   }
@@ -229,14 +229,14 @@ If you can't use group policy preferences to manage the per-user services, you c
 
 1. The following example includes multiple commands that disable the specified Windows services by changing their **Start** value in the Windows Registry to `4`:
 
-```cmd
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f
-REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f
-```
+    ```cmd
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f
+    REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f
+    ```
 
 #### Example 2: Use the Registry Editor user interface to edit the registry
 
@@ -248,7 +248,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
 
 1. Change the **Value data** to `4`.
 
-:::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4.":::
+    :::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4.":::
 
 #### Example 3: Prevent the creation of per-user services
 
diff --git a/windows/application-management/sideload-apps-in-windows.md b/windows/application-management/sideload-apps-in-windows.md
index 3779938afc..8daf6b4e76 100644
--- a/windows/application-management/sideload-apps-in-windows.md
+++ b/windows/application-management/sideload-apps-in-windows.md
@@ -4,7 +4,7 @@ description: Learn how to sideload line-of-business (LOB) apps in Windows client
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 12/22/2023
+ms.date: 09/27/2024
 ms.topic: how-to
 ms.service: windows-client
 ms.subservice: itpro-apps
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index dd8f2e1b6b..7d20bc1c4c 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -11,9 +11,9 @@ ms.date: 01/31/2024
 
 <!-- ApplicationControl-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
+App Control for Business policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies) (introduced in Windows 10, version 1903). It also provides support for policy deployment (introduced in Windows 10, version 1709) without reboot. Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
 
-Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
+Existing App Control for Business policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although App Control policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
 <!-- ApplicationControl-Editable-End -->
 
 <!-- ApplicationControl-Tree-Begin -->
@@ -861,7 +861,7 @@ The following table provides the result of this policy based on different values
 
 ## Microsoft Intune Usage Guidance
 
-For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
+For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy App Control for Business policies by using Microsoft Intune](/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune).
 
 ## Generic MDM Server Usage Guidance
 
@@ -1014,7 +1014,7 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Co
 
 ### Setup for using the WMI Bridge
 
-1. Convert your WDAC policy to Base64.
+1. Convert your App Control policy to Base64.
 2. Open PowerShell in Local System context (through PSExec or something similar).
 3. Use WMI Interface:
 
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index f3aa4eedc9..2a743d498c 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -14,7 +14,7 @@ ms.date: 09/27/2024
 <!-- ADMX_DeviceGuard-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!WARNING]
-> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
+> Group Policy-based deployment of App Control for Business policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 <!-- ADMX_DeviceGuard-Editable-End -->
 
 <!-- ConfigCIPolicy-Begin -->
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 87d5304815..f9ece8c2d3 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -13,7 +13,7 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/mem/configmgr/ > Microsoft Configuration Manager</a>
 - ✅ <a href=https://learn.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus > WSUS </a>
-ms.date: 04/22/2024
+ms.date: 10/01/2024
 ---
 
 # How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager
@@ -31,11 +31,13 @@ Due to these changes, the **Specify settings for optional component installation
 
 The introduction of the **Specify source service for specific classes of Windows Updates** ([SetPolicyDrivenUpdateSourceFor<UpdateClass\>](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourceforfeatureupdates)) policy in Windows 10, version 2004 further complicated configuring settings for FoD and language pack content. 
 
-Starting in Windows 11, version 22H2, on-premises Unified Update Platform (UUP) updates were introduced. FoDs and language packs are available from WSUS again. It's no longer necessary to use the **Specify settings for optional component installation and component repair** policy for FoD and language pack content.  
+Starting in Windows 11, version 22H2, on-premises Unified Update Platform (UUP) updates were introduced. FoDs and language packs are available from WSUS again. It's no longer necessary to use the **Specify settings for optional component installation and component repair** policy for FoD and language pack content. This policy was modified starting in Windows 11, version 24H2 and the following options were removed:<!--8914508-->
+- Never attempt to download payload from Windows Update
+- Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)
 
 ## Version specific information for Features on Demand and language packs
 
-Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP.
+Windows 11, version 22H2, and later clients use on-premises Unified Update Platform (UUP) updates with WSUS and Microsoft Configuration Manager. These clients don't need to use **Specify settings for optional component installation and component repair** for FoDs and language packs since the content is available in WSUS due to on-premises UUP. The policy was modified starting in Windows 11, version 24H2 to remove the unneeded options.<!--8914508--> 
 
 For Windows 10, version 2004 through Windows 11, version 21H2, clients can't download FoDs or language packs when **Specify settings for optional component installation and component repair** is set to Windows Update and **Specify source service for specific classes of Windows Updates** ([SetPolicyDrivenUpdateSourceFor<FeatureUpdates/QualityUpdates>](/windows/client-management/mdm/policy-csp-update#setpolicydrivenupdatesourceforfeatureupdates)) for either feature or quality updates is set to WSUS. If you need this content, you can set **Specify settings for optional component installation and component repair** to Windows Update and then either:
 - Change the source selection for feature and quality updates to Windows Update 
diff --git a/windows/deployment/windows-enterprise-e3-overview.md b/windows/deployment/windows-enterprise-e3-overview.md
index 5d58a929ec..7be5082ac3 100644
--- a/windows/deployment/windows-enterprise-e3-overview.md
+++ b/windows/deployment/windows-enterprise-e3-overview.md
@@ -105,7 +105,6 @@ For more information about implementing Credential Guard, see the following reso
 - [Security considerations for Original Equipment Manufacturers](/windows-hardware/design/device-experiences/oem-security-considerations)
 - [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
 
-
 ### AppLocker management
 
 AppLocker in Windows Enterprise can be managed by using Group Policy. Group Policy requires having AD DS and that the Windows Enterprise devices are joined to an AD DS domain. AppLocker rules can be created by using Group Policy. The AppLocker rules can then be targeted to the appropriate devices.
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 6fbeb4df3b..a20075e2cf 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -15,7 +15,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 08/27/2024
+  ms.date: 10/01/2024
 
 highlightedContent:
 # itemType: architecture | concept | deploy | download | get-started | how-to-guide | training | overview | quickstart | reference | sample | tutorial | video | whats-new
@@ -25,13 +25,13 @@ highlightedContent:
     itemType: get-started
     url: /windows/whats-new/windows-11-overview
 
-  - title: Windows 11, version 23H2
+  - title: Windows 11, version 24H2
     itemType: whats-new
-    url: /windows/whats-new/whats-new-windows-11-version-23h2
+    url: /windows/whats-new/whats-new-windows-11-version-24h2
 
-  - title: Windows 11, version 23H2 group policy settings reference
+  - title: Windows 11, version 24H2 group policy settings reference
     itemType: download
-    url: https://www.microsoft.com/download/details.aspx?id=105668
+    url: https://www.microsoft.com/download/details.aspx?id=106255
 
   - title: Windows administrative tools
     itemType: concept
@@ -73,7 +73,7 @@ conceptualContent:
 
     - title: Privacy in Windows
       links:
-      - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+      - url: /windows/privacy/required-diagnostic-events-fields-windows-11-24h2
         itemType: reference
         text: Windows 11 required diagnostic data
       - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
similarity index 50%
rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
index 4dc0da5aba..8ea04f6820 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md
@@ -1,23 +1,22 @@
 ---
-title: Designing, creating, managing, and troubleshooting Windows Defender Application Control AppId Tagging policies
-description: How to design, create, manage, and troubleshoot your WDAC AppId Tagging policies
+title: Designing, creating, managing, and troubleshooting App Control for Business AppId Tagging policies
+description: How to design, create, manage, and troubleshoot your App Control AppId Tagging policies
 ms.localizationpriority: medium
-ms.date: 04/27/2022
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
-# WDAC Application ID (AppId) Tagging guide
+# App Control Application ID (AppId) Tagging guide
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 ## AppId Tagging Feature Overview
 
-The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't.
+The Application ID (AppId) Tagging Policy feature, while based off App Control for Business, doesn't control whether applications run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy receive the tag while failing applications don't.
 
 ## AppId Tagging Feature Availability
 
-The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
+The App Control AppId Tagging feature is available on the following versions of the Windows platform:
 
 Client:
 - Windows 10 20H1, 20H2, and 21H1 versions only
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
similarity index 73%
rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
index 1507fc348c..e62a226d9b 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@@ -2,20 +2,19 @@
 title: Testing and Debugging AppId Tagging Policies
 description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
 ms.localizationpriority: medium
-ms.date: 04/29/2022
+ms.date: 09/11/2024
 ms.topic: troubleshooting
 ---
 
 # Testing and Debugging AppId Tagging Policies
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
+After deployment of the App Control AppId Tagging policy, App Control will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
 
 ## Verifying Tags on Running Processes
 
-After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed.
+After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since App Control for Business can only tag processes created after the policy has been deployed.
 
 1. Download and Install the Windows Debugger
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
similarity index 54%
rename from windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
index 7f0824cace..82fbcd6156 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md
@@ -1,17 +1,16 @@
 ---
-title: Deploying Windows Defender Application Control AppId tagging policies
-description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
+title: Deploying App Control for Business AppId tagging policies
+description: How to deploy your App Control AppId tagging policies locally and globally within your managed environment.
 ms.localizationpriority: medium
-ms.date: 04/29/2022
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
-# Deploying Windows Defender Application Control AppId tagging policies
+# Deploying App Control for Business AppId tagging policies
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId tagging policy, use one of the following methods to deploy:
+Similar to App Control for Business policies, App Control AppId tagging policies can be deployed locally and to your managed endpoints several ways. Once you've created your AppId tagging policy, use one of the following methods to deploy:
 
 1. [Deploy AppId tagging policies with MDM](#deploy-appid-tagging-policies-with-mdm)
 1. [Deploy policies with Configuration Manager](#deploy-appid-tagging-policies-with-configuration-manager)
@@ -20,23 +19,23 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg
 
 ## Deploy AppId tagging policies with MDM
 
-Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
+Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-app-control-policies-with-custom-oma-uri).
 
 ## Deploy AppId tagging policies with Configuration Manager
 
-Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-wdac-policies-with-memcm.md#deploy-custom-wdac-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
+Custom AppId tagging policies can be deployed via Configuration Manager using the [deployment task sequences](../deployment/deploy-appcontrol-policies-with-memcm.md#deploy-custom-app-control-policies-using-packagesprograms-or-task-sequences), policies can be deployed to your managed endpoints and users.
 
 ### Deploy AppId tagging Policies via Scripting
 
-Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy WDAC AppId tagging policies via scripting, see [Deploy WDAC policies using script](../deployment/deploy-wdac-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later.
+Scripting hosts can be used to deploy AppId tagging policies as well. This approach is often best suited for local deployment, but works for deployment to managed endpoints and users too. For more information on how to deploy App Control AppId tagging policies via scripting, see [Deploy App Control policies using script](../deployment/deploy-appcontrol-policies-with-script.md). For AppId tagging policies, the only applicable method is deploying to version 1903 or later.
 
 ### Deploying policies via the ApplicationControl CSP
 
-Multiple WDAC policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.
+Multiple App Control policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.
 
 However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP.
 
 For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use Microsoft Intune's Custom OMA-URI capability.
 
 > [!NOTE]
-> WMI and GP don't currently support multiple policies. If you can't directly access the MDM stack, use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage multiple policy format Windows Defender Application Control policies.
+> WMI and GP don't currently support multiple policies. If you can't directly access the MDM stack, use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage multiple policy format App Control for Business policies.
diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md
new file mode 100644
index 0000000000..363d4b5dd8
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/design-create-appid-tagging-policies.md
@@ -0,0 +1,102 @@
+---
+title: Create your App Control for Business AppId Tagging Policies
+description: Create your App Control for Business AppId tagging policies for Windows devices.
+ms.localizationpriority: medium
+ms.date: 09/23/2024
+ms.topic: conceptual
+---
+
+# Creating your App Control AppId Tagging Policies
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+## Create the policy using the App Control Wizard
+
+You can use the App Control for Business Wizard and the PowerShell commands to create an App Control policy and convert it to an AppIdTagging policy. The App Control Wizard is available for download at the [App Control Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md).
+
+1. Create a new base policy using the templates:
+
+    Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/appcontrol-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
+
+    :::image type="content" alt-text="Configuring the policy base and template." source="../images/appid-appcontrol-wizard-1.png" lightbox="../images/appid-appcontrol-wizard-1.png":::
+
+    > [!NOTE]
+    > If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
+
+2. Set the following rule-options using the Wizard toggles:
+
+    :::image type="content" alt-text="Configuring the policy rule-options." source="../images/appid-appcontrol-wizard-2.png":::
+
+3. Create custom rules:
+
+    Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
+
+    - Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
+    - Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
+    - File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name.
+    - Package app name rules: Create a rule based off the package family name of an appx/msix.
+    - Hash rules: Create a rule based off the PE Authenticode hash of a file.
+
+    For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/appcontrol-wizard-create-base-policy.md#creating-custom-file-rules).
+
+4. Convert to AppId Tagging Policy:
+
+    After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
+
+    ```powershell
+    Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
+    ```
+    The policyID GUID is returned by the PowerShell command if successful.
+
+## Create the policy using PowerShell
+
+Using this method, you create an AppId Tagging policy directly using the App Control PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](appcontrol-appid-tagging-guide.md). In an elevate PowerShell instance:
+
+1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [App Control File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-app-control-for-business-policy---file-rule-levels) can be used in AppId rules:
+
+    ```powershell
+    $rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath <path_to_application>
+    ```
+2. Create the AppId Tagging Policy. Replace the AppIdTagging Key-Value pair for your scenario:
+
+    ```powershell
+    New-CIPolicy -rules $rule -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
+    ```
+3. Set the rule-options for the policy:
+
+    ```powershell
+    Set-RuleOption -Option 0 .\AppIdPolicy.xml  # Usermode Code Integrity (UMCI)
+    Set-RuleOption -Option 16 .\AppIdPolicy.xml # Refresh Policy no Reboot
+    Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
+    ```
+
+    If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
+
+4. Set the name and ID on the policy, which is helpful for future debugging:
+
+    ```powershell
+    Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
+    ```
+    The policyID GUID is returned by the PowerShell command if successful.
+
+## Deploy for Local Testing
+
+After creating your AppId Tagging policy in the above steps, you can deploy the policy to your local machine for testing before broadly deploying the policy to your endpoints:
+
+1. Depending on your deployment method, convert the xml to binary:
+
+    ```powershell
+    Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip"
+    ```
+
+2. Optionally, deploy it for local testing:
+
+    ```powershell
+    copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\
+    ./RefreshPolicy.exe
+    ```
+
+    RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925).
+
+## Next Steps
+For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/app-control-for-business/TOC.yml
similarity index 70%
rename from windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
rename to windows/security/application-security/application-control/app-control-for-business/TOC.yml
index 91cc8b46d0..b5ff7c1588 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
+++ b/windows/security/application-security/application-control/app-control-for-business/TOC.yml
@@ -1,126 +1,126 @@
 - name: Application Control for Windows
   href: index.yml
 - name: About application control for Windows
-  href: wdac.md
+  href: appcontrol.md
   expanded: true
   items:
-    - name: WDAC and AppLocker Overview
-      href: wdac-and-applocker-overview.md
-    - name: WDAC and AppLocker Feature Availability
+    - name: App Control and AppLocker Overview
+      href: appcontrol-and-applocker-overview.md
+    - name: App Control and AppLocker Feature Availability
       href: feature-availability.md
     - name: Virtualization-based protection of code integrity
-      href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-- name: WDAC design guide
-  href: design/wdac-design-guide.md
+      href: ../introduction-to-virtualization-based-security-and-appcontrol.md
+- name: Design guide
+  href: design/appcontrol-design-guide.md
   items:
-    - name: Plan for WDAC policy lifecycle management
-      href: design/plan-wdac-management.md
-    - name: Design your WDAC policy
+    - name: Plan for App Control policy lifecycle management
+      href: design/plan-appcontrol-management.md
+    - name: Design your App Control policy
       items:
-        - name: Understand WDAC policy design decisions
-          href: design/understand-wdac-policy-design-decisions.md
-        - name: Understand WDAC policy rules and file rules
+        - name: Understand App Control policy design decisions
+          href: design/understand-appcontrol-policy-design-decisions.md
+        - name: Understand App Control policy rules and file rules
           href: design/select-types-of-rules-to-create.md
           items:
             - name: Allow apps installed by a managed installer
               href: design/configure-authorized-apps-deployed-with-a-managed-installer.md
             - name: Allow reputable apps with Intelligent Security Graph (ISG)
-              href: design/use-wdac-with-intelligent-security-graph.md
+              href: design/use-appcontrol-with-intelligent-security-graph.md
             - name: Allow COM object registration
-              href: design/allow-com-object-registration-in-wdac-policy.md
-            - name: Use WDAC with .NET hardening
-              href: design/wdac-and-dotnet.md
-            - name: Script enforcement with Windows Defender Application Control
+              href: design/allow-com-object-registration-in-appcontrol-policy.md
+            - name: Use App Control with .NET hardening
+              href: design/appcontrol-and-dotnet.md
+            - name: Script enforcement with App Control for Business
               href: design/script-enforcement.md
-            - name: Manage packaged apps with WDAC
-              href: design/manage-packaged-apps-with-wdac.md
-            - name: Use WDAC to control specific plug-ins, add-ins, and modules
-              href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
-            - name: Understand WDAC policy settings
-              href: design/understanding-wdac-policy-settings.md
-        - name: Use multiple WDAC policies
-          href: design/deploy-multiple-wdac-policies.md
-    - name: Create your WDAC policy
+            - name: Manage packaged apps with App Control
+              href: design/manage-packaged-apps-with-appcontrol.md
+            - name: Use App Control to control specific plug-ins, add-ins, and modules
+              href: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+            - name: Understand App Control policy settings
+              href: design/understanding-appcontrol-policy-settings.md
+        - name: Use multiple App Control policies
+          href: design/deploy-multiple-appcontrol-policies.md
+    - name: Create your App Control policy
       items:
-        - name: Example WDAC base policies
-          href: design/example-wdac-base-policies.md
-        - name: Policy creation for common WDAC usage scenarios
-          href: design/common-wdac-use-cases.md
+        - name: Example App Control base policies
+          href: design/example-appcontrol-base-policies.md
+        - name: Policy creation for common App Control usage scenarios
+          href: design/common-appcontrol-use-cases.md
           items:
-            - name: Create a WDAC policy for lightly managed devices
-              href: design/create-wdac-policy-for-lightly-managed-devices.md
-            - name: Create a WDAC policy for fully managed devices
-              href: design/create-wdac-policy-for-fully-managed-devices.md
-            - name: Create a WDAC policy for fixed-workload devices
-              href: design/create-wdac-policy-using-reference-computer.md
-            - name: Create a WDAC deny list policy
-              href: design/create-wdac-deny-policy.md
-            - name: Applications that can bypass WDAC and how to block them
-              href: design/applications-that-can-bypass-wdac.md
+            - name: Create an App Control policy for lightly managed devices
+              href: design/create-appcontrol-policy-for-lightly-managed-devices.md
+            - name: Create an App Control policy for fully managed devices
+              href: design/create-appcontrol-policy-for-fully-managed-devices.md
+            - name: Create an App Control policy for fixed-workload devices
+              href: design/create-appcontrol-policy-using-reference-computer.md
+            - name: Create an App Control deny list policy
+              href: design/create-appcontrol-deny-policy.md
+            - name: Applications that can bypass App Control and how to block them
+              href: design/applications-that-can-bypass-appcontrol.md
             - name: Microsoft recommended driver block rules
               href: design/microsoft-recommended-driver-block-rules.md
-        - name: Use the WDAC Wizard tool
-          href: design/wdac-wizard.md
+        - name: Use the App Control Wizard tool
+          href: design/appcontrol-wizard.md
           items:
-            - name: Create a base WDAC policy with the Wizard
-              href: design/wdac-wizard-create-base-policy.md
-            - name: Create a supplemental WDAC policy with the Wizard
-              href: design/wdac-wizard-create-supplemental-policy.md
-            - name: Editing a WDAC policy with the Wizard
-              href: design/wdac-wizard-editing-policy.md
-            - name: Creating WDAC Policy Rules from WDAC Events
-              href: design/wdac-wizard-parsing-event-logs.md
-            - name: Merging multiple WDAC policies with the Wizard
-              href: design/wdac-wizard-merging-policies.md
-- name: WDAC deployment guide
-  href: deployment/wdac-deployment-guide.md
+            - name: Create a base App Control policy with the Wizard
+              href: design/appcontrol-wizard-create-base-policy.md
+            - name: Create a supplemental App Control policy with the Wizard
+              href: design/appcontrol-wizard-create-supplemental-policy.md
+            - name: Editing an App Control policy with the Wizard
+              href: design/appcontrol-wizard-editing-policy.md
+            - name: Creating App Control Policy Rules from App Control Events
+              href: design/appcontrol-wizard-parsing-event-logs.md
+            - name: Merging multiple App Control policies with the Wizard
+              href: design/appcontrol-wizard-merging-policies.md
+- name: Deployment guide
+  href: deployment/appcontrol-deployment-guide.md
   items:
-    - name: Deploy WDAC policies with MDM
-      href: deployment/deploy-wdac-policies-using-intune.md
-    - name: Deploy WDAC policies with Configuration Manager
-      href: deployment/deploy-wdac-policies-with-memcm.md
-    - name: Deploy WDAC policies with script
-      href: deployment/deploy-wdac-policies-with-script.md
-    - name: Deploy WDAC policies with group policy
-      href: deployment/deploy-wdac-policies-using-group-policy.md
-    - name: Audit WDAC policies
-      href: deployment/audit-wdac-policies.md
-    - name: Merge WDAC policies
-      href: deployment/merge-wdac-policies.md
-    - name: Enforce WDAC policies
-      href: deployment/enforce-wdac-policies.md
-    - name: Use code signing for added control and protection with WDAC
+    - name: Deploy App Control policies with MDM
+      href: deployment/deploy-appcontrol-policies-using-intune.md
+    - name: Deploy App Control policies with Configuration Manager
+      href: deployment/deploy-appcontrol-policies-with-memcm.md
+    - name: Deploy App Control policies with script
+      href: deployment/deploy-appcontrol-policies-with-script.md
+    - name: Deploy App Control policies with group policy
+      href: deployment/deploy-appcontrol-policies-using-group-policy.md
+    - name: Audit App Control policies
+      href: deployment/audit-appcontrol-policies.md
+    - name: Merge App Control policies
+      href: deployment/merge-appcontrol-policies.md
+    - name: Enforce App Control policies
+      href: deployment/enforce-appcontrol-policies.md
+    - name: Use code signing for added control and protection with App Control
       href: deployment/use-code-signing-for-better-control-and-protection.md
       items:
-        - name: Deploy catalog files to support WDAC
-          href: deployment/deploy-catalog-files-to-support-wdac.md
-        - name: Use signed policies to protect Windows Defender Application Control against tampering
-          href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md
-        - name: "Optional: Create a code signing cert for WDAC"
-          href: deployment/create-code-signing-cert-for-wdac.md
-    - name: Disable WDAC policies
-      href: deployment/disable-wdac-policies.md
-- name: WDAC operational guide
-  href: operations/wdac-operational-guide.md
+        - name: Deploy catalog files to support App Control
+          href: deployment/deploy-catalog-files-to-support-appcontrol.md
+        - name: Use signed policies to protect App Control for Business against tampering
+          href: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
+        - name: "Optional: Create a code signing cert for App Control"
+          href: deployment/create-code-signing-cert-for-appcontrol.md
+    - name: Disable App Control policies
+      href: deployment/disable-appcontrol-policies.md
+- name: Operational guide
+  href: operations/appcontrol-operational-guide.md
   items:
-    - name: WDAC debugging and troubleshooting
-      href: operations/wdac-debugging-and-troubleshooting.md
-    - name: Understanding Application Control event IDs
+    - name: App Control debugging and troubleshooting
+      href: operations/appcontrol-debugging-and-troubleshooting.md
+    - name: Understanding App Control event IDs
       href: operations/event-id-explanations.md
-    - name: Understanding Application Control event tags
+    - name: Understanding App Control event tags
       href: operations/event-tag-explanations.md
-    - name: Query WDAC events with Advanced hunting
+    - name: Query App Control events with Advanced hunting
       href: operations/querying-application-control-events-centrally-using-advanced-hunting.md
     - name: Known Issues
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
-      href: operations/configure-wdac-managed-installer.md
+      href: operations/configure-appcontrol-managed-installer.md
     - name: CITool.exe technical reference
       href: operations/citool-commands.md
-    - name: Inbox WDAC policies
-      href: operations/inbox-wdac-policies.md
-- name: WDAC AppId Tagging guide
-  href: AppIdTagging/wdac-appid-tagging-guide.md
+    - name: Inbox App Control policies
+      href: operations/inbox-appcontrol-policies.md
+- name: AppId Tagging guide
+  href: AppIdTagging/appcontrol-appid-tagging-guide.md
   items:
     - name: Creating AppId Tagging Policies
       href: AppIdTagging/design-create-appid-tagging-policies.md
diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md
new file mode 100644
index 0000000000..5520d9161c
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview.md
@@ -0,0 +1,64 @@
+---
+title: App Control and AppLocker Overview
+description: Compare Windows application control technologies.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# App Control for Business and AppLocker Overview
+
+[!INCLUDE [Feature availability note](includes/feature-availability-note.md)]
+
+Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: App Control for Business and AppLocker.
+
+## App Control for Business
+
+App Control was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
+
+App Control policies apply to the managed computer as a whole and affects all users of the device. App Control rules can be defined based on:
+
+- Attributes of the codesigning certificate(s) used to sign an app and its binaries
+- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
+- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-appcontrol-with-intelligent-security-graph.md)
+- The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md))
+- The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
+- The process that launched the app or binary
+
+> [!NOTE]
+> App Control was originally released as part of Device Guard and called configurable code integrity. Device Guard and configurable code integrity are no longer used except to find where to deploy App Control policy via Group Policy.
+
+### App Control System Requirements
+
+App Control policies can be created and applied on any client edition of Windows 10 or Windows 11, or on Windows Server 2016 and higher. App Control policies can be deployed via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy App Control policies, but is limited to single-policy format policies that work on Windows Server 2016 and 2019.
+
+For more information on which individual App Control features are available on specific App Control builds, see [App Control feature availability](feature-availability.md).
+
+## AppLocker
+
+AppLocker was introduced with Windows 7, and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end-users from running unapproved software on their computers but doesn't meet the servicing criteria for being a security feature.
+
+AppLocker policies can apply to all users on a computer, or to individual users and groups. AppLocker rules can be defined based on:
+
+- Attributes of the codesigning certificate(s) used to sign an app and its binaries.
+- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file.
+- The path from which the app or file is launched.
+
+AppLocker is also used by some features of App Control, including [managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md) and the [Intelligent Security Graph](design/use-appcontrol-with-intelligent-security-graph.md).
+
+### AppLocker System Requirements
+
+AppLocker policies can only be configured on and applied to devices that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](applocker/requirements-to-use-applocker.md).
+AppLocker policies can be deployed using Group Policy or MDM.
+
+## Choose when to use App Control or AppLocker
+
+Generally, customers who are able to implement application control using App Control, rather than AppLocker, should do so. App Control is undergoing continual improvements, and is getting added support from Microsoft management platforms. Although AppLocker continues to receive security fixes, it isn't getting new feature improvements.
+
+However, in some cases, AppLocker might be the more appropriate technology for your organization. AppLocker is best when:
+
+- You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
+- You need to apply different policies for different users or groups on shared computers.
+- You don't want to enforce application control on application files such as DLLs or drivers.
+
+AppLocker can also be deployed as a complement to App Control to add user or group-specific rules for shared device scenarios, where it's important to prevent some users from running specific apps. As a best practice, you should enforce App Control at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
similarity index 69%
rename from windows/security/application-security/application-control/windows-defender-application-control/wdac.md
rename to windows/security/application-security/application-control/app-control-for-business/appcontrol.md
index 2d0145d3bc..561da483b6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
+++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
@@ -4,14 +4,13 @@ description: Application Control restricts which applications users are allowed
 ms.localizationpriority: medium
 ms.collection:
 - tier3
-ms.date: 08/30/2023
+ms.date: 09/11/2024
 ms.topic: overview
 ---
 
 # Application Control for Windows
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+[!INCLUDE [Feature availability note](includes/feature-availability-note.md)]
 
 With thousands of new malicious files created every day, using traditional methods like antivirus solutions-signature-based detection to fight against malware-provides an inadequate defense against new attacks.
 
@@ -26,14 +25,14 @@ Application control is a crucial line of defense for protecting enterprises give
 
 Windows 10 and Windows 11 include two technologies that can be used for application control depending on your organization's specific scenarios and requirements:
 
-- **Windows Defender Application Control (WDAC)**; and
+- **App Control for Business**; and
 - **AppLocker**
 
-## WDAC and Smart App Control
+## App Control and Smart App Control
 
-Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
+Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on App Control, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-appcontrol-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for App Control enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example App Control base policy](design/create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-app-control-base-policy).
 
-Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect.
+Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](operations/citool-commands.md#refresh-the-app-control-policies-on-the-system) for the change to take effect.
 
 | Value | Description |
 |-------|-------------|
@@ -46,7 +45,7 @@ Smart App Control is only available on clean installation of Windows 11 version
 
 ### Smart App Control Enforced Blocks
 
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-appcontrol.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
 
 - Infdefaultinstall.exe
 - Microsoft.Build.dll
@@ -57,7 +56,7 @@ Smart App Control enforces the [Microsoft Recommended Driver Block rules](design
 
 ## Related articles
 
-- [WDAC design guide](design/wdac-design-guide.md)
-- [WDAC deployment guide](deployment/wdac-deployment-guide.md)
-- [WDAC operational guide](operations/wdac-operational-guide.md)
+- [App Control design guide](design/appcontrol-design-guide.md)
+- [App Control deployment guide](deployment/appcontrol-deployment-guide.md)
+- [App Control operational guide](operations/appcontrol-operational-guide.md)
 - [AppLocker overview](applocker/applocker-overview.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 76569e20e6..64ec3acfbf 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -3,7 +3,7 @@ title: Add rules for packaged apps to existing AppLocker rule-set
 description: This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Add rules for packaged apps to existing AppLocker rule-set
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md
index a095fd7246..d2e0c1da1e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/administer-applocker.md
@@ -3,7 +3,7 @@ title: Administer AppLocker
 description: This article for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Administer AppLocker
@@ -27,11 +27,11 @@ AppLocker helps administrators control how users can access and use files, such
 | [Edit an AppLocker policy](edit-an-applocker-policy.md) | This article for IT professionals describes the steps required to modify an AppLocker policy. |
 | [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md) | This article discusses the steps required to test an AppLocker policy prior to deployment. |
 | [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md) | This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. |
-| [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md) | This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. |
+| [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md) | This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker policies. |
 | [Optimize AppLocker performance](optimize-applocker-performance.md) | This article for IT professionals describes how to optimize AppLocker policy enforcement. |
 | [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md) | This article for IT professionals describes how to monitor app usage when AppLocker policies are applied. |
 | [Manage packaged apps with AppLocker](manage-packaged-apps-with-applocker.md) | This article for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. |
-| [Working with AppLocker rules](working-with-applocker-rules.md) | This article for IT professionals describes AppLocker rule types and how to work with them for your application control policies. |
+| [Working with AppLocker rules](working-with-applocker-rules.md) | This article for IT professionals describes AppLocker rule types and how to work with them for your policies. |
 | [Working with AppLocker policies](working-with-applocker-policies.md) | This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies. |
 
 ## Using the MMC snap-ins to administer AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
index 763fd8e86d..7314cce2f9 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md
@@ -3,7 +3,7 @@ title: AppLocker architecture and components
 description: This article for IT professional describes AppLocker’s basic architecture and its major components.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker architecture and components
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
index 8ab68a0205..2ce3ad5532 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md
@@ -3,7 +3,7 @@ title: AppLocker functions
 description: This article for the IT professional lists the functions and security levels for AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker functions
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
similarity index 92%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
index 654b172dca..1af7a371bb 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md
@@ -1,23 +1,23 @@
 ---
 title: AppLocker
-description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
+description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker policies.
 ms.collection:
 - tier3
 - must-keep
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # AppLocker
 
-This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of Windows Defender Application Control.
+This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. AppLocker is also used by some features of App Control for Business.
 
 > [!NOTE]
-> AppLocker is a defense-in-depth security feature and not considered a defensible Windows [security feature](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+> AppLocker is a defense-in-depth security feature and not considered a defensible Windows [security feature](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [App Control for Business](../appcontrol-and-applocker-overview.md) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
 
 > [!NOTE]
-> By default, AppLocker policy only applies to code launched in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to non-user processes, including those running as SYSTEM. For more information, see [AppLocker rule collection extensions](/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions#services-enforcement).
+> By default, AppLocker policy only applies to code launched in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to non-user processes, including those running as SYSTEM. For more information, see [AppLocker rule collection extensions](rule-collection-extensions.md#services-enforcement).
 
 AppLocker can help you:
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
index cb437f92b7..8520621d36 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md
@@ -3,7 +3,7 @@ title: AppLocker deployment guide
 description: This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker deployment guide
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
similarity index 83%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
index 0299b53b2a..174ed4907c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md
@@ -3,7 +3,7 @@ title: AppLocker design guide
 description: This article for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker design guide
@@ -12,14 +12,14 @@ This article for the IT professional introduces the design and planning steps re
 
 This guide provides important designing and planning information for deploying application control policies by using AppLocker. Through a sequential and iterative process, you can create an AppLocker policy deployment plan for your organization that addresses your specific application control requirements by department, organizational unit, or business group.
 
-To understand if AppLocker is the correct application control solution for your organization, see [Windows Defender Application Control and AppLocker overview](/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview).
+To understand if AppLocker is the correct application control solution for your organization, see [App Control for Business and AppLocker overview](../appcontrol-and-applocker-overview.md).
 
 ## In this section
 
 | Article | Description |
 | --- | --- |
 | [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) | This article describes AppLocker design questions, possible answers, and other considerations when you plan a deployment of application control policies by using AppLocker. |
-| [Determine your application control objectives](determine-your-application-control-objectives.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. |
+| [Determine your application control objectives](../appcontrol-and-applocker-overview.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. |
 | [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) | This article describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. |
 | [Select the types of rules to create](select-types-of-rules-to-create.md) | This article lists resources you can use when selecting your application control policy rules by using AppLocker. |
 | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview article describes the process to follow when you're planning to deploy AppLocker rules. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
index a2776beaac..0d11e182ca 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md
@@ -3,7 +3,7 @@ title: AppLocker policy use scenarios
 description: This article for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker policy use scenarios
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
similarity index 94%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
index 36cd302f29..4bc0bd0949 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md
@@ -3,13 +3,12 @@ title: AppLocker processes and interactions
 description: This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker processes and interactions
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 
@@ -77,7 +76,7 @@ There are three different types of conditions that can be applied to rules:
 
 An AppLocker policy is a set of rule collections and their corresponding configured enforcement mode settings applied to one or more computers.
 
-- [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md)
+- [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes)
 
     Rule enforcement is applied only to collections of rules, not individual rules. AppLocker divides the rules into four collections: executable files, Windows Installer files, scripts, and DLL files. The options for rule enforcement are **Not configured**, **Enforce rules**, or **Audit only**. Together, all AppLocker rule collections compose the application control policy, or AppLocker policy. By default, if enforcement isn't configured and rules are present in a rule collection, those rules are enforced.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
index 0952a3d433..5dd3820526 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md
@@ -3,7 +3,7 @@ title: AppLocker technical reference
 description: This overview article for IT professionals provides links to the articles in the technical reference.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # AppLocker technical reference
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md
index b6654f9688..422f3a9acd 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -3,7 +3,7 @@ title: Configure an AppLocker policy for audit only
 description: This article for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Configure an AppLocker policy for audit only
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md
index 5762b9c128..07c51af5bb 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -3,7 +3,7 @@ title: Configure an AppLocker policy for enforce rules
 description: This article for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Configure an AppLocker policy for enforce rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md
index 3e1a1dcca4..11900e02c0 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -3,7 +3,7 @@ title: Add exceptions for an AppLocker rule
 description: This article for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Add exceptions for an AppLocker rule
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md
index 9ad52b4cd3..f6acca16ba 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-appLocker-reference-device.md
@@ -3,7 +3,7 @@ title: Configure the AppLocker reference device
 description: This article for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Configure the AppLocker reference device
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md
index b31f8f059d..c4156e9b57 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/configure-the-application-identity-service.md
@@ -3,7 +3,7 @@ title: Configure the Application Identity service
 description: This article for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Configure the Application Identity service
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md
index 6f06404070..07fd6f2866 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-for-packaged-apps.md
@@ -3,7 +3,7 @@ title: Create a rule for packaged apps
 description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Create a rule for packaged apps
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index a486b03055..b764bb0493 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -3,7 +3,7 @@ title: Create a rule that uses a file hash condition
 description: This article for IT professionals shows how to create an AppLocker rule with a file hash condition.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Create a rule that uses a file hash condition
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md
index c90bf8fe32..fe26c1ee6a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -3,7 +3,7 @@ title: Create a rule that uses a path condition
 description: This article for IT professionals shows how to create an AppLocker rule with a path condition.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Create a rule that uses a path condition
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 8da8f1de23..9b07438ec7 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -3,7 +3,7 @@ title: Create a rule that uses a publisher condition
 description: This article for IT professionals shows how to create an AppLocker rule with a publisher condition.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Create a rule that uses a publisher condition
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md
index b6ddfb364e..fd2aa8e292 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-applocker-default-rules.md
@@ -3,7 +3,7 @@ title: Create AppLocker default rules
 description: This article for IT professionals describes the steps to create a standard set of AppLocker rules that allow Windows system files to run.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Create AppLocker default rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
index de0b5c522f..f015e79882 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -3,7 +3,7 @@ title: Create a list of apps deployed to each business group
 description: This article describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Gathering app usage requirements
@@ -30,7 +30,7 @@ Using the Automatically Generate Rules wizard quickly creates rules for the appl
 Using the **Audit only** enforcement method permits you to view the logs because it collects information about every process on the computers receiving the Group Policy Object (GPO). Therefore, you can evaluate the possible effects of enforcement on computers in a business group. AppLocker includes Windows PowerShell cmdlets that you can use to analyze the events from the event log and cmdlets to create rules. However, when you use Group Policy to deploy to several computers, a means to collect events in a central location is important for manageability. Because AppLocker logs information about files that users or other processes start on a computer, you could miss creating some rules initially. Therefore, you should continue your evaluation until you can verify that all required applications that are allowed to run are accessed successfully.
 
 > [!TIP]
-> If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker.  
+> If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker.
 
 You can create an inventory of Packaged apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console.
 
@@ -44,7 +44,7 @@ The following articles describe how to perform each method:
 Identify the business group and each organizational unit (OU) within that group for application control policies. In addition, you should identify whether or not AppLocker is the most appropriate solution for these policies. For info about these steps, see the following articles:
 
 - [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-- [Determine your application control objectives](determine-your-application-control-objectives.md)
+- [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 
 ## Next steps
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md
index 1b14478169..69119137f4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-policies.md
@@ -3,7 +3,7 @@ title: Create Your AppLocker policies
 description: This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Create Your AppLocker policies
@@ -18,7 +18,7 @@ You can develop an application control policy plan to guide you in making succes
 
 1. [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md)
 2. [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md)
-3. [Determine your application control objectives](determine-your-application-control-objectives.md)
+3. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 4. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 5. [Select the types of rules to create](select-types-of-rules-to-create.md)
 6. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md
index e04367462f..415e9582f8 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-your-applocker-rules.md
@@ -3,7 +3,7 @@ title: Create Your AppLocker rules
 description: This article for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Create Your AppLocker rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md
index 0c7ba5799c..95836e5b28 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/delete-an-applocker-rule.md
@@ -3,7 +3,7 @@ title: Delete an AppLocker rule
 description: This article for IT professionals describes the steps to delete an AppLocker rule.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Delete an AppLocker rule
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
similarity index 92%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index e974fdf194..83e603b364 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -3,7 +3,7 @@ title: Deploy AppLocker policies by using the enforce rules setting
 description: This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Deploy AppLocker policies by using the enforce rules setting
@@ -14,7 +14,7 @@ This article for IT professionals describes the steps to deploy AppLocker polici
 
 These procedures assume that your AppLocker policies are deployed with the enforcement mode set to **Audit only**, and you have been collecting data through the AppLocker event logs and other channels to determine what effect these policies have on your environment and the policy's adherence to your application control design.
 
-For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md).
+For info about the AppLocker policy enforcement setting, see [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes).
 
 For info about how to plan an AppLocker policy deployment, see [AppLocker Design Guide](applocker-policies-design-guide.md).
 
@@ -24,7 +24,7 @@ Updating an AppLocker policy that is currently enforced in your production envir
 
 ## Step 2: Alter the enforcement setting
 
-Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](understand-applocker-enforcement-settings.md). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
+Rule enforcement is applied to all rules within a rule collection, not to individual rules. AppLocker divides the rules into collections: executable files, Windows Installer files, packaged apps, scripts, and DLL files. For information about the enforcement mode setting, see [Understand AppLocker Enforcement Settings](working-with-applocker-rules.md#enforcement-modes). For the procedure to alter the enforcement mode setting, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
 
 ## Step 3: Update the policy
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
index d2ef52adad..941a047e99 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md
@@ -3,7 +3,7 @@ title: Deploy the AppLocker policy into production
 description: This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Deploy the AppLocker policy into production
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
similarity index 87%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
index fb13e22d88..29380fe1e1 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -3,7 +3,7 @@ title: Determine the Group Policy structure and rule enforcement
 description: This overview article describes the process to follow when you're planning to deploy AppLocker rules.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Determine the Group Policy structure and rule enforcement
@@ -14,7 +14,7 @@ This overview article describes the process to follow when you're planning to de
 
 | Article | Description |
 | --- | --- |
-| [Understand AppLocker enforcement settings](understand-applocker-enforcement-settings.md) | This article describes the AppLocker enforcement settings for rule collections. |
+| [Understand AppLocker enforcement settings](working-with-applocker-rules.md#enforcement-modes) | This article describes the AppLocker enforcement settings for rule collections. |
 | [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md) | This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.|
 | [Document the Group Policy structure and AppLocker rule enforcement](document-group-policy-structure-and-applocker-rule-enforcement.md) | This planning article describes what you need to investigate, determine, and document for your policy plan when you use AppLocker. |
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index 56fef83f74..e1c6c88c0a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -3,7 +3,7 @@ title: Find digitally signed apps on a reference device
 description: This article for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Determine which apps are digitally signed on a reference device
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 64307b01ba..bf1a962a76 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -3,7 +3,7 @@ title: Display a custom URL message when users try to run a blocked app
 description: This article for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy blocks an app.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Display a custom URL message when users try to run a blocked app
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
index 36da65e276..054c18fb61 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md
@@ -3,7 +3,7 @@ title: DLL rules in AppLocker
 description: This article describes the file formats and available default rules for the DLL rule collection.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # DLL rules in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
similarity index 95%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 294689bc28..b440a69b68 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -3,7 +3,7 @@ title: Document Group Policy structure & AppLocker rule enforcement
 description: This planning article describes what you need to include in your plan when you use AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Document the Group Policy structure and AppLocker rule enforcement
@@ -14,7 +14,7 @@ This planning article describes what you should include in your plan when you us
 
 To complete this AppLocker planning document, you should first complete the following steps:
 
-1. [Determine your application control objectives](determine-your-application-control-objectives.md)
+1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3. [Select the types of rules to create](select-types-of-rules-to-create.md)
 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
index f42d12d410..00e357875d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md
@@ -3,7 +3,7 @@ title: Document your app list
 description: This planning article describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Document your app list
@@ -14,7 +14,7 @@ This planning article describes the app information that you should document whe
 
 ### Apps
 
-Record the name of the app, its publisher information (if digitally signed), and its importance to the business. 
+Record the name of the app, its publisher information (if digitally signed), and its importance to the business.
 
 ### Installation path
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md
index 1d5ff7d78e..efd0c0211f 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-applocker-rules.md
@@ -3,7 +3,7 @@ title: Document your AppLocker rules
 description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Document your AppLocker rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md
index fe3ac2062b..3ebf404dc6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-an-applocker-policy.md
@@ -3,7 +3,7 @@ title: Edit an AppLocker policy
 description: This article for IT professionals describes the steps required to modify an AppLocker policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Edit an AppLocker policy
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md
index 111678d496..7ae6e91083 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/edit-applocker-rules.md
@@ -3,7 +3,7 @@ title: Edit AppLocker rules
 description: This article for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Edit AppLocker rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md
index d48deeaad8..c2569a0918 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enable-the-dll-rule-collection.md
@@ -3,7 +3,7 @@ title: Enable the DLL rule collection
 description: This article for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Enable the DLL rule collection
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
index 757d76eb6c..2abb621ddc 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md
@@ -3,7 +3,7 @@ title: Enforce AppLocker rules
 description: This article for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Enforce AppLocker rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
index e90dc2b98e..99ffe04a6d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md
@@ -3,7 +3,7 @@ title: Executable rules in AppLocker
 description: This article describes the file formats and available default rules for the executable rule collection.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Executable rules in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md
index b4150f2544..c9fe560838 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -3,7 +3,7 @@ title: Export an AppLocker policy from a GPO
 description: This article for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Export an AppLocker policy from a GPO
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md
similarity index 97%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md
index 9612096a6e..106a4d836e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -3,7 +3,7 @@ title: Export an AppLocker policy to an XML file
 description: This article for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Export an AppLocker policy to an XML file
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
index b2f3e10097..c704a9e977 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md
@@ -3,7 +3,7 @@ title: How AppLocker works
 description: This article for the IT professional provides links to articles about AppLocker architecture and components, processes and interactions, rules and policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # How AppLocker works
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plan-inheritance.gif
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif
rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plan-inheritance.gif
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plandeploy-quickreference.gif
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif
rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/applocker-plandeploy-quickreference.gif
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/app-control-for-business/applocker/images/blockedappmsg.gif
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif
rename to windows/security/application-security/application-control/app-control-for-business/applocker/images/blockedappmsg.gif
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md
index 6998942c9b..2472b7892c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-from-another-computer.md
@@ -3,7 +3,7 @@ title: Import an AppLocker policy from another computer
 description: This article for IT professionals describes how to import an AppLocker policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Import an AppLocker policy from another computer
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md
index cf00b805b3..039d978649 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -3,7 +3,7 @@ title: Import an AppLocker policy into a GPO
 description: This article for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Import an AppLocker policy into a GPO
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md
index 75f6df943a..a4926c5f73 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/maintain-applocker-policies.md
@@ -3,7 +3,7 @@ title: Maintain AppLocker policies
 description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Maintain AppLocker policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md
index f190ea35b7..b3e041a0f1 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/manage-packaged-apps-with-applocker.md
@@ -3,7 +3,7 @@ title: Manage packaged apps with AppLocker
 description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/20/2023
+ms.date: 09/11/2024
 ---
 
 # Manage packaged apps with AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
similarity index 89%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 2489e8b738..4df24222a0 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -3,14 +3,14 @@ title: Merge AppLocker policies by using Set-ApplockerPolicy
 description: This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Merge AppLocker policies by using Set-ApplockerPolicy
 
 This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 
-The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local policy is used. When the Merge parameter is used, rules in the specified AppLocker policy are merged with the AppLocker rules in the target GPO specified in the LDAP path. Merging policies removes rules with duplicate rule IDs, and the enforcement mode setting is chosen as described in [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes). If the Merge parameter isn't specified, then the new policy overwrites the existing policy.
+The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local policy is used. When the Merge parameter is used, rules in the specified AppLocker policy are merged with the AppLocker rules in the target GPO specified in the LDAP path. Merging policies removes rules with duplicate rule IDs, and the enforcement mode setting is chosen as described in [Working with AppLocker rules](working-with-applocker-rules.md#enforcement-modes). If the Merge parameter isn't specified, then the new policy overwrites the existing policy.
 
 For info about using **Set-AppLockerPolicy**, including syntax descriptions and parameters, see [Set-AppLockerPolicy](/powershell/module/applocker/set-applockerpolicy).
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md
similarity index 79%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md
index a17f0dbc2f..324bef3248 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/merge-applocker-policies-manually.md
@@ -3,7 +3,7 @@ title: Merge AppLocker policies manually
 description: This article for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Merge AppLocker policies manually
@@ -12,7 +12,7 @@ This article for IT professionals describes the steps to manually merge AppLocke
 
 If you need to merge multiple AppLocker policies into a single one, you can either manually merge the policies or use the Windows PowerShell cmdlets for AppLocker. You can't automatically merge policies by using the AppLocker console. For info about merging policies by using Windows PowerShell, see [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md).
 
-The AppLocker policy is stored in XML format, and an exported policy can be edited with any text or XML editor. To export an AppLocker policy, see [Export an AppLocker policy to an XML file](/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file). Before making changes to an AppLocker policy manually, review [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules).
+The AppLocker policy is stored in XML format, and an exported policy can be edited with any text or XML editor. To export an AppLocker policy, see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md). Before making changes to an AppLocker policy manually, review [Working with AppLocker rules](working-with-applocker-rules.md).
 
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md
index 984bdf95d2..14b704afe3 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/monitor-application-usage-with-applocker.md
@@ -3,7 +3,7 @@ title: Monitor app usage with AppLocker
 description: This article for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/19/2023
+ms.date: 09/11/2024
 ---
 
 # Monitor app usage with AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
index 63277272b1..f160bda367 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md
@@ -3,7 +3,7 @@ title: Optimize AppLocker performance
 description: This article for IT professionals describes how to optimize AppLocker policy enforcement.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Optimize AppLocker performance
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index d084a76681..7085567383 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -3,7 +3,7 @@ title: Packaged apps and packaged app installer rules in AppLocker
 description: This article explains the AppLocker rule collection for packaged app installers and packaged apps.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Packaged apps and packaged app installer rules in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md
index d82b85d412..51f30ea841 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/plan-for-applocker-policy-management.md
@@ -3,7 +3,7 @@ title: Plan for AppLocker policy management
 description: This article describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Plan for AppLocker policy management
@@ -58,7 +58,7 @@ AppLocker event log is located in the following path: **Applications and Service
 2. **MSI and Script**. Contains events for all files affected by the Windows Installer and script rule collections (.msi, .msp, .ps1, .bat, .cmd, .vbs, and .js).
 3. **Packaged app-Deployment** or **Packaged app-Execution**, contains events for all Universal Windows apps affected by the packaged app and packed app installer rule collection (.appx).
 
-Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. 
+Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems.
 
 ### Policy maintenance
 
@@ -101,7 +101,7 @@ Before editing the rule collection, first determine what rule is preventing the
 
 To complete this AppLocker planning document, you should first complete the following steps:
 
-1. [Determine your application control objectives](determine-your-application-control-objectives.md)
+1. [Determine your application control objectives](../appcontrol-and-applocker-overview.md)
 2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md)
 3. [Select the types of rules to create](select-types-of-rules-to-create.md)
 4. [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md
index 4dcd7f89ab..5d2df1f250 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/refresh-an-applocker-policy.md
@@ -3,7 +3,7 @@ title: Refresh an AppLocker policy
 description: This article for IT professionals describes the steps to force an update for an AppLocker policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Refresh an AppLocker policy
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
index eb55e89166..2caf917483 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md
@@ -3,7 +3,7 @@ title: Requirements for deploying AppLocker policies
 description: This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Requirements for deploying AppLocker policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
index 3d5dcd1008..7bb94f1197 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md
@@ -3,7 +3,7 @@ title: Requirements to use AppLocker
 description: This article for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Requirements to use AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
similarity index 86%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
index f8756d82ac..e4481ab2c7 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/rule-collection-extensions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md
@@ -6,7 +6,7 @@ ms.collection:
 - must-keep
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 06/07/2024
+ms.date: 09/11/2024
 ---
 
 # AppLocker rule collection extensions
@@ -29,7 +29,7 @@ This article describes the rule collection extensions added in Windows 10 and la
 
 ## Services enforcement
 
-By default, AppLocker policy only applies to code running in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to nonuser processes, including services running as SYSTEM. You must enable services enforcement when using AppLocker with Windows Defender Application Control's (WDAC) [managed installer](/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer) feature.
+By default, AppLocker policy only applies to code running in a user's context. On Windows 10, Windows 11, and Windows Server 2016 or later, you can apply AppLocker policy to nonuser processes, including services running as SYSTEM. You must enable services enforcement when using AppLocker with App Control for Business's [managed installer](../design/configure-authorized-apps-deployed-with-a-managed-installer.md) feature.
 
 To apply AppLocker policy to nonuser processes, set ``<Services EnforcementMode="Enabled"/>`` in the ``<ThresholdExtensions>`` section as shown in the preceding XML fragment.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md
index d4d62202c4..3108458c0f 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/run-the-automatically-generate-rules-wizard.md
@@ -3,7 +3,7 @@ title: Run the Automatically Generate Rules wizard
 description: This article for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Run the Automatically Generate Rules wizard
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
index 0343d4d644..bc342eba8b 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md
@@ -3,7 +3,7 @@ title: Script rules in AppLocker
 description: This article describes the file formats and available default rules for the script rule collection.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Script rules in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
index 0422c26a4d..6a11796ca7 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md
@@ -3,7 +3,7 @@ title: Security considerations for AppLocker
 description: This article for the IT professional describes the security considerations you need to address when implementing AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Security considerations for AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
index 6c5dde6cc8..8000ce41d4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md
@@ -3,7 +3,7 @@ title: Select the types of rules to create
 description: This article lists resources you can use when selecting your application control policy rules by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Select the types of rules to create
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index 180145ef77..c7042db13e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -3,7 +3,7 @@ title: Test an AppLocker policy by using Test-AppLockerPolicy
 description: This article for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Test an AppLocker policy by using Test-AppLockerPolicy
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md
index e47477a31a..00e03f5081 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/test-and-update-an-applocker-policy.md
@@ -3,7 +3,7 @@ title: Test and update an AppLocker policy
 description: This article discusses the steps required to test an AppLocker policy prior to deployment.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Test and update an AppLocker policy
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
index 38354ddb98..5b1ed0083d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md
@@ -3,7 +3,7 @@ title: Tools to use with AppLocker
 description: This article for the IT professional describes the tools available to create and administer AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Tools to use with AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md
index 898b41da58..3cc00fdf6e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-policy-design-decisions.md
@@ -3,7 +3,7 @@ title: Understand AppLocker policy design decisions
 description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Understand AppLocker policy design decisions
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
similarity index 93%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index e2740a5bf6..89f62e0cb9 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -3,14 +3,14 @@ title: Understand AppLocker rules and enforcement setting inheritance in Group P
 description: This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Understand AppLocker rules and enforcement setting inheritance in Group Policy
 
 This article for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
 
-Rule enforcement is applied only to collections of rules, not individual rules. For more info on rule collections, see [AppLocker rule collections](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#rule-collections).
+Rule enforcement is applied only to collections of rules, not individual rules. For more info on rule collections, see [AppLocker rule collections](working-with-applocker-rules.md#rule-collections).
 
 Group Policy merges AppLocker policy in two ways:
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md
index 3340e10f44..43e63220e5 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understand-the-applocker-policy-deployment-process.md
@@ -3,7 +3,7 @@ title: Understand the AppLocker policy deployment process
 description: This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Understand the AppLocker policy deployment process
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index bd84599f4e..86c795601f 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker allow and deny actions on rules
 description: This article explains the differences between allow and deny actions on AppLocker rules.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker allow and deny actions on rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md
similarity index 95%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md
index b70374af0f..67b52608e3 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker default rules
 description: This article for IT professional describes the set of rules that can be used to ensure that required Windows system files continue to run when the policy is applied.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker default rules
@@ -29,9 +29,9 @@ These permissions settings are applied to this folder for app compatibility. How
 | --- | --- |
 | [Executable rules in AppLocker](executable-rules-in-applocker.md) | This article describes the file formats and available default rules for the executable rule collection. |
 | [Windows Installer rules in AppLocker](windows-installer-rules-in-applocker.md) | This article describes the file formats and available default rules for the Windows Installer rule collection.|
-| [Script rules in AppLocker](script-rules-in-applocker.md) | This article describes the file formats and available default rules for the script rule collection.| 
-| [DLL rules in AppLocker](dll-rules-in-applocker.md) | This article describes the file formats and available default rules for the DLL rule collection.| 
-| [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) | This article explains the AppLocker rule collection for packaged app installers and packaged apps.| 
+| [Script rules in AppLocker](script-rules-in-applocker.md) | This article describes the file formats and available default rules for the script rule collection.|
+| [DLL rules in AppLocker](dll-rules-in-applocker.md) | This article describes the file formats and available default rules for the DLL rule collection.|
+| [Packaged apps and packaged app installer rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md) | This article explains the AppLocker rule collection for packaged app installers and packaged apps.|
 
 ## Related articles
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md
index e97d2e0962..0d9b08e51c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-behavior.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker rule behavior
 description: This article describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker rule behavior
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md
index bd418d4ce7..8ee9ed92d5 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-collections.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker rule collections
 description: This article explains the five different types of AppLocker rule collections used to enforce AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker rule collections
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
index 2c4967a466..1bbbc6329c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker rule condition types
 description: This article for the IT professional describes the three types of AppLocker rule conditions.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker rule condition types
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md
similarity index 94%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md
index 2df99102d0..b95fadae6e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-exceptions.md
@@ -3,7 +3,7 @@ title: Understanding AppLocker rule exceptions
 description: This article describes the result of applying AppLocker rule exceptions to rule collections.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding AppLocker rule exceptions
@@ -14,8 +14,8 @@ This article describes the result of applying AppLocker rule exceptions to rule
 
 You can apply AppLocker rules to individual users or a group of users. If you apply a rule to a group of users, the rule affects all users in that group. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset.
 
-For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but doesn't allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception for the rule).  
-The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks.  
+For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but doesn't allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception for the rule).
+The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks.
 To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor" and add %WINDIR%\regedit.exe as an allowed path. If you create a deny rule that blocks Registry Editor for all users, the deny rule overrides the second rule that allows the Helpdesk user group to run Registry Editor.
 
 ## Related articles
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 9937009a5e..b9460ff54a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -3,7 +3,7 @@ title: Understanding the file hash rule condition in AppLocker
 description: This article explains how to use the AppLocker file hash rule condition and its advantages and disadvantages.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding the file hash rule condition in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md
index 2d1d4b9cae..4175eba0ef 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -3,7 +3,7 @@ title: Understanding the path rule condition in AppLocker
 description: This article explains how to apply the AppLocker path rule condition and its advantages and disadvantages.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding the path rule condition in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 171ef6e3f1..be3c3767d4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -3,7 +3,7 @@ title: Understanding the publisher rule condition in AppLocker
 description: This article explains how to apply the AppLocker publisher rule condition and what controls are available.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # Understanding the publisher rule condition in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index 47b1b1388d..8bc76ea93a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -3,7 +3,7 @@ title: Use a reference device to create and maintain AppLocker policies
 description: This article for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/22/2023
+ms.date: 09/11/2024
 ---
 
 # Use a reference device to create and maintain AppLocker policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 0678fb60b9..574c33a03b 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -3,7 +3,7 @@ title: Use the AppLocker Windows PowerShell cmdlets
 description: This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 01/03/2024
+ms.date: 09/11/2024
 ---
 
 # Use the AppLocker Windows PowerShell cmdlets
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
index 19b2256345..65fa1be015 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md
@@ -3,7 +3,7 @@ title: Using Event Viewer with AppLocker
 description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 <!-- NOTE to reviewers. This article might fail Acrolinx checks because the Events documented are poorly worded... -->
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md
similarity index 86%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md
index 256c416dbf..9fa362969d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/what-is-applocker.md
@@ -3,14 +3,14 @@ title: What Is AppLocker
 description: This article for the IT professional describes what AppLocker is.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/23/2023
+ms.date: 09/11/2024
 ---
 
 # What Is AppLocker?
 
 This article for the IT professional describes what AppLocker is.
 
-Windows includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker. For information to help you choose when to use WDAC or AppLocker, see [WDAC and AppLocker overview](/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview).
+Windows includes two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: App Control for Business and AppLocker. For information to help you choose when to use App Control or AppLocker, see [App Control and AppLocker overview](../appcontrol-and-applocker-overview.md).
 
 AppLocker helps you create rules to allow or deny apps from running based on information about the apps' files. You can also use AppLocker to control which users or groups can run those apps.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
index e64e6e97ff..cfc1ce02c6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md
@@ -3,7 +3,7 @@ title: Windows Installer rules in AppLocker
 description: This article describes the file formats and available default rules for the Windows Installer rule collection.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/24/2023
+ms.date: 09/11/2024
 ---
 
 # Windows Installer rules in AppLocker
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
index 189d8f1654..2a7f5153ec 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md
@@ -3,7 +3,7 @@ title: Working with AppLocker policies
 description: This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ---
 
 # Working with AppLocker policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
index e06ef57ede..c827358a61 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md
@@ -3,7 +3,7 @@ title: Working with AppLocker rules
 description: This article for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
 ms.localizationpriority: medium
 msauthor: jsuther
-ms.date: 12/21/2023
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md
new file mode 100644
index 0000000000..4ee7ef2757
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md
@@ -0,0 +1,55 @@
+---
+title: Deploying App Control for Business policies
+description: Learn how to plan and implement an App Control deployment.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: overview
+---
+
+# Deploying App Control for Business policies
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+You should now have one or more App Control for Business policies ready to deploy. If you haven't yet completed the steps described in the [App Control Design Guide](../design/appcontrol-design-guide.md), do so now before proceeding.
+
+## Convert your App Control policy XML to binary
+
+Before you deploy your App Control policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $AppControlPolicyXMLFile variable to point to your App Control policy XML file.
+
+```powershell
+## Update the path to your App Control policy XML
+$AppControlPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyAppControlPolicy.xml"
+[xml]$AppControlPolicy = Get-Content -Path $AppControlPolicyXMLFile
+if (($AppControlPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022)
+{
+    $PolicyID = $AppControlPolicy.SiPolicy.PolicyID
+    $PolicyBinary = $PolicyID+".cip"
+}
+else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC)
+{
+    $PolicyBinary = "SiPolicy.p7b"
+}
+
+## Binary file will be written to your desktop
+ConvertFrom-CIPolicy -XmlFilePath $AppControlPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary
+```
+
+## Plan your deployment
+
+As with any significant change to your environment, implementing App Control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with App Control and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next.
+
+All App Control for Business policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor App Control-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints.
+
+## Choose how to deploy App Control policies
+
+> [!IMPORTANT]
+> Due to a known issue, you should always activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-appcontrol-policies-with-script.md) in this case.
+>
+> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
+
+There are several options to deploy App Control for Business policies to managed endpoints, including:
+
+- [Deploy using a Mobile Device Management (MDM) solution](deploy-appcontrol-policies-using-intune.md), such as Microsoft Intune
+- [Deploy using Microsoft Configuration Manager](deploy-appcontrol-policies-with-memcm.md)
+- [Deploy via script](deploy-appcontrol-policies-with-script.md)
+- [Deploy via group policy](deploy-appcontrol-policies-using-group-policy.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md
new file mode 100644
index 0000000000..6f8919e77d
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/audit-appcontrol-policies.md
@@ -0,0 +1,60 @@
+---
+title: Use audit events to create App Control policy rules
+description: Audits allow admins to discover apps, binaries, and scripts that should be added to the App Control policy.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# Use audit events to create App Control policy rules
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+Running App Control in audit mode lets you discover applications, binaries, and scripts that are missing from your App Control policy but should be included.
+
+While an App Control policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new App Control policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed.
+
+## Overview of the process to create App Control policy to allow apps using audit events
+
+> [!Note]
+> You must have already deployed an App Control audit mode policy to use this process. If you have not already done so, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
+
+To familiarize yourself with creating App Control rules from audit events, follow these steps on a device with an App Control audit mode policy.
+
+1. Install and run an application not allowed by the App Control policy but that you want to allow.
+
+2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding App Control events](../operations/event-id-explanations.md).
+
+   **Figure 1. Exceptions to the deployed App Control policy**<br>
+   :::image type="content" alt-text="Event showing exception to App Control policy." source="../images/dg-fig23-exceptionstocode.png":::
+
+3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create an App Control policy for fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
+
+   ```powershell
+   $PolicyName= "Lamna_FullyManagedClients_Audit"
+   $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
+   $EventsPolicy=$env:userprofile+"\Desktop\EventsPolicy.xml"
+   $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt"
+   ```
+
+4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new App Control policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**.
+
+   ```powershell
+   New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
+   ```
+
+   > [!NOTE]
+   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about App Control rule levels, see [Understand App Control policy rules and file rules](../design/select-types-of-rules-to-create.md).
+
+5. Find and review the App Control policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the App Control Policy Wizard tool (see [Editing existing base and supplemental App Control policies with the Wizard](../design/appcontrol-wizard-editing-policy.md)).
+
+6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that App Control couldn't create a rule for at either the specified rule level or fallback rule level.
+
+   > [!NOTE]
+   > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the App Control policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**.
+
+7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy.
+
+    For information on merging policies, refer to [Merge App Control for Business policies](merge-appcontrol-policies.md) and for information on supplemental policies see [Use multiple App Control for Business Policies](../design/deploy-multiple-appcontrol-policies.md).
+
+8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md
similarity index 77%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md
index 7c3eabc52d..773daf6a82 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/create-code-signing-cert-for-appcontrol.md
@@ -1,22 +1,21 @@
 ---
-title: Create a code signing cert for Windows Defender Application Control
-description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally.
+title: Create a code signing cert for App Control for Business
+description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or App Control policies internally.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/01/2022
+ms.date: 09/11/2024
 ---
 
-# Optional: Create a code signing cert for Windows Defender Application Control  
+# Optional: Create a code signing cert for App Control for Business
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md).
+As you deploy App Control for Business, you might need to sign catalog files or App Control policies internally. To do this signing, you'll either need to use [Microsoft's Trusted Signing service](/azure/trusted-signing/), a publicly issued code signing certificate or an internal CA. If you've purchased a code signing certificate, you can skip this article, and instead follow other articles listed in the [App Control for Business Deployment Guide](appcontrol-deployment-guide.md).
 
 If you have an internal CA, complete these steps to create a code signing certificate.
 
 > [!WARNING]
-> When creating signing certificates for WDAC policy signing, Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
+> When creating signing certificates for App Control policy signing, Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
 > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
@@ -34,7 +33,7 @@ If you have an internal CA, complete these steps to create a code signing certif
 
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** from the **Certification Authority** list, and then select **Windows 8 / Windows Server 2012** from the **Certificate recipient** list.
 
-5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **WDAC Catalog Signing Certificate**.
+5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **App Control Catalog Signing Certificate**.
 
 6. On the **Request Handling** tab, select the **Allow private key to be exported** check box.
 
@@ -64,7 +63,7 @@ When this certificate template has been created, you must publish it to the CA p
 
     A list of available templates to issue appears, including the template you created.
 
-2. Select the WDAC Catalog signing certificate, and then select **OK**.
+2. Select the App Control Catalog signing certificate, and then select **OK**.
 
 Now that the template is available to be issued, you must request one from the computer running Windows 10 or Windows 11 on which you create and sign catalog files. To begin, open the MMC, and then complete the following steps:
 
@@ -76,7 +75,7 @@ Now that the template is available to be issued, you must request one from the c
 
 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4.
 
-    ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png)
+    :::image type="content" alt-text="Request Certificates: more information required." source="../images/dg-fig31-getmoreinfo.png":::
 
     Figure 4. Get more information for your code signing certificate
 
@@ -95,6 +94,6 @@ This certificate must be installed in the user's personal store on the computer
 
 3. Choose the default settings, and then select **Export all extended properties**.
 
-4. Set a password, select an export path, and then select **WDACCatSigningCert.pfx** as the file name.
+4. Set a password, select an export path, and then select **AppControlCatSigningCert.pfx** as the file name.
 
 When the certificate has been exported, import it into the personal store for the user who will be signing the catalog files or code integrity policies on the specific computer that will be signing them.
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md
new file mode 100644
index 0000000000..5efe8cdcdb
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-group-policy.md
@@ -0,0 +1,58 @@
+---
+title: Deploy App Control policies via Group Policy
+description: App Control for Business policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# Deploy App Control for Business policies by using Group Policy
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+> [!IMPORTANT]
+> Due to a known issue, you should always activate new **signed** App Control Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed App Control Base policies [via script](deploy-appcontrol-policies-with-script.md#deploying-signed-policies) and activate the policy with a system restart.
+>
+> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
+
+Single-policy format App Control for Business policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy.
+
+> [!IMPORTANT]
+> Group Policy-based deployment of App Control for Business policies only supports single-policy format App Control policies. To use App Control on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment.
+
+You should now have an App Control policy converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
+
+The following procedure walks you through how to deploy an App Control policy called **SiPolicy.p7b** to a test OU called *App Control Enabled PCs* by using a GPO called **Contoso GPO Test**.
+
+To deploy and manage an App Control for Business policy with Group Policy:
+
+1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC**
+
+2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**.
+
+   > [!NOTE]
+   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies (or keeping them separate), as discussed in [Plan for App Control for Business lifecycle policy management](../design/plan-appcontrol-management.md).
+
+   :::image type="content" alt-text="Group Policy Management, create a GPO." source="../images/dg-fig24-creategpo.png":::
+
+3. Name the new GPO. You can choose any name.
+
+4. Open the Group Policy Management Editor: right-click the new GPO, and then select **Edit**.
+
+5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy App Control for Business** and then select **Edit**.
+
+    ![Edit the Group Policy for App Control for Business.](../images/appcontrol-edit-gp.png)
+
+6. In the **Deploy App Control for Business** dialog box, select the **Enabled** option, and then specify the App Control policy deployment path.
+
+    In this policy setting, you specify either the local path where the policy will exist on each client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, the path to SiPolicy.p7b using the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md) would be %USERPROFILE%\Desktop\SiPolicy.p7b.
+
+    > [!NOTE]
+    > This policy file does not need to be copied to every computer. You can instead copy the App Control policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers.
+
+    :::image type="content" alt-text="Group Policy called Deploy App Control for Business." source="../images/dg-fig26-enablecode.png":::
+
+    > [!NOTE]
+    > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different App Control policies to different sets of devices, you may want to give each of your App Control policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository.
+
+7. Close the Group Policy Management Editor, and then restart the Windows test computer. Restarting the computer updates the App Control policy.
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md
new file mode 100644
index 0000000000..472b039866
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-using-intune.md
@@ -0,0 +1,89 @@
+---
+title: Deploy App Control policies using Mobile Device Management (MDM)
+description: You can use an MDM like Microsoft Intune to configure App Control for Business. Learn how with this step-by-step guide.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# Deploy App Control policies using Mobile Device Management (MDM)
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure App Control for Business on client machines. Intune includes native support for App Control, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for App Control policy deployment steps.
+
+> [!IMPORTANT]
+> Due to a known issue, you should always activate new **signed** App Control Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed App Control Base policies [via script](deploy-appcontrol-policies-with-script.md) and activate the policy with a system restart.
+>
+> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
+
+## Use Intune's built-in policies
+
+Intune's built-in App Control for Business support allows you to configure Windows client computers to only run:
+
+- Windows components
+- Third-party hardware and software kernel drivers
+- Microsoft Store-signed apps
+- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG)
+
+> [!NOTE]
+> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. Use the [improved Intune App Control experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to create and deploy multiple-policy format files. Or, you can use Intune's custom OMA-URI feature to deploy your own multiple-policy format App Control policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic.
+
+> [!NOTE]
+> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP always requests a device restart when it applies App Control policies. Use the [improved Intune App Control experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to deploy your own App Control policies without a restart. Or, you can use Intune's custom OMA-URI feature with the ApplicationControl CSP.
+
+To use Intune's built-in App Control policies, configure [Endpoint Protection for Windows 10 (and later)](/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json).
+
+## Deploy App Control policies with custom OMA-URI
+
+> [!NOTE]
+> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create App Control for Business policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-appcontrol-policies.md) which allow more granular policy.
+
+You should now have one or more App Control policies converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
+
+### Deploy custom App Control policies on Windows 10 1903+
+
+Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies.
+
+> [!NOTE]
+> You must convert your custom policy XML to binary form before deploying with OMA-URI.
+
+The steps to use Intune's custom OMA-URI functionality are:
+
+1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
+
+2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
+    - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy`
+    - **Data type**: Base64 (file)
+    - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf.
+
+    :::image type="content" alt-text="Configure custom App Control." source="../images/appcontrol-intune-custom-oma-uri.png" lightbox="../images/appcontrol-intune-custom-oma-uri.png":::
+
+> [!NOTE]
+> For the _Policy GUID_ value, do not include the curly brackets.
+
+### Remove App Control policies on Windows 10 1903+
+
+Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable App Control for Business enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example  policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This deletion will prevent anything from being blocked and fully remove the App Control policy on the next reboot.
+
+### For pre-1903 systems
+
+#### Deploying policies
+
+The steps to use Intune's Custom OMA-URI functionality to apply the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) and deploy a custom App Control policy to pre-1903 systems are:
+
+1. Convert the policy XML to binary format using the [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet in order to be deployed. The binary policy may be signed or unsigned.
+
+2. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
+
+3. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
+    - **OMA-URI**: `./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy`
+    - **Data type**: Base64 (file)
+    - **Certificate file**: upload your binary format policy file
+
+   > [!NOTE]
+   > Deploying policies via the AppLocker CSP will force a reboot during OOBE.
+
+#### Removing policies
+
+Policies deployed through Intune via the AppLocker CSP can't be deleted through the Intune console. In order to disable App Control for Business policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy.
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md
new file mode 100644
index 0000000000..5baec955a9
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-memcm.md
@@ -0,0 +1,81 @@
+---
+title: Deploy App Control for Business policies with Configuration Manager
+description: You can use Microsoft Configuration Manager to configure App Control for Business. Learn how with this step-by-step guide.
+ms.date: 09/11/2024
+ms.topic: how-to
+ms.localizationpriority: medium
+---
+
+# Deploy App Control policies by using Microsoft Configuration Manager
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+You can use Microsoft Configuration Manager to configure App Control for Business on client machines.
+
+## Use Configuration Manager's built-in policies
+
+Configuration Manager includes native support for App Control, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
+
+- Windows components
+- Microsoft Store apps
+- Apps installed by Configuration Manager (Configuration Manager self-configured as a managed installer)
+- (Optional) Reputable apps as defined by the Intelligent Security Graph (ISG)
+- (Optional) Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints.
+
+Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable App Control for Business altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
+
+### Create an App Control Policy in Configuration Manager
+
+1. Select **Asset and Compliance** > **Endpoint Protection** > **App Control for Business** > **Create Application Control Policy**
+
+   :::image type="content" alt-text="Create an App Control policy in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-policy.jpg":::
+
+2. Enter the name of the policy > **Next**
+3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes**
+4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only)
+5. Select **Next**
+
+   :::image type="content" alt-text="Create an enforced App Control policy in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-policy-2.jpg":::
+
+6. Select **Add** to begin creating rules for trusted software
+
+   :::image type="content" alt-text="Create an App Control path rule in Configuration Manager." source="../images/memcm/memcm-create-appcontrol-rule.jpg":::
+
+7. Select **File** or **Folder** to create a path rule > **Browse**
+
+   :::image type="content" alt-text="Select a file or folder to create a path rule." source="../images/memcm/memcm-create-appcontrol-rule-2.jpg":::
+
+8. Select the executable or folder for your path rule > **OK**
+
+   :::image type="content" alt-text="Select the executable file or folder." source="../images/memcm/memcm-create-appcontrol-rule-3.jpg":::
+
+9. Select **OK** to add the rule to the table of trusted files or folder
+10. Select **Next** to navigate to the summary page > **Close**
+
+    :::image type="content" alt-text="Confirm the App Control path rule in Configuration Manager." source="../images/memcm/memcm-confirm-appcontrol-rule.jpg":::
+
+### Deploy the App Control policy in Configuration Manager
+
+1. Right-click the newly created policy > **Deploy Application Control Policy**
+
+   :::image type="content" alt-text="Deploy App Control via Configuration Manager." source="../images/memcm/memcm-deploy-appcontrol.jpg":::
+
+2. Select **Browse**
+
+   :::image type="content" alt-text="Select Browse." source="../images/memcm/memcm-deploy-appcontrol-2.jpg":::
+
+3. Select the Device Collection you created earlier > **OK**
+
+   :::image type="content" alt-text="Select the device collection." source="../images/memcm/memcm-deploy-appcontrol-3.jpg":::
+
+4. Change the schedule > **OK**
+
+   :::image type="content" alt-text="Change the App Control deployment schedule." source="../images/memcm/memcm-deploy-appcontrol-4.jpg":::
+
+For more information on using Configuration Manager's native App Control policies, see [App Control for Business management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
+
+Download the entire [App Control in Configuration Manager lab paper](https://download.microsoft.com/download/c/f/d/cfd6227c-8ec4-442d-8c50-825550d412f6/WDAC-Deploy-WDAC-using-MEMCM.pdf).
+
+## Deploy custom App Control policies using Packages/Programs or Task Sequences
+
+Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom App Control policies using [script-based deployment](deploy-appcontrol-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md
new file mode 100644
index 0000000000..369252b993
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-appcontrol-policies-with-script.md
@@ -0,0 +1,104 @@
+---
+title: Deploy App Control for Business policies using script
+description: Use scripts to deploy App Control for Business policies. Learn how with this step-by-step guide.
+ms.manager: jsuther
+ms.date: 09/11/2024
+ms.topic: how-to
+ms.localizationpriority: medium
+---
+
+# Deploy App Control policies using script
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This article describes how to deploy App Control for Business policies using script. The following instructions use PowerShell but can work with any scripting host.
+
+You should now have one or more App Control policies converted into binary form. If not, follow the steps described in [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
+
+> [!IMPORTANT]
+> Due to a known issue, you should always activate new **signed** App Control Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
+>
+> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
+
+## Deploying policies for Windows 11 22H2 and above
+
+You can use the inbox [CiTool](../operations/citool-commands.md) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **&lt;Path to policy binary file to deploy&gt;** in the following example with the actual path to your App Control policy binary file.
+
+```powershell
+# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
+$PolicyBinary = "<Path to policy binary file to deploy>"
+CiTool --update-policy $PolicyBinary [-json]
+```
+
+## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above
+
+To use this procedure, download and distribute the [App Control policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your App Control policies allow the App Control policy refresh tool or use a managed installer to distribute the tool.
+
+1. Initialize the variables to be used by the script.
+
+    ```powershell
+    # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
+    $PolicyBinary = "<Path to policy binary file to deploy>"
+    $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\"
+    $RefreshPolicyTool = "<Path where RefreshPolicy.exe can be found from managed endpoints>"
+    ```
+
+2. Copy App Control for Business policy binary to the destination folder.
+
+   ```powershell
+   Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force
+   ```
+
+3. Repeat steps 1-2 as appropriate to deploy more App Control policies.
+4. Run RefreshPolicy.exe to activate and refresh all App Control policies on the managed endpoint.
+
+   ```powershell
+   & $RefreshPolicyTool
+   ```
+
+## Deploying policies for all other versions of Windows and Windows Server
+
+Use WMI to apply policies on all other versions of Windows and Windows Server.
+
+1. Initialize the variables to be used by the script.
+
+    ```powershell
+    # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903
+    $PolicyBinary = "<Path to policy binary file to deploy>"
+    $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b"
+    ```
+
+2. Copy App Control for Business policy binary to the destination.
+
+   ```powershell
+   Copy-Item  -Path $PolicyBinary -Destination $DestinationBinary -Force
+   ```
+
+3. Refresh and activate App Control policy using WMI
+
+   ```powershell
+   Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
+   ```
+
+## Deploying signed policies
+
+If you're using [signed App Control policies](use-signed-policies-to-protect-appcontrol-against-tampering.md), the policies must be deployed into your device's EFI partition in addition to the locations outlined in the earlier sections. Unsigned App Control policies don't need to be present in the EFI partition.
+
+1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt:
+
+    ```powershell
+   $MountPoint = 'C:\EFIMount'
+   $EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active"
+   $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
+   if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
+   mountvol $MountPoint $EFIPartition
+   if (-Not (Test-Path $EFIDestinationFolder)) { New-Item -Path $EFIDestinationFolder -Type Directory -Force }
+    ```
+
+2. Copy the signed policy to the created folder:
+
+    ```powershell
+   Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
+    ```
+
+3. Restart the system.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md
similarity index 89%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md
index 2265945d4e..ff49b5a9fe 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/deploy-catalog-files-to-support-appcontrol.md
@@ -1,21 +1,20 @@
 ---
-title: Deploy catalog files to support Windows Defender Application Control
-description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy.
+title: Deploy catalog files to support App Control for Business
+description: Catalog files simplify running unsigned applications in the presence of an App Control for Business policy.
 ms.localizationpriority: medium
 ms.topic: how-to
-ms.date: 11/30/2022
+ms.date: 09/11/2024
 ---
 
-# Deploy catalog files to support Windows Defender Application Control
+# Deploy catalog files to support App Control for Business
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-*Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging.
+*Catalog files* can be important in your deployment of App Control for Business if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your App Control-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging.
 
 You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism.
 
-Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned.
+Finally, add a signer rule to your App Control policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build an App Control policy that blocks all unsigned code, because most malware is unsigned.
 
 ## Create catalog files using Package Inspector
 
@@ -34,7 +33,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag
     $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip"
     ```
 
-    Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md).
+    Then apply the policy as described in [Deploy App Control for Business policies with script](deploy-appcontrol-policies-with-script.md).
 
 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C:
 
@@ -92,15 +91,15 @@ For the code signing certificate that you use to sign the catalog file, import i
 1. Initialize the variables to use. Replace the `$ExamplePath` and `$CatFileName` variables as needed:
 
    ```powershell
-    $ExamplePath=$env:userprofile+"\Desktop"
-    $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"
-    ```
+   $ExamplePath=$env:userprofile+"\Desktop"
+   $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"
+   ```
 
 2. Sign the catalog file with Signtool.exe:
 
    ```powershell
-    <path to signtool.exe> sign /n "ContosoSigningCert" /fd sha256 /v $CatFileName
-    ```
+   <path to signtool.exe> sign /n "ContosoSigningCert" /fd sha256 /v $CatFileName
+   ```
 
    > [!NOTE]
    > The `<Path to signtool.exe>` variable should be the full path to the Signtool.exe utility. `ContosoSigningCert` represents the subject name of the certificate that you use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file.
@@ -109,7 +108,7 @@ For the code signing certificate that you use to sign the catalog file, import i
 
 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1.
 
-   ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png)
+   :::image type="content" alt-text="Digital Signature list in file Properties." source="../images/dg-fig12-verifysigning.png":::
 
    Figure 1. Verify that the signing certificate exists.
 
@@ -123,16 +122,16 @@ For testing purposes, you can manually copy signed catalog files to this folder.
 
 To simplify the management of catalog files, you can use group policy preferences to deploy catalog files to the appropriate computers in your organization.
 
-The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called **WDAC Enabled PCs** with a GPO called **Contoso Catalog File GPO Test**.
+The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called **App Control Enabled PCs** with a GPO called **Contoso Catalog File GPO Test**.
 
 1. From either a domain controller or a client computer that has Remote Server Administration Tools installed, open the Group Policy Management Console by running **GPMC.MSC** or by searching for Group Policy Management.
 
-2. Create a new GPO: right-click an OU, for example, the **WDAC Enabled PCs OU**, and then select **Create a GPO in this domain, and Link it here**, as shown in Figure 2.
+2. Create a new GPO: right-click an OU, for example, the **App Control Enabled PCs OU**, and then select **Create a GPO in this domain, and Link it here**, as shown in Figure 2.
 
    > [!NOTE]
-   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies.
+   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining App Control policies.
 
-   ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png)
+   :::image type="content" alt-text="Group Policy Management, create a GPO." source="../images/dg-fig13-createnewgpo.png":::
 
    Figure 2. Create a new GPO.
 
@@ -142,7 +141,7 @@ The following process walks you through the deployment of a signed catalog file
 
 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3.
 
-   ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png)
+   :::image type="content" alt-text="Group Policy Management Editor, New File." source="../images/dg-fig14-createnewfile.png":::
 
    Figure 3. Create a new file.
 
@@ -299,9 +298,9 @@ At the time of the next software inventory cycle, when the targeted clients rece
 > [!NOTE]
 > If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan.
 
-## Allow apps signed by your catalog signing certificate in your WDAC policy
+## Allow apps signed by your catalog signing certificate in your App Control policy
 
-Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md).
+Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created an App Control policy, see the [App Control for Business design guide](../design/appcontrol-design-guide.md).
 
 On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample:
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md
similarity index 50%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md
index 2685a6db1d..c2434abfb4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/disable-appcontrol-policies.md
@@ -1,24 +1,23 @@
 ---
-title: Remove Windows Defender Application Control policies
-description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
+title: Remove App Control for Business policies
+description: Learn how to disable both signed and unsigned App Control for Business policies, within Windows and within the BIOS.
 ms.localizationpriority: medium
-ms.date: 11/04/2022
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Remove Windows Defender Application Control (WDAC) policies
+# Remove App Control for Business policies
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-## Removing WDAC policies
+## Removing App Control policies
 
-There may come a time when you want to remove one or more WDAC policies, or remove all WDAC policies you've deployed. This article describes the various ways to remove WDAC policies.
+There may come a time when you want to remove one or more App Control policies, or remove all App Control policies you've deployed. This article describes the various ways to remove App Control policies.
 
 > [!IMPORTANT]
-> **Signed WDAC policy**
+> **Signed App Control policy**
 >
-> If the policy you are trying to remove is a signed WDAC policy, you must first deploy a signed replacement policy that includes option **6 Enabled:Unsigned System Integrity Policy**.
+> If the policy you are trying to remove is a signed App Control policy, you must first deploy a signed replacement policy that includes option **6 Enabled:Unsigned System Integrity Policy**.
 >
 > The replacement policy must have the same PolicyId as the one it's replacing and a version that's equal to or greater than the existing policy. The replacement policy must also include \<UpdatePolicySigners\>.
 >
@@ -33,66 +32,48 @@ To make a policy effectively inactive before removing it, you can first replace
 1. Replace the policy rules with "Allow *" rules;
 2. Set option **3 Enabled:Audit Mode** to change the policy to audit mode only;
 3. Set option **11 Disabled:Script Enforcement**;
-4. Allow all COM objects. See [Allow COM object registration in a WDAC policy](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy#examples);
+4. Allow all COM objects. See [Allow COM object registration in an App Control policy](../design/allow-com-object-registration-in-appcontrol-policy.md#examples);
 5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only.
 
 > [!IMPORTANT]
-> After you remove a policy, restart the computer for it to take effect. You can't remove WDAC policies without restarting the device.
+> After you remove a policy, restart the computer for it to take effect. You can't remove App Control policies without restarting the device.
 
-### Remove WDAC policies using CiTool.exe
+### Remove App Control policies using CiTool.exe
 
-Beginning with the Windows 11 2022 Update, you can remove WDAC policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the WDAC policy you want to remove:
+Beginning with the Windows 11 2022 Update, you can remove App Control policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the App Control policy you want to remove:
 
 ```powershell
-    CiTool.exe -rp "{PolicyId GUID}" -json
+CiTool.exe -rp "{PolicyId GUID}" -json
 ```
 
 Then restart the computer.
 
-### Remove WDAC policies using MDM solutions like Intune
+### Remove App Control policies using MDM solutions like Intune
 
-You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove WDAC policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
-
-<!-- Waiting for information from Intune team on specific steps...
-
-The steps to use Intune's custom OMA-URI functionality to remove a WDAC policy are:
-
-1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
-
-2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
-    - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_PolicyId GUID_/Policy`
-    - **Data type**: Base64 (file)
-    - **Certificate file**: upload your binary format policy file. You don't need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf.
-
-    > [!div class="mx-imgBorder"]
-    > ![Configure custom WDAC.](../images/wdac-intune-custom-oma-uri.png)
-
-> [!NOTE]
-> For the _Policy GUID_ value, do not include the curly brackets.
--->
+You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove App Control policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
 
 Consult your MDM solution provider for specific information on using the ApplicationControl CSP.
 
 Then restart the computer.
 
-### Remove WDAC policies using script
+### Remove App Control policies using script
 
-To remove WDAC policies using script, your script must delete the policy file(s) from the computer. For **multiple policy format (1903+) WDAC policies**, look for the policy files in the following locations. Be sure to replace the *PolicyId GUID* with the actual PolicyId of the WDAC policy you want to remove.
+To remove App Control policies using script, your script must delete the policy file(s) from the computer. For **multiple policy format (1903+) App Control policies**, look for the policy files in the following locations. Be sure to replace the *PolicyId GUID* with the actual PolicyId of the App Control policy you want to remove.
 
 - &lt;EFI System Partition&gt;\\Microsoft\\Boot\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
 - &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
 
-For **single policy format WDAC policies**, in addition to the two locations above, also look for a file called SiPolicy.p7b that may be found in the following locations:
+For **single policy format App Control policies**, in addition to the two locations above, also look for a file called SiPolicy.p7b that may be found in the following locations:
 
 - &lt;EFI System Partition&gt;\\Microsoft\\Boot\\SiPolicy.p7b
 - &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\SiPolicy.p7b
 
 Then restart the computer.
 
-#### Sample script to delete a single WDAC policy
+#### Sample script to delete a single App Control policy
 
 ```powershell
-# Set PolicyId GUID to the PolicyId from your WDAC policy XML
+# Set PolicyId GUID to the PolicyId from your App Control policy XML
 $PolicyId = "{PolicyId GUID}"
 
 # Initialize variables
@@ -138,17 +119,17 @@ mountvol $MountPoint /D
 ```
 
 > [!NOTE]
-> You must run the script as administrator to remove WDAC policies on your computer.
+> You must run the script as administrator to remove App Control policies on your computer.
 
-## Remove WDAC policies causing boot stop failures
+## Remove App Control policies causing boot stop failures
 
-A WDAC policy that blocks boot critical drivers can cause a boot stop failure (BSOD) to occur, though this can be mitigated by setting option **10 Enabled:Boot Audit On Failure** in your policies. Additionally, signed WDAC policies protect the policy from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies even for administrators. Tampering with or removing a signed WDAC policy will cause a BSOD to occur.
+An App Control policy that blocks boot critical drivers can cause a boot stop failure (BSOD) to occur, though this can be mitigated by setting option **10 Enabled:Boot Audit On Failure** in your policies. Additionally, signed App Control policies protect the policy from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed App Control policies are intentionally more difficult to remove than unsigned policies even for administrators. Tampering with or removing a signed App Control policy will cause a BSOD to occur.
 
 To remove a policy that is causing boot stop failures:
 
-1. If the policy is a **signed** WDAC policy, turn off Secure Boot from your [UEFI BIOS menu](/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode). For help with locating where to turn off Secure Boot within your BIOS menu, consult with your original equipment manufacturer (OEM).
-2. Access the Advanced Boot Options menu on your computer and choose the option to **Disable Driver Signature Enforcement**. For instructions on accessing the Advanced Boot Options menu during startup, consult with your OEM. This option will suspend all code integrity checks, including WDAC, for a single boot session.
-3. Start Windows normally and sign in. Then, [remove WDAC policies using script](#remove-wdac-policies-using-script).
+1. If the policy is a **signed** App Control policy, turn off Secure Boot from your [UEFI BIOS menu](/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode). For help with locating where to turn off Secure Boot within your BIOS menu, consult with your original equipment manufacturer (OEM).
+2. Access the Advanced Boot Options menu on your computer and choose the option to **Disable Driver Signature Enforcement**. For instructions on accessing the Advanced Boot Options menu during startup, consult with your OEM. This option will suspend all code integrity checks, including App Control, for a single boot session.
+3. Start Windows normally and sign in. Then, [remove App Control policies using script](#remove-app-control-policies-using-script).
 4. If you turned off Secure Boot in step 1 above and your drive is protected by BitLocker, [suspend BitLocker protection](/troubleshoot/windows-client/windows-security/suspend-bitlocker-protection-non-microsoft-updates) then turn on Secure Boot from your UEFI BIOS menu.
 5. Restart the computer.
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md
similarity index 60%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md
index 07bc66c51a..41a77beb33 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/enforce-appcontrol-policies.md
@@ -1,29 +1,28 @@
 ---
-title: Enforce Windows Defender Application Control (WDAC) policies
-description: Learn how to switch a WDAC policy from audit to enforced mode.
+title: Enforce App Control for Business policies
+description: Learn how to switch an App Control policy from audit to enforced mode.
 ms.manager: jsuther
-ms.date: 04/22/2021
+ms.date: 09/11/2024
 ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
-# Enforce Windows Defender Application Control (WDAC) policies
+# Enforce App Control for Business policies
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode.
+You should now have one or more App Control for Business policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your App Control policies in enforcement mode.
 
 > [!NOTE]
-> Some of the steps described in this article only apply to Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features. Evaluate the impact for any features that may be unavailable on your clients running earlier versions of Windows 10 and Windows Server. You may need to adapt this guidance to meet your specific organization's needs.
+> Some of the steps described in this article only apply to Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features. Evaluate the impact for any features that may be unavailable on your clients running earlier versions of Windows 10 and Windows Server. You may need to adapt this guidance to meet your specific organization's needs.
 
-## Convert WDAC **base** policy from audit to enforced
+## Convert App Control **base** policy from audit to enforced
 
-As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As described in [common App Control for Business deployment scenarios](../design/common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
 
-**Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout.
+**Alice Pena** is the IT team lead responsible for Lamna's App Control rollout.
 
-Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode.
+Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-appcontrol-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create App Control policy rules](audit-appcontrol-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode.
 
 1. Initialize the variables that will be used and create the enforced policy by copying the audit version.
 
@@ -34,14 +33,14 @@ Alice previously created and deployed a policy for the organization's [fully man
    cp $AuditPolicyXML $EnforcedPolicyXML
    ```
 
-2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new policy a unique ID, and descriptive name. Changing the ID and name lets you deploy the enforced policy side by side with the audit policy. Do this step if you plan to harden your WDAC policy over time. If you prefer to replace the audit policy in-place, you can skip this step.
+2. Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to give the new policy a unique ID, and descriptive name. Changing the ID and name lets you deploy the enforced policy side by side with the audit policy. Do this step if you plan to harden your App Control policy over time. If you prefer to replace the audit policy in-place, you can skip this step.
 
    ```powershell
    $EnforcedPolicyID = Set-CIPolicyIdInfo -FilePath $EnforcedPolicyXML -PolicyName $EnforcedPolicyName -ResetPolicyID
    $EnforcedPolicyID = $EnforcedPolicyID.Substring(11)
    ```
 
-3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 ("Advanced Boot Options Menu") and 10 ("Boot Audit on Failure"). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
+3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 ("Advanced Boot Options Menu") and 10 ("Boot Audit on Failure"). Option 9 allows users to disable App Control enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
 
    ```powershell
    Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9
@@ -54,7 +53,7 @@ Alice previously created and deployed a policy for the organization's [fully man
    Set-RuleOption -FilePath $EnforcedPolicyXML -Option 3 -Delete
    ```
 
-5. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary:
+5. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new App Control policy to binary:
 
    > [!NOTE]
    > If you did not use -ResetPolicyID in Step 2 above, then you must replace $EnforcedPolicyID in the following command with the *PolicyID* attribute found in your base policy XML.
@@ -86,7 +85,7 @@ Since the enforced policy was given a unique PolicyID in the previous procedure,
    > [!NOTE]
    > If Set-CIPolicyIdInfo does not output the new PolicyID value on your Windows 10 version, you will need to obtain the *PolicyId* value from the XML directly.
 
-3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new Windows Defender Application Control supplemental policy to binary:
+3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the new App Control for Business supplemental policy to binary:
 
    ```powershell
    $EnforcedSuppPolicyBinary = $env:USERPROFILE+"\Desktop\"+$SupplementalPolicyName+"_"+$SupplementalPolicyID+".xml"
@@ -96,4 +95,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure,
 
 ## Deploy your enforced policy and supplemental policies
 
-Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md).
+Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md
similarity index 57%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md
index d1b96ca2d6..e17a4dfdd6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/merge-appcontrol-policies.md
@@ -1,25 +1,24 @@
 ---
-title: Merge Windows Defender Application Control policies (WDAC)
-description: Learn how to merge WDAC policies as part of your policy lifecycle management.
+title: Merge App Control for Business policies (App Control)
+description: Learn how to merge App Control policies as part of your policy lifecycle management.
 ms.manager: jsuther
-ms.date: 04/22/2021
+ms.date: 09/11/2024
 ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
-# Merge Windows Defender Application Control (WDAC) policies
+# Merge App Control for Business policies
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases.
+This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. App Control for Business deployments often include a few base policies and optional supplemental policies for specific use cases.
 
 > [!NOTE]
-> Prior to Windows version 1903, including Windows Server 2019 and earlier, only one Windows Defender Application Control policy can be active on a system at a time. If you need to use WDAC on systems running these earlier versions of Windows, you must merge all policies before deploying.
+> Prior to Windows version 1903, including Windows Server 2019 and earlier, only one App Control for Business policy can be active on a system at a time. If you need to use App Control on systems running these earlier versions of Windows, you must merge all policies before deploying.
 
-## Merge multiple WDAC policy XML files together
+## Merge multiple App Control policy XML files together
 
-There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session.
+There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create App Control for Business policy rules](audit-appcontrol-policies.md), you can merge those rules with your existing App Control base policy. To merge the two App Control policies referenced in that article, complete the following steps in an elevated Windows PowerShell session.
 
 1. Initialize the variables that will be used:
 
@@ -30,7 +29,7 @@ There are many scenarios where you may want to merge two or more policy files to
    $MergedPolicy=$env:userprofile+"\Desktop\"+$PolicyName+"_Merged.xml"
    ```
 
-2. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge two policies and create a new Windows Defender Application Control policy:
+2. Use [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) to merge two policies and create a new App Control for Business policy:
 
    ```powershell
    Merge-CIPolicy -PolicyPaths $LamnaPolicy,$EventsPolicy -OutputFilePath $MergedPolicy
@@ -39,16 +38,16 @@ There are many scenarios where you may want to merge two or more policy files to
    > [!NOTE]
    > You can merge additional policies with the Merge-CIPolicy step above by adding them to the -PolicyPaths parameter separated by commas. The new policy file specified by -OutputFilePath will have the Policy information from the first policy in the list. For example, in the above example, the $MergedPolicy will inherit the policy type, ID, name, and version information from $LamnaPolicy. To change any of those values, use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) and [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion).
 
-## Merge WDAC rules directly into a policy XML
+## Merge App Control rules directly into a policy XML
 
-Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps:
+Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing App Control policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the App Control Wizard and the App Control RefreshPolicy.exe tool, follow these steps:
 
-1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app.
+1. Install the [App Control Wizard](../design/appcontrol-wizard.md) packaged MSIX app.
 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe.
-3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard:
+3. From a PowerShell session, run the following commands to create packaged app allow rules for the App Control Wizard:
 
    ```powershell
-   $PackageInfo = Get-AppxPackage -Name Microsoft.WDAC.WDACWizard
+   $PackageInfo = Get-AppxPackage -Name Microsoft.App Control.WDACWizard
    $Rules = New-CIPolicyRule -Package $PackageInfo
    ```
 
@@ -68,16 +67,16 @@ Besides merging multiple policy XML files, you can also merge rules created with
 
 Now that you have your new, merged policy, you can convert and deploy the policy binary to your managed endpoints.
 
-1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
+1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the App Control policy to a binary format:
 
    ```powershell
-   $WDACPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin"
-   ConvertFrom-CIPolicy -XMLFilePath $MergedPolicy -BinaryFilePath $WDACPolicyBin
+   $AppControlPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin"
+   ConvertFrom-CIPolicy -XMLFilePath $MergedPolicy -BinaryFilePath $AppControlPolicyBin
    ```
 
    > [!NOTE]
    > In the sample commands above, for policies targeting Windows 10 version 1903+ or Windows 11, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file. For Windows 10 versions prior to 1903, use the name SiPolicy.p7b for the binary file name.
 
-2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
+2. Upload your merged policy XML and the associated binary to the source control solution you are using for your App Control for Business policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
 
-3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md)
+3. Deploy the merged policy using your preferred deployment solution. See [Deploying App Control for Business policies](appcontrol-deployment-guide.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
similarity index 51%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
index 7e9e07b044..69735b11bd 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md
@@ -1,19 +1,18 @@
 ---
-title: Use code signing for added control and protection with WDAC
-description: Code signing can be used to better control Win32 app authorization and add protection for your Windows Defender Application Control (WDAC) policies.
+title: Use code signing for added control and protection with App Control
+description: Code signing can be used to better control Win32 app authorization and add protection for your App Control for Business policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 11/29/2022
+ms.date: 09/11/2024
 ---
 
-# Use code signing for added control and protection with Windows Defender Application Control
+# Use code signing for added control and protection with App Control for Business
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 ## What is code signing and why is it important?
 
-Code signing provides some important benefits to application security features like Windows Defender Application Control (WDAC). First, it allows the system to cryptographically verify that a file hasn't been tampered with since it was signed and before any code is allowed to run. Second, it associates the file with a real-world identity, such as a company or an individual developer. This identity can make your policy trust decisions easier and allows for real-world consequences when code signing is abused or used maliciously. Although Windows doesn't require software developers to digitally sign their code, most major independent software vendors (ISV) do use code signing for much of their code. And metadata that a developer includes in a file's resource header (.RSRC), such as OriginalFileName or ProductName, can be combined with the file's signing certificate to limit the scope of trust decisions. For example, instead of allowing everything signed by Microsoft, you can choose to allow only files signed by Microsoft where ProductName is "Microsoft Teams". Then use other rules to authorize any other files that need to run.
+Code signing provides some important benefits to application security features like App Control for Business. First, it allows the system to cryptographically verify that a file hasn't been tampered with since it was signed and before any code is allowed to run. Second, it associates the file with a real-world identity, such as a company or an individual developer. This identity can make your policy trust decisions easier and allows for real-world consequences when code signing is abused or used maliciously. Although Windows doesn't require software developers to digitally sign their code, most major independent software vendors (ISV) do use code signing for much of their code. And metadata that a developer includes in a file's resource header (.RSRC), such as OriginalFileName or ProductName, can be combined with the file's signing certificate to limit the scope of trust decisions. For example, instead of allowing everything signed by Microsoft, you can choose to allow only files signed by Microsoft where ProductName is "Microsoft Teams". Then use other rules to authorize any other files that need to run.
 
 Wherever possible, you should require all app binaries and scripts are code signed as part of your app acceptance criteria. And, you should ensure that internal line-of-business (LOB) app developers have access to code signing certificates controlled by your organization.
 
@@ -26,13 +25,13 @@ You can use catalog files to easily add a signature to an existing application w
 > [!NOTE]
 > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge.
 
-To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md).
+To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support App Control for Business](deploy-catalog-files-to-support-appcontrol.md).
 
-## Signed WDAC policies
+## Signed App Control policies
 
-While a WDAC policy begins as an XML document, it's then converted into a binary-encoded file before deployment. This binary version of your policy can be code signed like any other application binary, offering many of the same benefits as described above for signed code. Additionally, signed policies are treated specially by WDAC and help protect against tampering or removal of a policy even by an admin user.
+While an App Control policy begins as an XML document, it's then converted into a binary-encoded file before deployment. This binary version of your policy can be code signed like any other application binary, offering many of the same benefits as described above for signed code. Additionally, signed policies are treated specially by App Control and help protect against tampering or removal of a policy even by an admin user.
 
-For more information on using signed policies, see [Use signed policies to protect Windows Defender Application Control against tampering](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering)
+For more information on using signed policies, see [Use signed policies to protect App Control for Business against tampering](use-signed-policies-to-protect-appcontrol-against-tampering.md)
 
 ## Obtain code signing certificates for your own use
 
@@ -40,4 +39,4 @@ Some ways to obtain code signing certificates for your own use, include:
 
 - Use Microsoft's [Trusted Signing service](/azure/trusted-signing/).
 - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list).
-- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md).
\ No newline at end of file
+- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for App Control for Business](create-code-signing-cert-for-appcontrol.md).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
similarity index 69%
rename from windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md
rename to windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
index a7f4170ab2..6aa667b28a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md
+++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
@@ -1,17 +1,16 @@
 ---
-title: Use signed policies to protect Windows Defender Application Control against tampering
-description: Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows 10 and Windows 11.
+title: Use signed policies to protect App Control for Business against tampering
+description: Signed App Control for Business policies give organizations the highest level of malware protection available in Windows 10 and Windows 11.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 11/04/2022
+ms.date: 09/11/2024
 ---
 
-# Use signed policies to protect Windows Defender Application Control against tampering
+# Use signed policies to protect App Control for Business against tampering
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies.
+Signed App Control for Business policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed App Control policies. SecureBoot must be enabled in order to provide this protection for signed App Control policies.
 
 If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use).
 
@@ -22,12 +21,12 @@ If you don't currently have a code signing certificate you can use to sign your
 > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
 > - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256.
 
-Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](../design/select-types-of-rules-to-create.md).
+Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [App Control for Business policy rules](../design/select-types-of-rules-to-create.md).
 
 > [!NOTE]
 > When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a `<SupplementalPolicySigner>` rule to the Base policy.
 
-## Prepare your WDAC policy for signing
+## Prepare your App Control policy for signing
 
 1. Open an elevated Windows PowerShell session and initialize the variables to use:
 
@@ -38,7 +37,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
    ```
 
    > [!NOTE]
-   > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information.
+   > This example uses an enforced version of the App Control policy that you created in [Create an App Control for Business policy from a reference computer](../design/create-appcontrol-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information.
 
 2. Navigate to your desktop as the working directory:
 
@@ -46,7 +45,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
     cd $PolicyPath
     ```
 
-3. If your WDAC policy doesn't already include an `<UpdatePolicySigner>` rule for your policy signing certificate, you must add it. At least one `<UpdatePolicySigner>` rule must exist to convert your policy XML with [ConvertFrom-CiPolicy](/powershell/module/configci/convertfrom-cipolicy).
+3. If your App Control policy doesn't already include an `<UpdatePolicySigner>` rule for your policy signing certificate, you must add it. At least one `<UpdatePolicySigner>` rule must exist to convert your policy XML with [ConvertFrom-CiPolicy](/powershell/module/configci/convertfrom-cipolicy).
 
     Use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an `<UpdatePolicySigner>` rule from your certificate file (.cer). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.
 
@@ -58,7 +57,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
     ```
 
     > [!IMPORTANT]
-    > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures).
+    > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove App Control for Business policies causing boot stop failures](disable-appcontrol-policies.md#remove-app-control-policies-causing-boot-stop-failures).
 
 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
 
@@ -86,11 +85,11 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
 
 ### Policy signing with signtool.exe
 
-If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files:
+If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your App Control policy files:
 
-1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md).
+1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for App Control for Business](create-code-signing-cert-for-appcontrol.md).
 
-2. Sign the WDAC policy by using SignTool.exe:
+2. Sign the App Control policy by using SignTool.exe:
 
    ```powershell
    <Path to signtool.exe> sign -v -n "ContosoSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin
@@ -99,7 +98,7 @@ If you purchased a code signing certificate or issued one from your own PKI, you
    > [!NOTE]
    > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoSigningCert** is the subject name of the certificate that will be used to sign the policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
 
-When complete, the commands should output a signed policy file with a `.p7` extension. You must rename the file to `{GUID}.cip` where "{GUID}" is the &lt;PolicyId&gt; from your original WDAC policy XML.
+When complete, the commands should output a signed policy file with a `.p7` extension. You must rename the file to `{GUID}.cip` where "{GUID}" is the &lt;PolicyId&gt; from your original App Control policy XML.
 
 ## Verify and deploy the signed policy
 
@@ -117,9 +116,9 @@ $SignedCryptoMsgSyntax.Decode([System.IO.File]::ReadAllBytes($CIPolicyBin))
 $SignedCryptoMsgSyntax.Certificates | Format-List -Property *
 ```
 
-Thoroughly test the signed policy on a representative set of computers before proceeding with deployment. Be sure to reboot the test computers at least twice after applying the signed WDAC policy to ensure you don't encounter a boot failure.
+Thoroughly test the signed policy on a representative set of computers before proceeding with deployment. Be sure to reboot the test computers at least twice after applying the signed App Control policy to ensure you don't encounter a boot failure.
 
-Once you've verified the signed policy, deploy it using your preferred deployment method. For more information about deploying policies, see [Deploying Windows Defender Application Control policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
+Once you've verified the signed policy, deploy it using your preferred deployment method. For more information about deploying policies, see [Deploying App Control for Business policies](appcontrol-deployment-guide.md).
 
 > [!NOTE]
 > Anti-tampering protection for signed policies takes effect after the first reboot once the signed policy is applied to a computer. This protection only applies to computers with UEFI Secure Boot enabled.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md
similarity index 85%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md
index fc9395851d..7968a8fb46 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/allow-com-object-registration-in-appcontrol-policy.md
@@ -1,21 +1,20 @@
 ---
-title: Allow COM object registration in a WDAC policy
-description: You can allow COM object registration in a Windows Defender Application Control policy.
+title: Allow COM object registration in an App Control policy
+description: You can allow COM object registration in an App Control for Business policy.
 ms.localizationpriority: medium
-ms.date: 04/05/2023
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Allow COM object registration in a Windows Defender Application Control policy
+# Allow COM object registration in an App Control for Business policy
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
 
-## COM object configurability in WDAC policy
+## COM object configurability in App Control policy
 
-Windows Defender Application Control (WDAC) enforces a built-in allowlist for COM object registration. While this list works for most common application usage scenarios, you may need to allow more COM objects to support the apps used in your organization. You can specify allowed COM objects via their GUID in your WDAC policy as described in this article.
+App Control for Business enforces a built-in allowlist for COM object registration. While this list works for most common application usage scenarios, you may need to allow more COM objects to support the apps used in your organization. You can specify allowed COM objects via their GUID in your App Control policy as described in this article.
 
 > [!NOTE]
 > To add this functionality to other versions of Windows 10, you can install the following or later updates.
@@ -46,7 +45,7 @@ One attribute:
 
 ### Multiple policy considerations
 
-Similar to executable files, COM objects must pass all enforced WDAC policies on the system to run. For example, if the COM object under evaluation passes most but not all of your WDAC policies, the COM object is blocked. If you're using a combination of base and supplemental policies, the COM object just needs to be allowlisted in either the base policy or one of the supplemental policies.
+Similar to executable files, COM objects must pass all enforced App Control policies on the system to run. For example, if the COM object under evaluation passes most but not all of your App Control policies, the COM object is blocked. If you're using a combination of base and supplemental policies, the COM object just needs to be allowlisted in either the base policy or one of the supplemental policies.
 
 ### Examples
 
@@ -126,10 +125,10 @@ To add this CLSID to the existing policy, follow these steps:
 
 1. Open PowerShell ISE with Administrative privileges.
 
-2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `WDAC_policy.xml`.
+2. Copy and edit this command, then run it from the admin PowerShell ISE. Consider the policy name to be `AppControl_policy.xml`.
 
     ```PowerShell
-    PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\WDAC_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
+    PS C:\WINDOWS\system32> Set-CIPolicySetting -FilePath <path to policy xml>\AppControl_policy.xml -Key "{f8d253d9-89a4-4daa-87b6-1168369f0b21}" -Provider WSH -Value true -ValueName EnterpriseDefinedClsId -ValueType Boolean
     ```
 
     Once the command has run, find the following section added to the policy XML.
@@ -145,7 +144,7 @@ To add this CLSID to the existing policy, follow these steps:
 
 ### Default COM Object allowlist
 
-The table that follows describes the list of COM objects that are inherently trusted in Windows Defender Application Control. Objects in this list don't need to be allowlisted in your WDAC policies. They can be denied by creating explicit deny rules in your WDAC policy.
+The table that follows describes the list of COM objects that are inherently trusted in App Control for Business. Objects in this list don't need to be allowlisted in your App Control policies. They can be denied by creating explicit deny rules in your App Control policy.
 
 | File Name | CLSID |
 |--------|-----------|
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md
new file mode 100644
index 0000000000..6e31a5e523
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md
@@ -0,0 +1,47 @@
+---
+title: App Control for Business and .NET
+description: Understand how App Control and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# App Control for Business and .NET
+
+.NET apps (as written in a high-level language like C#) are compiled to an Intermediate Language (IL). IL is a compact code format that can be supported on any operating system or architecture. Most .NET apps use APIs that are supported in multiple environments, requiring only the .NET runtime to run. IL needs to be compiled to native code in order to execute on a CPU, for example Arm64 or x64. When .NET compiles IL to native image (NI) on a device with an App Control user mode policy, it first checks whether the original IL file passes the current App Control policies. If so, .NET sets an NTFS extended attribute (EA) on the generated NI file so that App Control knows to trust it as well. When the .NET app runs, App Control sees the EA on the NI file and allows it.
+
+The EA set on the NI file only applies to the currently active App Control policies. If one of the active App Control policies is updated or a new policy is applied, the EA on the NI file is invalidated. The next time the app runs, App Control will block the NI file. .NET handles the block gracefully and falls back to the original IL code. If the IL still passes the latest App Control policies, then the app runs without any functional impact. Since the IL is now being compiled at runtime, you might notice a slight impact to performance of the app. When .NET must fall back to IL, .NET will also schedule a process to run at the next maintenance window to regenerate all NI files, thus reestablishing the App Control EA for all code that passes the latest App Control policies.
+
+In some cases, if an NI file is blocked, you might see a "false positive" block event in the *CodeIntegrity - Operational* event log as described in [App Control Admin Tips & Known Issues](../operations/known-issues.md#net-native-images-may-generate-false-positive-block-events).
+
+To mitigate any performance impact caused when the App Control EA isn't valid or missing:
+
+- Avoid updating the App Control policies often.
+- Run `ngen update` (on all machine architectures) to force .NET to regenerate all NI files immediately after applying changes to your App Control policies.
+- Migrate applications to .NET Core (.NET 6 or greater).
+
+## App Control and .NET hardening
+
+Security researchers found that some .NET capabilities that allow apps to load libraries from external sources or generate new code at runtime can be used to circumvent App Control controls.
+To address this potential vulnerability, App Control includes an option called *Dynamic Code Security* that works with .NET to verify code loaded at runtime.
+
+When the Dynamic Code Security option is enabled, the App Control policy is applied to libraries that .NET loads from external sources. For example, any remote sources, such as the internet or a network share.
+
+> [!IMPORTANT]
+> .Net dynamic code security hardening is *turned on and enforced* if any App Control policy with UMCI enabled has set option **19 Enabled:Dynamic Code Security**. There is no audit mode for this feature. You should test your apps with this option set before turning it on across large numbers of devices.
+
+Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that was tampered with.
+
+Dynamic Code Security isn't enabled by default because existing policies might not account for externally loaded libraries.
+Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, aren't currently supported with Dynamic Code Security enabled.
+Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy.
+
+Additionally, customers can precompile for deployment only to prevent an allowed executable from being terminated because it tries to load unsigned dynamically generated code. See the "Precompiling for Deployment Only" section in the [ASP.NET Precompilation Overview](/previous-versions/aspnet/bb398860(v=vs.100)) document for how to fix that.
+
+To enable Dynamic Code Security, add the following option to the `<Rules>` section of your App Control policy:
+
+```xml
+<Rule>
+    <Option>Enabled:Dynamic Code Security</Option>
+</Rule>
+```
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md
new file mode 100644
index 0000000000..73bbde562c
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md
@@ -0,0 +1,36 @@
+---
+title: App Control for Business design guide
+description: Microsoft App Control for Business allows organizations to control what apps and drivers will run on their managed Windows devices.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 09/11/2024
+---
+
+# App Control for Business design guide
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This guide covers design and planning for App Control for Business. It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific App Control requirements for different departments or business groups within an organization.
+
+## Plan for success
+
+A common refrain you may hear about App Control is that it is "too hard." While it's true that App Control isn't as simple as flipping a switch, organizations can be successful, if they're methodical when carefully planning their approach. In reality, the issues that lead to failure with App Control often arise from business issues rather than technology challenges. Organizations that have successfully deployed App Control have ensured the following before starting their planning:
+
+-   Executive sponsorship and organizational buy-in is in place.
+-   There's a clear **business** objective for using App Control, and it's not being planned as a purely technical problem from IT.
+-   The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps.
+-   The organization has considered where App Control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations).
+
+Once these business factors are in place, you're ready to begin planning your App Control for Business deployment. The following topics can help guide you through your planning process.
+
+## In this section
+
+| Topic | Description |
+| - | - |
+| [Plan for App Control policy management](plan-appcontrol-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining App Control policies. |
+| [Understand App Control policy design decisions](understand-appcontrol-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of App Control policies. |
+| [Understand App Control policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your policy rules by using App Control. |
+| [Policy creation for common App Control usage scenarios](common-appcontrol-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying App Control in your organization. |
+| [Policy creation using the App Control Wizard tool](appcontrol-wizard.md) | This set of topics describes how to use the App Control Wizard desktop app to easily create, edit, and merge App Control policies. |
+
+After planning is complete, the next step is to deploy App Control. The [App Control for Business Deployment Guide](../deployment/appcontrol-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
similarity index 68%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
index 38dd2726e4..5de28ef21c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md
@@ -1,35 +1,34 @@
 ---
-title: Windows Defender Application Control Wizard Base Policy Creation
-description: Creating new base application control policies with the Microsoft Windows Defender Application (WDAC) Wizard.
+title: App Control for Business Wizard Base Policy Creation
+description: Creating new base App Control policies with the App Control Wizard.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 06/07/2023
+ms.date: 09/11/2024
 ---
 
 # Creating a new Base Policy with the Wizard
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules.
+When creating policies for use with App Control for Business, it's recommended to start with a template policy, and then add or remove rules to suit your App Control scenario. For this reason, the App Control Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about App Control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a new App Control policy from a template, configure the policy options, and the signer and file rules.
 
 ## Template Base Policies
 
-Each of the template policies has a unique set of policy allowlist rules that affect the circle-of-trust and security model of the policy. The following table lists the policies in increasing order of trust and freedom. For instance, the Default Windows mode policy trusts fewer application publishers and signers than the Signed and Reputable mode policy. The Default Windows policy has a smaller circle-of-trust with better security than the Signed and Reputable policy, but at the expense of compatibility.  
+Each of the template policies has a unique set of policy allowlist rules that affect the circle-of-trust and security model of the policy. The following table lists the policies in increasing order of trust and freedom. For instance, the Default Windows mode policy trusts fewer application publishers and signers than the Signed and Reputable mode policy. The Default Windows policy has a smaller circle-of-trust with better security than the Signed and Reputable policy, but at the expense of compatibility.
 
 | Template Base Policy | Description |
 |---------------------------------|-------------------------------------------------------------------|
 | **Default Windows Mode**      | Default Windows mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li></ul>|
 | **Allow Microsoft Mode**      | Allow mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>*All Microsoft-signed software*</li></ul>|
-| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>All Microsoft-signed software</li><li>*Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-wdac-with-intelligent-security-graph.md)*</li></ul>|
+| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>All Microsoft-signed software</li><li>*Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-appcontrol-with-intelligent-security-graph.md)*</li></ul>|
 
 *Italicized content denotes the changes in the current policy with respect to the policy prior.*
 
-More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md).
+More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example App Control for Business base policies article](example-appcontrol-base-policies.md).
 
-![Selecting a base template for the policy.](../images/wdac-wizard-template-selection.png)
+![Selecting a base template for the policy.](../images/appcontrol-wizard-template-selection.png)
 
-Once the base template is selected, give the policy a name and choose where to save the application control policy on disk.
+Once the base template is selected, give the policy a name and choose where to save the App Control policy on disk.
 
 ## Configuring Policy Rules
 
@@ -37,23 +36,23 @@ Upon page launch, policy rules are automatically enabled/disabled depending on t
 
 ### Policy Rules Description
 
-The following table has a description of each policy rule, beginning with the left-most column. The [Policy rules article](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules) provides a fuller description of each policy rule.
+The following table has a description of each policy rule, beginning with the left-most column. The [Policy rules article](select-types-of-rules-to-create.md#app-control-for-business-policy-rules) provides a fuller description of each policy rule.
 
 | Rule option | Description |
 |------------ | ----------- |
-| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. |
+| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all App Control for Business policies. Setting this rule option allows the F8 menu to appear to physically present users. |
 | **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
 | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. |
 |**[Hypervisor-protected code integrity (HVCI)](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
 | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
 | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
 | **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows-compatible driver must be WHQL certified. |
-| **Update Policy without Rebooting** | Use this option to allow future Windows Defender Application Control policy updates to apply without requiring a system reboot. |
+| **Update Policy without Rebooting** | Use this option to allow future App Control for Business policy updates to apply without requiring a system reboot. |
 | **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
-| **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
+| **User Mode Code Integrity** | App Control for Business policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
 
 > [!div class="mx-imgBorder"]
-> ![Rule options UI for Windows Allowed mode policy.](../images/wdac-wizard-rule-options-UI-advanced-collapsed.png)
+> ![Rule options UI for Windows Allowed mode policy.](../images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png)
 
 ### Advanced Policy Rules Description
 
@@ -61,34 +60,34 @@ Selecting the **+ Advanced Options** label shows another column of policy rules,
 
 | Rule option | Description |
 |------------ | ----------- |
-| **Boot Audit on Failure** | Used when the Windows Defender Application Control (WDAC) policy is in enforcement mode. When a driver fails during startup, the WDAC policy is placed in audit mode so that Windows loads. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
-| **Disable Flight Signing** | If enabled, WDAC policies block flightroot-signed binaries. This option would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
+| **Boot Audit on Failure** | Used when the App Control for Business policy is in enforcement mode. When a driver fails during startup, the App Control policy is placed in audit mode so that Windows loads. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
+| **Disable Flight Signing** | If enabled, App Control policies block flightroot-signed binaries. This option would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
 | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. |
 | **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
-| **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files authorized by the ISG.|
+| **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, App Control sets an extended file attribute that indicates that the file was authorized to run. This option causes App Control to periodically revalidate the reputation for files authorized by the ISG.|
 | **Require EV Signers** | This option isn't currently supported. |
 
-![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-rule-options-UI.png)
+![Rule options UI for Windows Allowed mode.](../images/appcontrol-wizard-rule-options-UI.png)
 
 > [!NOTE]
-> We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked-instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default.
+> We recommend that you **enable Audit Mode** initially because it allows you to test new App Control for Business policies before you enforce them. With audit mode, no application is blocked-instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default.
 
 ## Creating custom file rules
 
-[File rules](select-types-of-rules-to-create.md#windows-defender-application-control-file-rule-levels) in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules:
+[File rules](select-types-of-rules-to-create.md#app-control-for-business-file-rule-levels) in an App Control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the App Control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules:
 
 ### Publisher Rules
 
-The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
+The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding App Control for Business rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
 
-| Rule Condition | WDAC Rule Level | Description |
+| Rule Condition | App Control Rule Level | Description |
 |------------ | ----------- | ----------- |
 | **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate is affected. |
 | **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver corp, is affected. |
 | **File version** | SignedVersion | This rule is a combination of PCACertificate, publisher, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
 | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
 
-![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png)
+![Custom filepublisher file rule creation.](../images/appcontrol-wizard-custom-publisher-rule.png)
 
 ### Filepath Rules
 
@@ -106,16 +105,16 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c
 | **Internal name** | Specifies the internal name of the binary. |
 
 > [!div class="mx-imgBorder"]
-> ![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png)
+> ![Custom file attributes rule.](../images/appcontrol-wizard-custom-file-attribute-rule.png)
 
 ### File Hash Rules
 
 Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product version's hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard uses file hash as the fallback in case a file rule can't be created using the specified file rule level.
 
 #### Deleting Signing Rules
-  
+
 The policy signing rules list table on the left of the page documents the allow and deny rules in the template, and any custom rules you create. Template signing rules and custom rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. You're then prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table.
 
 ## Up next
 
-- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
+- [Editing an App Control for Business policy using the Wizard](appcontrol-wizard-editing-policy.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
similarity index 68%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
index 2d1d9a8c91..3cd72d3fcd 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md
@@ -1,33 +1,32 @@
 ---
-title: Windows Defender Application Control Wizard Supplemental Policy Creation
-description: Creating supplemental application control policies with the WDAC Wizard.
+title: App Control for Business Wizard Supplemental Policy Creation
+description: Creating supplemental App Control policies with the App Control Wizard.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 06/07/2023
+ms.date: 09/11/2024
 ---
 
 # Creating a new Supplemental Policy with the Wizard
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run.
+Beginning in Windows 10 version 1903, App Control for Business supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [App Control base policy](appcontrol-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run.
 
-Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules.
+Prerequisite information about App Control can be accessed through the [App Control design guide](appcontrol-design-guide.md). This page outlines the steps to create a supplemental App Control policy, configure the policy options, and the signer and file rules.
 
 ## Expanding a Base Policy
 
-Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard verifies if the base policy allows supplementals and shows the following confirmation.
+Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The App Control Wizard verifies if the base policy allows supplementals and shows the following confirmation.
 
-![Base policy allows supplemental policies.](../images/wdac-wizard-supplemental-expandable.png)
+![Base policy allows supplemental policies.](../images/appcontrol-wizard-supplemental-expandable.png)
 
-If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed.  
+If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed.
 
-![Wizard confirms modification of base policy.](../images/wdac-wizard-confirm-base-policy-modification.png)
+:::image type="content" alt-text="Wizard confirms modification of base policy." source="../images/appcontrol-wizard-confirm-base-policy-modification.png":::
 
-Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-wdac-policies.md).
+Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-appcontrol-policies.md).
 
-![Wizard detects a bad base policy.](../images/wdac-wizard-supplemental-not-base.png)
+:::image type="content" alt-text="Wizard detects a bad base policy." source="../images/appcontrol-wizard-supplemental-not-base.png":::
 
 ## Configuring Policy Rules
 
@@ -45,24 +44,24 @@ Supplemental policies can only configure three policy rules. The following table
 | **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
 | **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. |
 
-![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-supplemental-policy-rule-options-UI.png)
+:::image type="content" alt-text="Rule options UI for Windows Allowed mode." source="../images/appcontrol-wizard-supplemental-policy-rule-options-UI.png":::
 
 ## Creating custom file rules
 
-File rules in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules:
+File rules in an App Control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the App Control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules:
 
 ### Publisher Rules
 
-The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
+The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding App Control for Business rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
 
-| Rule Condition | WDAC Rule Level | Description |
+| Rule Condition | App Control Rule Level | Description |
 |------------ | ----------- | ----------- |
 | **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate is affected. |
 | **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver publisher, is affected. |
 | **File version** | SignedVersion | This rule is a combination of the PCACertificate and Publisher rule, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
 | **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
 
-![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png)
+![Custom filepublisher file rule creation.](../images/appcontrol-wizard-custom-publisher-rule.png)
 
 ### Filepath Rules
 
@@ -79,16 +78,16 @@ The Wizard supports the creation of [file name rules](select-types-of-rules-to-c
 | **Product name** | Specifies the name of the product with which the binary ships. |
 | **Internal name** | Specifies the internal name of the binary. |
 
-![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png)
+:::image type="content" alt-text="Custom file attributes rule." source="../images/appcontrol-wizard-custom-file-attribute-rule.png":::
 
 ### File Hash Rules
 
 Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product versions' hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard uses file hash as the fallback in case a file rule can't be created using the specified file rule level.
 
 #### Deleting Signing Rules
-  
+
 The table on the left of the page documents the allow and deny rules in the template, and any custom rules you create. Rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. You're again prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table.
 
 ## Up next
 
-- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
+- [Editing an App Control for Business policy using the Wizard](appcontrol-wizard-editing-policy.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md
new file mode 100644
index 0000000000..8818dc5ae7
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md
@@ -0,0 +1,56 @@
+---
+title: Editing App Control for Business Policies with the Wizard
+description: Editing existing base and supplemental policies with the Microsoft App Control Wizard.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 09/11/2024
+---
+
+# Editing existing base and supplemental App Control policies with the Wizard
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+The App Control for Business Wizard makes editing and viewing App Control policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities:
+
+- Configuring policy rules
+- Adding new allow or block file rules to existing policies
+- Removing allow or block file rules on existing policies
+
+## Configuring Policy Rules
+
+The `Policy Rules` page loads with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button reveals the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state. For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules).
+
+![Configuring the policy rules.](../images/appcontrol-wizard-edit-policy-rules.png)
+
+A description of the policy rule is shown at the bottom of the page when the cursor is placed over the rule title. For a complete list of the policy rules and their capabilities, see the [App Control for Business policy rules table](select-types-of-rules-to-create.md#app-control-for-business-policy-rules).
+
+## Adding File Rules
+
+The App Control for Business Wizard allows users to add rules to their existing policy seamlessly. Previously, this rule-adding task would have involved creating a new policy with the new rules and merging it with the existing policy.
+
+Selecting the `+ Custom Rules` button opens the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](appcontrol-wizard-create-base-policy.md#creating-custom-file-rules).
+
+## Removing File Rules
+
+The App Control Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule highlights the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard prompts for user confirmation before removing the file rule. Once removed, the rule no longer appears in the policy or the table.
+
+:::image type="content" alt-text="Removing file rule from policy during edit." source="../images/appcontrol-wizard-edit-remove-file-rule.png":::
+
+> [!NOTE]
+> Removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2.
+
+```xml
+<Signer ID="ID_SIGNER_CONTOSO_PUBLISHER" Name="Contoso LOB Publisher CA">
+  <CertRoot Type="TBS" Value="0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" />
+  <CertPublisher Value="Contoso IT Dept App Publisher" />
+  <FileAttribRef RuleID="ID_FILEATTRIB_LOB_APP_1" />
+  <FileAttribRef RuleID="ID_FILEATTRIB_LOB_APP_2" />
+```
+
+### Policy Creation
+
+Once the policy is created, the new policy is written to the same path as the in-edit policy. The new policy file name has the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at `MyDocuments\BasePolicy.xml`, after edit, the new policy will be saved at `MyDocuments\BasePolicy_v10.0.0.1.xml`.
+
+## Up next
+
+- [Merging App Control for Business policies using the Wizard](appcontrol-wizard-merging-policies.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md
new file mode 100644
index 0000000000..a0c8c1e69a
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md
@@ -0,0 +1,20 @@
+---
+title: App Control for Business Wizard Policy Merging Operation
+description: Merging multiple policies into a single App Control policy with the App Control Wizard.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 09/11/2024
+---
+
+# Merging existing policies with the App Control Wizard
+
+Beginning in Windows 10 version 1903, App Control for Business supports multiple policies. Before version 1903, however, Windows 10 could only have one App Control policy. So, users were required to merge multiple App Control policies into one. The App Control Wizard has a simple to use user interface to allow users to merge multiple App Control policies. The Wizard can support up to 15 policy files as input during the merge workflow.
+
+Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table.
+
+> [!NOTE]
+> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple App Control for Business Policies page](deploy-multiple-appcontrol-policies.md).
+
+Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy.
+
+:::image type="content" alt-text="Merging App Control policies into a final App Control policy." source="../images/appcontrol-wizard-merge.png":::
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md
new file mode 100644
index 0000000000..5e2b4e4017
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md
@@ -0,0 +1,115 @@
+---
+title: App Control for Business Wizard App Control Event Parsing
+description: Creating App Control policy rules from the App Control event logs and the MDE Advanced Hunting App Control events.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 09/11/2024
+---
+
+# Creating App Control Policy Rules from App Control Events in the Wizard
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the App Control Wizard supports creating App Control policy rules from the following event log types:
+
+1. [App Control event log events on the system](#app-control-event-viewer-log-parsing)
+2. [Exported App Control events (EVTX files) from any system](#app-control-event-log-file-parsing)
+3. [Exported App Control events from MDE Advanced Hunting](#mde-advanced-hunting-app-control-event-parsing)
+
+## App Control Event Viewer Log Parsing
+
+To create rules from the App Control event logs on the system:
+
+1. Select **Policy Editor** from the main page.
+2. Select **Convert Event Log to an App Control Policy**.
+3. Select the **Parse Event Logs** button under the **Parse Event Logs from the System Event Viewer to Policy** header.
+
+   The Wizard parses the relevant audit and block events from the CodeIntegrity (App Control) Operational and AppLocker MSI and Script logs. You see a notification when the Wizard successfully finishes reading the events.
+
+   :::image type="content" alt-text="Parse App Control and AppLocker event log system events." source="../images/appcontrol-wizard-event-log-system.png" lightbox="../images/appcontrol-wizard-event-log-system.png":::
+
+4. Select the Next button to view the audit and block events and create rules.
+5. [Generate rules from the events](#creating-policy-rules-from-the-events).
+
+## App Control Event Log File Parsing
+
+To create rules from the App Control `.EVTX` event logs files on the system:
+
+1. Select **Policy Editor** from the main page.
+2. Select **Convert Event Log to an App Control Policy**.
+3. Select the **Parse Log File(s)** button under the **Parse Event Log evtx Files to Policy** header.
+4. Select the App Control CodeIntegrity Event log EVTX file(s) from the disk to parse.
+
+   The Wizard parses the relevant audit and block events from the selected log files. You see a notification when the Wizard successfully finishes reading the events.
+
+   :::image type="content" alt-text="Parse evtx file App Control events" source="../images/appcontrol-wizard-event-log-files.png" lightbox="../images/appcontrol-wizard-event-log-files.png":::
+
+5. Select the Next button to view the audit and block events and create rules.
+6. [Generate rules from the events](#creating-policy-rules-from-the-events).
+
+## MDE Advanced Hunting App Control Event Parsing
+
+To create rules from the App Control events in [MDE Advanced Hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md):
+
+1. Navigate to the Advanced Hunting section within the MDE console and query the App Control events. **The Wizard requires the following fields** in the Advanced Hunting csv file export:
+
+   ```kusto
+   | project-keep Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName
+   ```
+
+   The following Advanced Hunting query is recommended:
+
+   ```kusto
+   DeviceEvents
+   // Take only App Control events
+   | where ActionType startswith 'AppControlCodeIntegrity'
+   // SigningInfo Fields
+   | extend IssuerName = parsejson(AdditionalFields).IssuerName
+   | extend IssuerTBSHash = parsejson(AdditionalFields).IssuerTBSHash
+   | extend PublisherName = parsejson(AdditionalFields).PublisherName
+   | extend PublisherTBSHash = parsejson(AdditionalFields).PublisherTBSHash
+   // Audit/Block Fields
+   | extend AuthenticodeHash = parsejson(AdditionalFields).AuthenticodeHash
+   | extend PolicyId = parsejson(AdditionalFields).PolicyID
+   | extend PolicyName = parsejson(AdditionalFields).PolicyName
+   // Keep only required fields for the App Control Wizard
+   | project-keep Timestamp,DeviceId,DeviceName,ActionType,FileName,FolderPath,SHA1,SHA256,IssuerName,IssuerTBSHash,PublisherName,PublisherTBSHash,AuthenticodeHash,PolicyId,PolicyName
+   ```
+
+2. Export the App Control event results by selecting the **Export** button in the results view.
+
+   :::image type="content" alt-text="Export the MDE Advanced Hunting results to CSV" source="../images/appcontrol-wizard-event-log-mde-ah-export.png" lightbox="../images/appcontrol-wizard-event-log-mde-ah-export.png":::
+
+3. Select **Policy Editor** from the main page.
+4. Select **Convert Event Log to an App Control Policy**.
+5. Select the **Parse Log File(s)** button under the "Parse MDE Advanced Hunting Events to Policy" header.
+6. Select the App Control MDE Advanced Hunting export CSV files from the disk to parse.
+
+   The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You see a notification when the Wizard successfully finishes reading the events.
+
+   :::image type="content" alt-text="Parse the Advanced Hunting CSV App Control event files." source="../images/appcontrol-wizard-event-log-mde-ah-parsing.png" lightbox="../images/appcontrol-wizard-event-log-mde-ah-parsing.png":::
+
+7. Select the Next button to view the audit and block events and create rules.
+8. [Generate rules from the events](#creating-policy-rules-from-the-events).
+
+## Creating Policy Rules from the Events
+
+On the "Configure Event Log Rules" page, the unique App Control log events are shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, and the file publisher are all shown in the table. The table can be sorted alphabetically by clicking on any of the headers.
+
+To create a rule and add it to the App Control policy:
+
+1. Select an audit or block event in the table by selecting the row of interest.
+2. Select a rule type from the dropdown. The Wizard supports creating Publisher, Path, File Attribute, Packaged App and Hash rules.
+3. Select the attributes and fields that should be added to the policy rules using the checkboxes provided for the rule type.
+4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label is shown in the selected row confirming that the rule will be generated.
+
+   :::image type="content" alt-text="Adding a publisher rule to the App Control policy" source="../images/appcontrol-wizard-event-rule-creation.png" lightbox="../images/appcontrol-wizard-event-rule-creation.png":::
+
+5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies.
+
+> [!WARNING]
+> It is not recommended to deploy the event log policy on its own, as it likely lacks rules to authorize Windows and may cause blue screens.
+
+## Up next
+
+- [Merging App Control for Business policies using the Wizard](appcontrol-wizard-merging-policies.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md
new file mode 100644
index 0000000000..5fab393481
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md
@@ -0,0 +1,35 @@
+---
+title: App Control for Business Wizard
+description: The App Control for Business policy wizard tool allows you to create, edit, and merge App Control policies in a simple to use Windows application.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 09/11/2024
+---
+
+# App Control for Business Wizard
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+The App Control for Business policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge App Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical.
+
+## Downloading the application
+
+Download the tool from the official [App Control for Business Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [App Control for Business Policy Wizard repository](https://github.com/MicrosoftDocs/WDAC-Toolkit).
+
+### Supported clients
+
+As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [App Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements:
+
+- Windows 10, version 1909 or later
+- For pre-1909 builds, the Enterprise SKU of Windows is installed
+
+If neither requirement is satisfied, it throws an error as the cmdlets aren't available.
+
+## Resources to learn more
+
+| Article | Description |
+| - | - |
+| [Creating a new base policy](appcontrol-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. |
+| [Creating a new supplemental policy](appcontrol-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. |
+| [Editing a base or supplemental policy](appcontrol-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the tool's editing capabilities. |
+| [Merging policies](appcontrol-wizard-merging-policies.md) | This article describes how to merge policies into a single App Control policy. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md
similarity index 98%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
rename to windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md
index 13ff7f41f2..23d40c8440 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol.md
@@ -1,19 +1,18 @@
 ---
-title: Applications that can bypass WDAC and how to block them
+title: Applications that can bypass App Control and how to block them
 description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
 ms.localizationpriority: medium
-ms.date: 06/14/2023
+ms.date: 09/11/2024
 ms.topic: reference
 ---
 
-# Applications that can bypass WDAC and how to block them
+# Applications that can bypass App Control and how to block them
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
+Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass App Control.
 
-Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. An attacker can use these applications or files to circumvent application allow policies, including WDAC:
+Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. An attacker can use these applications or files to circumvent application allow policies, including App Control:
 
 - addinprocess.exe
 - addinprocess32.exe
@@ -88,9 +87,9 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 > [!NOTE]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
 
-Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application's previous, less secure versions.
+Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your App Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential App Control bypass, add *deny* rules to your App Control policies for that application's previous, less secure versions.
 
-Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can be blocked by their corresponding hashes.
+Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass App Control. These modules can be blocked by their corresponding hashes.
 
 As of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values, instead of version rules.
 
@@ -100,9 +99,9 @@ If you wish to use this blocklist policy on Windows Server 2016, locate the deny
 - msxml6.dll
 - jscript9.dll
 
-The blocklist policy that follows includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy that follows using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the blocklist policy.
+The blocklist policy that follows includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone App Control policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy that follows using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the blocklist policy.
 
-**WDAC policy XML**:
+**App Control policy XML**:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -1531,4 +1530,4 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and
 
 ## More information
 
-- [Merge WDAC policies](../deployment/merge-wdac-policies.md)
+- [Merge App Control policies](../deployment/merge-appcontrol-policies.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md
new file mode 100644
index 0000000000..4ba40200b3
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md
@@ -0,0 +1,36 @@
+---
+title: Policy creation for common App Control usage scenarios
+description: Develop a plan for deploying App Control for Business in your organization based on these common scenarios.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# App Control for Business deployment in different scenarios: types of devices
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+Typically, deployment of App Control for Business happens best in phases, rather than being a feature that you simply "turn on." The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying App Control in your organization. It's common for organizations to have device use cases across each of the categories described.
+
+## Types of devices
+
+|  Type of device                 | How App Control relates to this type of device  |
+|------------------------------------|------------------------------------------------------|
+| **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | App Control for Business can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. |
+| **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request for more software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline App Control for Business policy can be established and enforced. Whenever the IT department approves more applications, it updates the App Control policy and (for unsigned LOB applications) the catalog. |
+| **Fixed-workload devices**: Perform same tasks every day.<br>Lists of approved applications rarely change.<br>Examples: kiosks, point-of-sale systems, call center computers. | App Control for Business can be deployed fully, and deployment and ongoing administration are relatively straightforward.<br>After App Control for Business deployment, only approved applications can run. This rule is because of protections offered by App Control. |
+| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, App Control for Business doesn't apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a blocklist only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. |
+
+## An introduction to Lamna Healthcare Company
+
+In the next set of articles, we'll explore each of the above scenarios using a fictional organization called Lamna Healthcare Company.
+
+Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
+
+Lamna uses [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Intune to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
+
+Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an App Control policy. In response, Lamna's executive board has authorized many new security IT responses, including tightening policies for application use and introducing App Control.
+
+## Up next
+
+- [Create an App Control for Business policy for lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md
similarity index 80%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
rename to windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md
index ff3b5d8fa8..4e7dac4f2e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -1,43 +1,42 @@
 ---
-title: Allow apps deployed with a WDAC managed installer
+title: Allow apps deployed with an App Control managed installer
 description: Explains how to configure a custom Managed Installer.
 ms.localizationpriority: medium
-ms.date: 02/02/2023
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Automatically allow apps deployed by a managed installer with Windows Defender Application Control
+# Automatically allow apps deployed by a managed installer with App Control for Business
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune.
+App Control for Business includes an option called **managed installer** that helps balance security and manageability when enforcing App Control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune.
 
 ## How does a managed installer work?
 
 Managed installer uses a special rule collection in **AppLocker** to designate binaries that are trusted by your organization as an authorized source for application installation. When one of these trusted binaries runs, Windows monitors the binary's process (and any child processes it launches) and watches for files being written to disk. As files are written, they're tagged as originating from a managed installer.
 
-You can then configure WDAC to trust files that are installed by a managed installer by adding the "Enabled:Managed Installer" option to your WDAC policy. When that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules for the binary, WDAC will allow it to run based purely on its managed installer origin.
+You can then configure App Control to trust files that are installed by a managed installer by adding the "Enabled:Managed Installer" option to your App Control policy. When that option is set, App Control will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules for the binary, App Control will allow it to run based purely on its managed installer origin.
 
 ## Security considerations with managed installer
 
 Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees as explicit allow or deny rules do. Managed installer is best suited where users operate as standard user, and where all software is deployed and installed by a software distribution solution such as MEMCM.
 
-Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of your WDAC policies when the managed installer option is allowed.
+Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of your App Control policies when the managed installer option is allowed.
 
-If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of your WDAC policies.
+If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of your App Control policies.
 
 Some application installers may automatically run the application at the end of the installation process. If the application runs automatically, and the installer was run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
 
 ## Known limitations with managed installer
 
-- Application control, based on managed installer, doesn't support applications that self-update. If an application that was deployed by a managed installer later updates itself, the updated application files won't include the origin information from the managed installer, and they might not be able to run. When you rely on managed installers, you must deploy and install all application updates by using a managed installer, or include rules to authorize the app in the WDAC policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
+- App Control, based on managed installer, doesn't support applications that self-update. If an application that was deployed by a managed installer later updates itself, the updated application files won't include the origin information from the managed installer, and they might not be able to run. When you rely on managed installers, you must deploy and install all application updates by using a managed installer, or include rules to authorize the app in the App Control policy. In some cases, it may be possible to also designate an application binary that performs self-updates as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
 
 - Some applications or installers may extract, download, or generate binaries and immediately attempt to run them. Files run by such a process may not be allowed by the managed installer heuristic. In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. Proper review for functionality and security should be performed for the application before using this method.
 
-- The managed installer heuristic doesn't authorize kernel drivers. The WDAC policy must have rules that allow the necessary drivers to run.
+- The managed installer heuristic doesn't authorize kernel drivers. The App Control policy must have rules that allow the necessary drivers to run.
 
-## Configure managed installer tracking with AppLocker and WDAC
+## Configure managed installer tracking with AppLocker and App Control
 
 To turn on managed installer tracking, you must:
 
@@ -48,7 +47,7 @@ To turn on managed installer tracking, you must:
 > The managed installer AppLocker policy below is designed to be safely merged with any pre-existing AppLocker policies and won't change the behavior of those policies. However, if applied on a device that doesn't currently have any AppLocker policy, you will see a large increase in warning events generated in the *AppLocker - EXE and DLL* event log. If you're using an event forwarding and collection service, like LogAnalytics, you may want to adjust the configuration for that event log to only collect Error events or stop collecting events from that log altogether.
 
 > [!NOTE]
-> MEMCM will automatically configure itself as a managed installer, and enable the required AppLocker components, if you deploy one of its inbox WDAC policies. If you are configuring MEMCM as a managed installer using any other method, additional setup is required. Use the [**ManagedInstaller** cmdline switch in your ccmsetup.exe setup](/mem/configmgr/core/clients/deploy/about-client-installation-properties#managedinstaller). Or you can deploy one of the MEMCM inbox audit mode policies alongside your custom policy.
+> MEMCM will automatically configure itself as a managed installer, and enable the required AppLocker components, if you deploy one of its inbox App Control policies. If you are configuring MEMCM as a managed installer using any other method, additional setup is required. Use the [**ManagedInstaller** cmdline switch in your ccmsetup.exe setup](/mem/configmgr/core/clients/deploy/about-client-installation-properties#managedinstaller). Or you can deploy one of the MEMCM inbox audit mode policies alongside your custom policy.
 
 ### Create and deploy an AppLocker policy that defines your managed installer rules and enables services enforcement for executables and DLLs
 
@@ -189,12 +188,12 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
 > [!NOTE]
 > Managed installer tracking will start the next time a process runs that matches your managed installer rules. If an intended process is already running, you must restart it.
 
-## Enable the managed installer option in WDAC policy
+## Enable the managed installer option in App Control policy
 
-In order to enable trust for the binaries laid down by managed installers, the "Enabled: Managed Installer" option must be specified in your WDAC policy.
+In order to enable trust for the binaries laid down by managed installers, the "Enabled: Managed Installer" option must be specified in your App Control policy.
 This setting can be defined by using the [Set-RuleOption cmdlet](/powershell/module/configci/set-ruleoption) with Option 13.
 
-Below are steps to create a WDAC policy that allows Windows to boot and enables the managed installer option.
+Below are steps to create an App Control policy that allows Windows to boot and enables the managed installer option.
 
 1. Copy the DefaultWindows_Audit policy into your working folder from "C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml"
 
@@ -212,10 +211,10 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables
     Set-RuleOption -FilePath <XML filepath> -Option 13
     ```
 
-4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md).
+4. Deploy your App Control policy. See [Deploying App Control for Business policies](../deployment/appcontrol-deployment-guide.md).
 
 > [!NOTE]
-> Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer.
+> Your App Control policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer.
 
 ## Remove Managed Installer feature
 
@@ -223,4 +222,4 @@ To remove the Managed Installer feature from the device, you'll need to remove t
 
 ## Related articles
 
-- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md)
+- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-appcontrol-managed-installer.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md
similarity index 70%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md
index 3e76a698d2..0e52f30f3d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-deny-policy.md
@@ -1,18 +1,18 @@
 ---
-title: Create WDAC Deny Policy
-description: Explains how to create WDAC deny policies
+title: Create App Control Deny Policy
+description: Explains how to create App Control deny policies
 ms.localizationpriority: medium
-ms.date: 12/31/2017
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Guidance on Creating WDAC Deny Policies
+# Guidance on Creating App Control Deny Policies
 
-With Windows Defender Application Control (WDAC), you can create policies to explicitly deny specific drivers and applications. To create effective Windows Defender Application Control deny policies, you should [understand the order of rule precedence](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues#file-rule-precedence-order) WDAC applies as it evaluates files against the active policies.
+With App Control for Business, you can create policies to explicitly deny specific drivers and applications. To create effective App Control for Business deny policies, you should [understand the order of rule precedence](../operations/known-issues.md#file-rule-precedence-order) App Control applies as it evaluates files against the active policies.
 
 ## Standalone Deny policy
 
-When creating a policy that consists solely of deny rules, you must include "Allow All" rules in both the kernel and user mode sections of the policy in addition to your explicit deny rules. The "Allow All" rules ensure that anything not explicitly denied by your policy is allowed to run. If you fail to add "Allow All" rules to a deny-only policy, then you risk blocking everything. This outcome happens because some code is *explicitly* denied and all other code is *implicitly* denied, because there are no rules to authorize it. We recommend using the [AllowAll policy template](/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies) when creating your standalone deny policies.
+When creating a policy that consists solely of deny rules, you must include "Allow All" rules in both the kernel and user mode sections of the policy in addition to your explicit deny rules. The "Allow All" rules ensure that anything not explicitly denied by your policy is allowed to run. If you fail to add "Allow All" rules to a deny-only policy, then you risk blocking everything. This outcome happens because some code is *explicitly* denied and all other code is *implicitly* denied, because there are no rules to authorize it. We recommend using the [AllowAll policy template](example-appcontrol-base-policies.md) when creating your standalone deny policies.
 
 ```xml
 <FileRules>
@@ -37,7 +37,7 @@ When creating a policy that consists solely of deny rules, you must include "All
 </SigningScenarios>
 ```
 
-Adding the preceding "Allow All" rules don't affect any other WDAC policies you've deployed that apply an explicit allowlist. To illustrate, consider the following example:
+Adding the preceding "Allow All" rules don't affect any other App Control policies you've deployed that apply an explicit allowlist. To illustrate, consider the following example:
 
 Policy1 is an allowlist for Windows- and Microsoft-signed applications.
 
@@ -50,7 +50,7 @@ Policy2 is our new deny policy, which blocks MaliciousApp.exe and also the Windo
 
 ## Mixed Allow and Deny policy considerations
 
-If the set of deny rules is to be added into an existing policy that includes explicit allow rules, then don't include the preceding "Allow All" rules. Instead, the deny rules should be merged with the existing WDAC policy via the [WDAC Wizard](wdac-wizard-merging-policies.md) or using the following PowerShell command:
+If the set of deny rules is to be added into an existing policy that includes explicit allow rules, then don't include the preceding "Allow All" rules. Instead, the deny rules should be merged with the existing App Control policy via the [App Control Wizard](appcontrol-wizard-merging-policies.md) or using the following PowerShell command:
 
 ```PowerShell
 $DenyPolicy = <path_to_deny_policy>
@@ -60,13 +60,13 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist
 
 ## Best Practices
 
-1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md)
+1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting App Control for Business policies](../operations/appcontrol-operational-guide.md)
 
-2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules.
+2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While App Control has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules.
 
 ## Creating a Deny policy tutorial
 
-Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC Wizard](https://webapp-wdac-wizard.azurewebsites.net/). We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash.
+Deny rules and policies can be created using the PowerShell cmdlets or the [App Control Wizard](https://webapp-wdac-wizard.azurewebsites.net/). We recommend creating signer rules (PCACertificate, Publisher, and FilePublisher) wherever possible. In the cases of unsigned binaries, rules must be created on attributes of the file, such as the original filename, or the hash.
 
 ### Software Publisher-based deny rule
 
@@ -99,4 +99,4 @@ Set-CiPolicyIdInfo -FilePath $DenyPolicy -PolicyName "My Deny Policy" -ResetPoli
 
 ### Deploy the Deny Policy
 
-You should now have a deny policy prepared to deploy. See the [WDAC Deployment Guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to deploy your policy to your managed endpoints.
+You should now have a deny policy prepared to deploy. See the [App Control Deployment Guide](../deployment/appcontrol-deployment-guide.md) to deploy your policy to your managed endpoints.
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md
new file mode 100644
index 0000000000..1563a69a95
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-fully-managed-devices.md
@@ -0,0 +1,155 @@
+---
+title: Create an App Control policy for fully managed devices
+description: App Control for Business restricts which applications users are allowed to run and the code that runs in system core.
+ms.topic: conceptual
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+---
+
+# Create an App Control policy for fully managed devices
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This section outlines the process to create an App Control for Business policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
+
+> [!NOTE]
+> Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
+
+As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
+
+**Alice Pena** is the IT team lead tasked with the rollout of App Control.
+
+Alice previously created a policy for the organization's lightly managed devices. Some devices, however, are more tightly managed and can benefit from a more constrained policy. In particular, certain job functions such as administrative staff and firstline workers aren't granted administrator level access to their devices. Similarly, shared kiosks are configured only with a managed set of apps and all users of the device except IT run as standard user. On these devices, all apps are deployed and installed by IT.
+
+## Define the "circle-of-trust" for fully managed devices
+
+Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed devices:
+
+- All clients are running Windows 10 version 1903 or above or Windows 11;
+- All clients are managed by Configuration Manager or with Intune;
+- Most, but not all, apps are deployed using Configuration Manager;
+- Sometimes, IT staff install apps directly to these devices without using Configuration Manager;
+- All users except IT are standard users on these devices.
+
+Alice's team develops a simple console application, called *LamnaITInstaller.exe*, which will become the authorized way for IT staff to install apps directly to devices. *LamnaITInstaller.exe* allows the IT pro to launch another process, such as an app installer. Alice will configure *LamnaITInstaller.exe* as an extra managed installer for App Control and allows her to remove the need for filepath rules.
+
+Based on the above, Alice defines the pseudo-rules for the policy:
+
+1. **"Windows works"** rules that authorize:
+   - Windows
+   - WHQL (third-party kernel drivers)
+   - Windows Store signed apps
+
+2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function.
+3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer)
+
+The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-appcontrol-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
+
+- Removal of the Intelligent Security Graph (ISG) option; and
+- Removal of filepath rules.
+
+## Create a custom base policy using an example App Control base policy
+
+Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully managed devices and decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs.
+
+Alice follows these steps to complete this task:
+
+> [!NOTE]
+> If you do not use Configuration Manager or prefer to use a different [example App Control for Business base policy](example-appcontrol-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
+
+1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11.
+
+2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
+
+   ```powershell
+   $PolicyPath=$env:userprofile+"\Desktop\"
+   $PolicyName= "Lamna_FullyManagedClients_Audit"
+   $LamnaPolicy=$PolicyPath+$PolicyName+".xml"
+   $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
+   ```
+
+3. Copy the policy created by Configuration Manager to the desktop:
+
+   ```powershell
+   cp $ConfigMgrPolicy $LamnaPolicy
+   ```
+
+4. Give the new policy a unique ID, descriptive name, and initial version number:
+
+   ```powershell
+   Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID
+   Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0"
+   ```
+
+5. Modify the copied policy to set policy rules:
+
+   ```powershell
+   Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode
+   Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy
+   Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu
+   Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps
+   Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
+   Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot
+   Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental
+   Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security
+   ```
+
+6. If appropriate, add more signer or file rules to further customize the policy for your organization.
+
+7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the App Control for Business policy to a binary format:
+
+   ```powershell
+   [xml]$PolicyXML = Get-Content $LamnaPolicy
+   $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip"
+   ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin
+   ```
+
+8. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
+
+At this point, Alice now has an initial policy that is ready to deploy in audit mode to the managed clients within Lamna.
+
+## Security considerations of this fully managed policy
+
+Alice has defined a policy for Lamna's fully managed devices that makes some trade-offs between security and manageability for apps. Some of the trade-offs include:
+
+- **Users with administrative access**
+
+  Although applying to fewer users, Lamna still allows some IT staff to sign in to its fully managed devices as administrator. This privilege allows these users (or malware running with the user's privileges) to modify or remove altogether the App Control policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer that would allow them to gain persistent app authorization for whatever apps or binaries they wish.
+
+  Possible mitigations:
+  - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies.
+  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
+  - Use device attestation to detect the configuration state of App Control at boot time and use that information to condition access to sensitive corporate resources.
+
+- **Unsigned policies**
+
+  Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy.
+
+  Existing mitigations applied:
+  - Limit who can elevate to administrator on the device.
+
+  Possible mitigations:
+  - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies.
+
+- **Managed installer**
+
+  See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer)
+
+  Existing mitigations applied:
+  - Limit who can elevate to administrator on the device.
+
+  Possible mitigations:
+  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
+
+- **Supplemental policies**<br>
+
+  Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction.
+
+  Possible mitigations:
+  - Use signed App Control policies that allow authorized signed supplemental policies only.
+  - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
+
+## Up next
+
+- [Create an App Control for Business policy for fixed-workload devices using a reference computer](create-appcontrol-policy-using-reference-computer.md)
+- [Prepare to deploy App Control for Business policies](../deployment/appcontrol-deployment-guide.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md
similarity index 68%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md
rename to windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md
index d4b6d3f256..b7c6837954 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-for-lightly-managed-devices.md
@@ -1,24 +1,23 @@
 ---
-title: Create a WDAC policy for lightly managed devices
-description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
+title: Create an App Control policy for lightly managed devices
+description: App Control for Business restricts which applications users are allowed to run and the code that runs in the system core.
 ms.topic: conceptual
 ms.localizationpriority: medium
-ms.date: 11/07/2022
+ms.date: 09/11/2024
 ---
 
-# Create a WDAC policy for lightly managed devices
+# Create an App Control policy for lightly managed devices
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later articles.
+This section outlines the process to create an App Control for Business policy for **lightly managed devices** within an organization. Typically, organizations that are new to App Control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their App Control-managed devices as described in later articles.
 
 > [!NOTE]
-> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
+> Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 
-As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As in [App Control for Business deployment in different scenarios: types of devices](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
 
-**Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads.
+**Alice Pena** is the IT team lead tasked with the rollout of App Control. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to App Control and use different policies for different workloads.
 
 For most users and devices, Alice wants to create an initial policy that is as relaxed as possible in order to minimize user productivity impact, while still providing security value.
 
@@ -52,7 +51,7 @@ Based on the above, Alice defines the pseudo-rules for the policy:
    - C:\Program Files (x86)\*
    - %windir%\*
 
-## Create a custom base policy using an example WDAC base policy
+## Create a custom base policy using an example App Control base policy
 
 Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly managed devices. Alice decides to use the example `SmartAppControl.xml` to create the initial base policy and then customize it to meet Lamna's needs.
 
@@ -61,7 +60,7 @@ Alice follows these steps to complete this task:
 1. On a client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
 
     > [!NOTE]
-    > If you prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md), substitute the example policy path with your preferred base policy in this step.
+    > If you prefer to use a different [example App Control for Business base policy](example-appcontrol-base-policies.md), substitute the example policy path with your preferred base policy in this step.
 
     ```powershell
     $PolicyPath = $env:userprofile+"\Desktop\"
@@ -79,7 +78,7 @@ Alice follows these steps to complete this task:
 1. Modify the policy to remove unsupported rule:
 
     > [!NOTE]
-    > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step.
+    > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise App Control policies and must be removed. For more information, see [App Control and Smart App Control](../appcontrol.md#app-control-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step.
 
     ```powershell
     [xml]$xml = Get-Content $LamnaPolicy
@@ -127,7 +126,7 @@ Alice follows these steps to complete this task:
 
 1. If appropriate, add more signer or file rules to further customize the policy for your organization.
 
-1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the Windows Defender Application Control policy to a binary format:
+1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the App Control for Business policy to a binary format:
 
     ```powershell
     [xml]$PolicyXML = Get-Content $LamnaPolicy
@@ -145,13 +144,13 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 - **Users with administrative access**
 
-  This trade-off is the most impactful security trade-off. It allows the device user, or malware running with the user's privileges, to modify or remove the WDAC policy on the device. Additionally, administrators can configure any app to act as a managed installer, which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
+  This trade-off is the most impactful security trade-off. It allows the device user, or malware running with the user's privileges, to modify or remove the App Control policy on the device. Additionally, administrators can configure any app to act as a managed installer, which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
 
   Possible mitigations:
 
-  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
+  - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies.
   - To remove the requirement for managed installer, create and deploy signed catalog files as part of the app deployment process.
-  - Use device attestation to detect the configuration state of WDAC at boot time and use that information to condition access to sensitive corporate resources.
+  - Use device attestation to detect the configuration state of App Control at boot time and use that information to condition access to sensitive corporate resources.
 
 - **Unsigned policies**
 
@@ -159,7 +158,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
   Possible mitigations:
 
-  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
+  - Use signed App Control policies and UEFI BIOS access protection to prevent tampering of App Control policies.
   - Limit who can elevate to administrator on the device.
 
 - **Managed installer**
@@ -173,7 +172,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 - **Intelligent Security Graph (ISG)**
 
-  See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option)
+  See [security considerations with the Intelligent Security Graph](use-appcontrol-with-intelligent-security-graph.md#security-considerations-with-the-isg-option)
 
   Possible mitigations:
 
@@ -186,7 +185,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
   Possible mitigations:
 
-  - Use signed WDAC policies that allow authorized signed supplemental policies only.
+  - Use signed App Control policies that allow authorized signed supplemental policies only.
   - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
 
 - **FilePath rules**
@@ -208,5 +207,5 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 ## Up next
 
-- [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md)
-- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md)
+- [Create an App Control for Business policy for fully managed devices](create-appcontrol-policy-for-fully-managed-devices.md)
+- [Prepare to deploy App Control for Business policies](../deployment/appcontrol-deployment-guide.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md
new file mode 100644
index 0000000000..0b066ce364
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/create-appcontrol-policy-using-reference-computer.md
@@ -0,0 +1,124 @@
+---
+title: Create an App Control policy using a reference computer
+description: To create an App Control for Business policy that allows all code installed on a reference computer within your organization, follow this guide.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# Create an App Control policy using a reference computer
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This section outlines the process to create an App Control for Business policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on App Control on systems "in the wild" and you want to minimize the potential impact on users' productivity.
+
+> [!NOTE]
+> Some of the App Control for Business options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's App Control policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
+
+As described in [common App Control for Business deployment scenarios](common-appcontrol-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of App Control to prevent unwanted or unauthorized applications from running on their managed devices.
+
+**Alice Pena** is the IT team lead tasked with the rollout of App Control.
+
+## Create a custom base policy using a reference device
+
+Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use App Control to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a "golden" image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the App Control policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on.
+
+> [!NOTE]
+> Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the App Control policy. <br><br> Each installed software application should be validated as trustworthy before you create a policy. <br><br> We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer.
+
+Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's critical infrastructure servers:
+
+- All devices are running Windows Server 2019 or above;
+- All apps are centrally managed and deployed;
+- No interactive users.
+
+Based on the above, Alice defines the pseudo-rules for the policy:
+
+1. **"Windows works"** rules that authorize:
+   - Windows
+   - WHQL (third-party kernel drivers)
+   - Windows Store signed apps
+
+2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
+
+To create the App Control policy, Alice runs each of the following commands in an elevated Windows PowerShell session, in order:
+
+1. Initialize variables.
+
+   ```powershell
+   $PolicyPath=$env:userprofile+"\Desktop\"
+   $PolicyName="FixedWorkloadPolicy_Audit"
+   $LamnaServerPolicy=$PolicyPath+$PolicyName+".xml"
+   $DefaultWindowsPolicy=$env:windir+"\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml"
+   ```
+
+2. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a new App Control policy by scanning the system for installed applications:
+
+   ```powershell
+   New-CIPolicy -FilePath $LamnaServerPolicy -Level SignedVersion -Fallback FilePublisher,FileName,Hash -ScanPath c:\ -UserPEs -MultiplePolicyFormat -OmitPaths c:\Windows,'C:\Program Files\WindowsApps\',c:\windows.old\,c:\users\ 3> CIPolicyLog.txt
+   ```
+
+   > [!Note]
+   >
+   > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [App Control for Business file rule levels](select-types-of-rules-to-create.md).
+   > - To specify that the App Control policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the tool will scan the C-drive by default.
+   > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the App Control policy. If you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers. In other words, the allow list will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from App Control for Business. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
+   > - To create a policy for Windows 10 1903 and above, including support for supplemental policies, use **-MultiplePolicyFormat**.
+   > - To specify a list of paths to exclude from the scan, use the **-OmitPaths** option and supply a comma-delimited list of paths.
+   > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
+
+3. Merge the new policy with the WindowsDefault_Audit policy to ensure all Windows binaries and kernel drivers will load.
+
+      ```powershell
+      Merge-CIPolicy -OutputFilePath $LamnaServerPolicy -PolicyPaths $LamnaServerPolicy,$DefaultWindowsPolicy
+      ```
+
+4. Give the new policy a descriptive name, and initial version number:
+
+      ```powershell
+      Set-CIPolicyIdInfo -FilePath $LamnaServerPolicy -PolicyName $PolicyName
+      Set-CIPolicyVersion -FilePath $LamnaServerPolicy -Version "1.0.0.0"
+      ```
+
+5. Modify the merged policy to set policy rules:
+
+      ```powershell
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 3 # Audit Mode
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 6 # Unsigned Policy
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 9 # Advanced Boot Menu
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 12 # Enforce Store Apps
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 16 # No Reboot
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 17 # Allow Supplemental
+      Set-RuleOption -FilePath $LamnaServerPolicy -Option 19 # Dynamic Code Security
+      ```
+
+6. If appropriate, add more signer or file rules to further customize the policy for your organization.
+
+7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the App Control policy to a binary format:
+
+   ```powershell
+   [xml]$LamnaServerPolicyXML = Get-Content $LamnaServerPolicy
+   $PolicyId = $LamnaServerPolicyXML.SiPolicy.PolicyId
+   $LamnaServerPolicyBin = $PolicyPath+$PolicyId+".cip"
+   ConvertFrom-CIPolicy $LamnaServerPolicy $LamnaServerPolicyBin
+   ```
+
+8. Upload the base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
+
+Alice now has an initial policy for Lamna's critical infrastructure servers that is ready to deploy in audit mode.
+
+## Create a custom base policy to minimize user impact on in-use client devices
+
+Alice previously created a policy for the organization's fully managed devices. Alice has included the fully managed device policy as part of Lamna's device build process so all new devices now begin with App Control enabled. She's preparing to deploy the policy to systems that are already in use, but is worried about causing disruption to users' productivity. To minimize that risk, Alice decides to take a different approach for those systems. She'll continue to deploy the fully managed device policy in audit mode to those devices, but for enforcement mode she'll merge the fully managed device policy rules with a policy created by scanning the device for all previously installed software. In this way, each device is treated as its own "golden" system.
+
+Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed in-use devices:
+
+- Everything described for Lamna's [Fully Managed Devices](create-appcontrol-policy-for-fully-managed-devices.md);
+- Users have installed apps that they need to continue to run.
+
+Based on the above, Alice defines the pseudo-rules for the policy:
+
+1. Everything included in the Fully Managed Devices policy
+2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
+
+For Lamna's existing, in-use devices, Alice deploys a script along with the Fully Managed Devices policy XML (not the converted App Control policy binary). The script then generates a custom policy locally on the client as described in the previous section, but instead of merging with the DefaultWindows policy, the script merges with Lamna's Fully Managed Devices policy. Alice also modifies the steps above to match the requirements of this different use case.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md
similarity index 76%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md
index 621718eb69..add9351935 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies.md
@@ -1,17 +1,16 @@
 ---
-title: Use multiple Windows Defender Application Control Policies
-description: Windows Defender Application Control supports multiple code integrity policies for one device.
+title: Use multiple App Control for Business Policies
+description: App Control for Business supports multiple code integrity policies for one device.
 ms.localizationpriority: medium
-ms.date: 04/15/2024
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Use multiple Windows Defender Application Control Policies
+# Use multiple App Control for Business Policies
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-Beginning with Windows 10 version 1903 and Windows Server 2022, you can deploy multiple Windows Defender Application Control (WDAC) policies side-by-side on a device. To allow more than 32 active policies, install the Windows security update released on, or after, April 9, 2024 and then restart the device. With these updates, there's no limit for the number of policies you can deploy at once to a given device. Until you install the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies and you must not exceed that number.
+Beginning with Windows 10 version 1903 and Windows Server 2022, you can deploy multiple App Control for Business policies side-by-side on a device. To allow more than 32 active policies, install the Windows security update released on, or after, April 9, 2024 and then restart the device. With these updates, there's no limit for the number of policies you can deploy at once to a given device. Until you install the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies and you must not exceed that number.
 
 >[!NOTE]
 >The policy limit was not removed on Windows 11 21H2 and will remain limited to 32 policies.
@@ -29,7 +28,7 @@ Here are some common scenarios where multiple side-by-side policies are useful:
     - For supplemental policies, applications allowed by either the base policy or its supplemental policy/policies run
 
 > [!NOTE]
-> Pre-1903 systems do not support the use of Multiple Policy Format WDAC policies.
+> Pre-1903 systems do not support the use of Multiple Policy Format App Control policies.
 
 ## Base and supplemental policy interaction
 
@@ -38,7 +37,7 @@ Here are some common scenarios where multiple side-by-side policies are useful:
 - Base + supplemental policy: union
   - Files allowed by either the base policy or the supplemental policy run
 
-## Creating WDAC policies in Multiple Policy Format
+## Creating App Control policies in Multiple Policy Format
 
 In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) unique values generated for the policy ID and 2) the policy type set as a Base policy. The below example describes the process of creating a new policy in the multiple policy format.
 
@@ -75,7 +74,7 @@ When you're merging policies, the policy type and ID of the leftmost/first polic
 
 ## Deploying multiple policies
 
-In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP.
+In order to deploy multiple App Control for Business policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP.
 
 ### Deploying multiple policies locally
 
@@ -89,11 +88,11 @@ To deploy policies locally using the new multiple policy format, follow these st
 
 ### Deploying multiple policies via ApplicationControl CSP
 
-Multiple Windows Defender Application Control policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.<br>
+Multiple App Control for Business policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). The CSP also provides support for rebootless policy deployment.<br>
 
 However, when policies are unenrolled from an MDM server, the CSP attempts to remove every policy not actively deployed, not just the policies added by the CSP. This behavior happens because the system doesn't know what deployment methods were used to apply individual policies.
 
 For more information on deploying multiple policies, optionally using Microsoft Intune's custom OMA-URI capability, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
 
 > [!NOTE]
-> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies.
+> WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format App Control for Business policies.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md
similarity index 53%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md
index e186ea2bb6..fcc507dc75 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/example-appcontrol-base-policies.md
@@ -1,32 +1,31 @@
 ---
-title: Example Windows Defender Application Control base policies
-description: When creating a Windows Defender Application Control (WDAC) policy for an organization, start from one of the many available example base policies.
+title: Example App Control for Business base policies
+description: When creating an App Control for Business policy for an organization, start from one of the many available example base policies.
 ms.topic: reference
 ms.localizationpriority: medium
-ms.date: 03/31/2023
+ms.date: 09/11/2024
 ---
 
-# Windows Defender Application Control example base policies
+# App Control for Business example base policies
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods.
+When you create policies for use with App Control for Business, start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods.
 
-| **Example Base Policy** | **Description** | **Where it can be found** |
+| Example Base Policy | Description | Where it can be found |
 |-------------------------|---------------------------------------------------------------|--------|
-| **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for the [Microsoft Intune product family](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\DefaultWindows_Audit.xml |
-| **AllowMicrosoft.xml** | This example policy includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\AllowMicrosoft.xml |
+| **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for the [Microsoft Intune product family](https://www.microsoft.com/security/business/endpoint-management/microsoft-intune) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml <br> %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\DefaultWindows_Audit.xml |
+| **AllowMicrosoft.xml** | This example policy includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml <br> %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\AllowMicrosoft.xml |
 | **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml |
-| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll_EnableHVCI.xml |
+| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using App Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll_EnableHVCI.xml |
 | **DenyAllAudit.xml** | ***Warning: Will cause boot issues on Windows Server 2019 and earlier. Do not use on those operating systems.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DenyAllAudit.xml |
-| **Microsoft Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
-| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml <br>%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\SignedReputable.xml |
+| **Microsoft Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in App Control integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
+| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise App Control policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example base policy](create-appcontrol-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-app-control-base-policy). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml <br>%ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\SignedReputable.xml |
 | **Example supplemental policy** | This example policy shows how to use supplemental policy to expand the DefaultWindows_Audit.xml allow a single Microsoft-signed file. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Supplemental.xml |
-| **Microsoft Recommended Block List** | This policy includes a list of Windows and Microsoft-signed code that Microsoft recommends blocking when using WDAC, if possible. | [Microsoft recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules) <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_UserMode_Blocklist.xml |
-| **Microsoft recommended driver blocklist** | This policy includes rules to block known vulnerable or malicious kernel drivers. | [Microsoft recommended driver block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules) <br> %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\RecommendedDriverBlock_Enforced.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_Driver_Blocklist.xml |
-| **Windows S mode** | This policy includes the rules used to enforce [Windows S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). | %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\WinSiPolicy.xml.xml |
-| **Windows 11 SE** | This policy includes the rules used to enforce [Windows 11 SE](/education/windows/windows-11-se-overview), a version of Windows built for use in schools. | %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\WinSEPolicy.xml.xml |
+| **Microsoft Recommended Block List** | This policy includes a list of Windows and Microsoft-signed code that Microsoft recommends blocking when using App Control, if possible. | [Microsoft recommended block rules](applications-that-can-bypass-appcontrol.md) <br> %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\Recommended_UserMode_Blocklist.xml |
+| **Microsoft recommended driver blocklist** | This policy includes rules to block known vulnerable or malicious kernel drivers. | [Microsoft recommended driver block rules](microsoft-recommended-driver-block-rules.md) <br> %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\RecommendedDriverBlock_Enforced.xml <br> %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\Recommended_Driver_Blocklist.xml |
+| **Windows S mode** | This policy includes the rules used to enforce [Windows S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). | %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\WinSiPolicy.xml.xml |
+| **Windows 11 SE** | This policy includes the rules used to enforce [Windows 11 SE](/education/windows/windows-11-se-overview), a version of Windows built for use in schools. | %ProgramFiles%\WindowsApps\Microsoft.App Control.WDACWizard*\WinSEPolicy.xml.xml |
 
 > [!NOTE]
 > Not all policies shown available at %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies can be found on all versions of Windows.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md
similarity index 56%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
rename to windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md
index d136e3824b..ce393a2e65 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol.md
@@ -1,28 +1,27 @@
 ---
-title: Manage packaged apps with WDAC
-description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
+title: Manage packaged apps with App Control
+description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single App Control for Business rule.
 ms.localizationpriority: medium
-ms.date: 03/01/2023
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
-# Manage Packaged Apps with Windows Defender Application Control
+# Manage Packaged Apps with App Control for Business
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy.
+This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with App Control for Business as part of your overall App Control strategy.
 
 ## Comparing classic Windows Apps and Packaged Apps
 
-The biggest challenge in adopting application control is the lack of a strong app identity for classic Windows apps, also known as win32 apps. A typical win32 app consists of multiple components, including the installer that is used to install the app, and one or more exes, dlls, or scripts. An app can consist of hundreds or even thousands of individual binaries that work together to deliver the functionality that your users understand as the app. Some of that code may be signed by the software publisher, some may be signed by other companies, and some of it may not be signed at all. Much of the code may be written to disk by a common set of installers, but some may already be installed and some downloaded on demand. Some of the binaries have common resource header metadata, such as product name and product version, but other files won't share that information. So while you want to be able to express rules like "allow app Foo", that isn't something Windows inherently understands for classic Windows apps. Instead, you may have to create many WDAC rules to allow all the files that comprise the app.
+The biggest challenge in adopting App Control is the lack of a strong app identity for classic Windows apps, also known as win32 apps. A typical win32 app consists of multiple components, including the installer that is used to install the app, and one or more exes, dlls, or scripts. An app can consist of hundreds or even thousands of individual binaries that work together to deliver the functionality that your users understand as the app. Some of that code may be signed by the software publisher, some may be signed by other companies, and some of it may not be signed at all. Much of the code may be written to disk by a common set of installers, but some may already be installed and some downloaded on demand. Some of the binaries have common resource header metadata, such as product name and product version, but other files won't share that information. So while you want to be able to express rules like "allow app Foo", that isn't something Windows inherently understands for classic Windows apps. Instead, you may have to create many App Control rules to allow all the files that comprise the app.
 
-Packaged apps on the other hand, also known as [MSIX](/windows/msix/overview), ensure that all the files that make up an app share the same identity and have a common signature. Therefore, with packaged apps, it's possible to control the entire app with a single WDAC rule.
+Packaged apps on the other hand, also known as [MSIX](/windows/msix/overview), ensure that all the files that make up an app share the same identity and have a common signature. Therefore, with packaged apps, it's possible to control the entire app with a single App Control rule.
 
-## Using WDAC to Manage Packaged Apps
+## Using App Control to Manage Packaged Apps
 
 > [!IMPORTANT]
-> When controlling packaged apps, you must choose between signer rules or Package Family Name (PFN) rules. If **any** Package Family Name (PFN) rule is used in your WDAC base policy or one of its supplemental policies, then **all** packaged apps must be controlled exclusively using PFN rules. You can't mix-and-match PFN rules with signature-based rules within a given base policy's scope. This will affect many inbox system apps like the Start menu. You can use wildcards in PFN rules on Windows 11 to simplify the rule creation.
+> When controlling packaged apps, you must choose between signer rules or Package Family Name (PFN) rules. If **any** Package Family Name (PFN) rule is used in your App Control base policy or one of its supplemental policies, then **all** packaged apps must be controlled exclusively using PFN rules. You can't mix-and-match PFN rules with signature-based rules within a given base policy's scope. This will affect many inbox system apps like the Start menu. You can use wildcards in PFN rules on Windows 11 to simplify the rule creation.
 
 ### Creating signature-based rules for Packaged Apps
 
@@ -35,16 +34,16 @@ $FilePath = $env:USERPROFILE+'\Downloads\WDACWizard_2.1.0.1_x64_8wekyb3d8bbwe.MS
 $Rules = New-CIPolicyRule -DriverFilePath $FilePath -Level Publisher
 ```
 
-Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule into your existing WDAC policy XML.
+Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule into your existing App Control policy XML.
 
 #### Create signer rule from AppxSignature.p7x
 
 ```powershell
-$FilePath = $env:ProgramFiles+'\WindowsApps\Microsoft.WDAC.WDACWizard_2.1.0.1_x64__8wekyb3d8bbwe\AppxSignature.p7x'
+$FilePath = $env:ProgramFiles+'\WindowsApps\Microsoft.App Control.WDACWizard_2.1.0.1_x64__8wekyb3d8bbwe\AppxSignature.p7x'
 $Rules = New-CIPolicyRule -DriverFilePath $FilePath -Level Publisher
 ```
 
-Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule into your existing WDAC policy XML.
+Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule into your existing App Control policy XML.
 
 ### Creating PackageFamilyName rules for Packaged Apps
 
@@ -61,15 +60,15 @@ foreach ($Package in $Packages)
 }
 ```
 
-Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule(s) into your existing WDAC policy XML.
+Then use the [Merge-CIPolicy](/powershell/module/configci/merge-cipolicy) PowerShell cmdlet to merge your new rule(s) into your existing App Control policy XML.
 
-#### Create PFN rules using the WDAC Wizard
+#### Create PFN rules using the App Control Wizard
 
 ##### Create PFN rule from an installed MSIX app
 
-Use the following steps to create a WDAC PFN rule for an app that is installed on the system:
+Use the following steps to create an App Control PFN rule for an app that is installed on the system:
 
-1. From the **Policy Signing Rules** page of the [WDAC Wizard](https://aka.ms/wdacwizard), select **Add Custom Rule**.
+1. From the **Policy Signing Rules** page of the [App Control Wizard](https://aka.ms/wdacwizard), select **Add Custom Rule**.
 2. Check **Usermode Rule** as the Rule Scope, if not checked.
 3. Select either **Allow** or **Deny** for your Rule Action.
 4. Select **Packaged App** for your Rule Type.
@@ -78,7 +77,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o
 7. Select **Create Rule**.
 8. Create any other rules desired, then complete the Wizard.
 
-![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png)
+![Create PFN rule from App Control Wizard](../images/appcontrol-wizard-custom-pfn-rule.png)
 
 ##### Create a PFN rule using a custom string
 
@@ -91,4 +90,4 @@ Use the following steps to create a PFN rule with a custom string value:
 5. Select **Create Rule**.
 6. Create any other rules desired, then complete the Wizard.
 
-![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png)
+![Create PFN rule with custom string from App Control Wizard](../images/appcontrol-wizard-custom-manual-pfn-rule.png)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md
similarity index 99%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
rename to windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md
index 040d3f9949..3ce08b2022 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules.md
@@ -5,14 +5,13 @@ ms.localizationpriority: medium
 ms.collection:
 - tier3
 - must-keep
-ms.date: 01/24/2024
+ms.date: 09/11/2024
 ms.topic: how-to
 ---
 
 # Microsoft recommended driver block rules
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers. When vulnerabilities in drivers are found, we work with our partners to ensure they're quickly patched and rolled out to the ecosystem. The vulnerable driver blocklist is designed to help harden systems against non-Microsoft-developed drivers across the Windows ecosystem with any of the following attributes:
 
@@ -39,24 +38,24 @@ With Windows 11 2022 update, the vulnerable driver blocklist  is enabled by defa
 
 The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.
 
-Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we provide a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, use the following XML to create your own custom WDAC policies.
+Customers who always want the most up-to-date driver blocklist can also use App Control for Business to apply the latest recommended driver blocklist contained in this article. For your convenience, we provide a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, use the following XML to create your own custom App Control policies.
 
-## Blocking vulnerable drivers using WDAC
+## Blocking vulnerable drivers using App Control
 
-Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
+Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing App Control for Business policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](../deployment/audit-appcontrol-policies.md) and review the audit block events.
 
 > [!IMPORTANT]
-> Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy will prevent the existing driver from loading.
+> Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this App Control policy will prevent the existing driver from loading.
 
 ## Steps to download and apply the vulnerable driver blocklist binary
 
 If you prefer to apply the [vulnerable driver blocklist](#vulnerable-driver-blocklist-xml) exactly as shown, follow these steps:
 
-1. Download the [WDAC policy refresh tool](https://aka.ms/refreshpolicy)
+1. Download the [App Control policy refresh tool](https://aka.ms/refreshpolicy)
 2. Download and extract the [vulnerable driver blocklist binaries](https://aka.ms/VulnerableDriverBlockList)
 3. Select either the audit only version or the enforced version and rename the file to SiPolicy.p7b
 4. Copy SiPolicy.p7b to %windir%\system32\CodeIntegrity
-5. Run the WDAC policy refresh tool you downloaded in Step 1 above to activate and refresh all WDAC policies on your computer
+5. Run the App Control policy refresh tool you downloaded in Step 1 above to activate and refresh all App Control policies on your computer
 
 To check that the policy was successfully applied on your computer:
 
@@ -64,15 +63,15 @@ To check that the policy was successfully applied on your computer:
 2. Browse to **Applications and Services Logs - Microsoft - Windows - CodeIntegrity - Operational**
 3. Select **Filter Current Log...**
 4. Replace "&lt;All Event IDs&gt;" with "3099" and select OK.
-5. Look for a 3099 event where the PolicyNameBuffer and PolicyIdBuffer match the Name and Id PolicyInfo settings found at the bottom of the blocklist WDAC Policy XML in this article. NOTE: Your computer may have more than one 3099 event if other WDAC policies are also present.
+5. Look for a 3099 event where the PolicyNameBuffer and PolicyIdBuffer match the Name and Id PolicyInfo settings found at the bottom of the blocklist App Control Policy XML in this article. NOTE: Your computer may have more than one 3099 event if other App Control policies are also present.
 
 > [!NOTE]
-> If any vulnerable drivers are already running that would be blocked by the policy, you must reboot your computer for those drivers to be blocked. Running processes aren't shutdown when activating a new WDAC policy without reboot.
+> If any vulnerable drivers are already running that would be blocked by the policy, you must reboot your computer for those drivers to be blocked. Running processes aren't shutdown when activating a new App Control policy without reboot.
 
 ## Vulnerable driver blocklist XML
 
 > [!IMPORTANT]
-> The following policy contains **Allow All** rules. If your version of Windows supports WDAC multiple policies, we recommend deploying this policy alongside any existing WDAC policies. If you do plan to merge this policy with another policy, you may need to remove the **Allow All** rules before merging it if the other policy applies an explicit allow list. For more information, see [Create a WDAC Deny Policy](/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy#single-policy-considerations).
+> The following policy contains **Allow All** rules. If your version of Windows supports App Control multiple policies, we recommend deploying this policy alongside any existing App Control policies. If you do plan to merge this policy with another policy, you may need to remove the **Allow All** rules before merging it if the other policy applies an explicit allow list. For more information, see [Create an App Control Deny Policy](create-appcontrol-deny-policy.md#guidance-on-creating-app-control-deny-policies).
 
 > [!NOTE]
 > To use this policy with Windows Server 2016, you must convert the policy XML on a device running a newer operating system.
@@ -4756,4 +4755,4 @@ The following recommended blocklist xml policy file can also be downloaded from
 
 ## More information
 
-- [Merge Windows Defender Application Control policies](/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies)
+- [Merge App Control for Business policies](../deployment/merge-appcontrol-policies.md)
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md
new file mode 100644
index 0000000000..ff41a98da8
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/plan-appcontrol-management.md
@@ -0,0 +1,88 @@
+---
+title: Plan for App Control policy management
+description: Learn about the decisions you need to make to establish the processes for managing and maintaining App Control for Business policies.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# Plan for App Control for Business lifecycle policy management
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This article describes the decisions you need to make to establish the processes for managing and maintaining App Control for Business policies.
+
+## Policy XML lifecycle management
+
+The first step in implementing App Control is to consider how your policies will be managed and maintained over time. Developing a process for managing App Control for Business policies helps ensure that App Control continues to effectively control how applications are allowed to run in your organization.
+
+Most App Control for Business policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include:
+
+1. [Define (or refine) the "circle-of-trust"](understand-appcontrol-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing.
+2. [Deploy the audit mode policy](../deployment/audit-appcontrol-policies.md) to intended devices.
+3. [Monitor audit block events](../operations/event-id-explanations.md) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks.
+4. Repeat steps 2-3 until the remaining block events meet expectations.
+5. [Generate the enforced mode version](../deployment/enforce-appcontrol-policies.md) of the policy. In enforced mode, files that the policy doesn't allow are prevented from running and corresponding block events are generated.
+6. [Deploy the enforced mode policy](../deployment/appcontrol-deployment-guide.md) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
+7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
+
+![Recommended App Control policy deployment process.](../images/policyflow.png)
+
+### Keep App Control policies in a source control or document management solution
+
+To effectively manage App Control for Business policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for App Control policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents.
+
+### Set PolicyName, PolicyID, and Version metadata for each policy
+
+Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique policy ID. These unique attributes help you differentiate each policy when reviewing App Control for Business events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy.
+
+> [!NOTE]
+> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-appcontrol-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10.
+> PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy.
+
+In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0").
+
+### Policy rule updates
+
+You might need to revise your policy when new apps are deployed or existing apps are updated by the software publisher to ensure that apps run correctly. Whether policy rule updates are required will depend significantly on the types of rules your policy includes. Rules based on codesigning certificates provide the most resiliency against app changes while rules based on file attributes or hash are most likely to require updates when apps change. Alternatively, if you use App Control [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) functionality and consistently deploy all apps and their updates through your managed installer, then you're less likely to need policy updates.
+
+## App Control event management
+
+Each time that App Control blocks a process, events are written to either the CodeIntegrity\Operational or the AppLocker\MSI and Script Windows event logs. The event describes the file that tried to run, the attributes of that file and its signatures, and the process that attempted to run the blocked file.
+
+Collecting these events in a central location can help you maintain your App Control for Business policy and troubleshoot rule configuration problems. You can [use the Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent) to automatically collect your App Control events for analysis.
+
+Additionally, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) collects App Control events which can be queried using the [advanced hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md) feature.
+
+## Application and user support policy
+
+Considerations include:
+
+- What type of end-user support is provided for blocked applications?
+- How are new rules added to the policy?
+- How are existing rules updated?
+- Are events forwarded for review?
+
+### Help desk support
+
+If your organization has an established help desk support department in place, consider the following points when deploying App Control for Business policies:
+
+- What documentation does your support department require for new policy deployments?
+- What are the critical processes in each business group both in work flow and timing that will be affected by App Control policies and how could they affect your support department's workload?
+- Who are the contacts in the support department?
+- How will the support department resolve App Control issues between the end user and those resources who maintain the App Control for Business rules?
+
+### End-user support
+
+Because App Control for Business is preventing unapproved apps from running, it's important that your organization carefully plans how to provide end-user support. Considerations include:
+
+- Do you want to use an intranet site as a frontline of support for users who try to run a blocked app?
+- How do you want to support exceptions to the policy? Will you allow users to run a script to temporarily allow access to a blocked app?
+
+## Document your plan
+
+After deciding how your organization will manage your App Control for Business policy, record your findings.
+
+- **End-user support policy.** Document the process that you'll use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the App Control for Business policy, if necessary.
+- **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis.
+- **Policy management.** Detail what policies are planned, how they'll be managed, and how rules will be maintained over time.
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md
new file mode 100644
index 0000000000..16b4739600
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement.md
@@ -0,0 +1,62 @@
+---
+title: Understand App Control script enforcement
+description: App Control script enforcement
+ms.manager: jsuther
+ms.date: 09/11/2024
+ms.topic: conceptual
+ms.localizationpriority: medium
+---
+
+# Script enforcement with App Control for Business
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+> [!IMPORTANT]
+> Option **11 Disabled:Script Enforcement** is not supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and should not be used on those platforms. Doing so will result in unexpected script enforcement behaviors.
+
+## Script enforcement overview
+
+By default, script enforcement is enabled for all App Control policies unless the option **11 Disabled:Script Enforcement** is set in the policy. App Control script enforcement involves a handshake between an enlightened script host, such as PowerShell, and App Control. However, the script host handles the actual enforcement behavior. Some script hosts, like the Microsoft HTML Application Host (mshta.exe), block all code execution if any App Control UMCI policy is active. Most script hosts first ask App Control whether a script should be allowed to run based on the App Control policies currently active. The script host then either blocks, allows, or changes *how* the script is run to best protect the user and the device.
+
+Validation for signed scripts is done using the [WinVerifyTrust API](/windows/win32/api/wintrust/nf-wintrust-winverifytrust). To pass validation, the signature root must be present in the trusted root store on the device and your App Control policy must allow it. This behavior is different from App Control validation for executable files, which doesn't require installation of the root certificate.
+
+App Control shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks App Control if a script should be allowed, an event is logged with the answer App Control returned to the script host. For more information on App Control script enforcement events, see [Understanding App Control events](../operations/event-id-explanations.md#app-control-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects).
+
+> [!NOTE]
+> When a script runs that is not allowed by policy, App Control raises an event indicating that the script was "blocked." However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running.
+>
+> Also be aware that some script hosts may change how they behave even if an App Control policy is in audit mode only. You should review the script host specific information in this article and test thoroughly within your environment to ensure the scripts you need to run are working properly.
+
+## Enlightened script hosts that are part of Windows
+
+### PowerShell
+
+Your App Control policies must allow all PowerShell scripts (.ps1), modules (.psm1), and manifests (.psd1) for them to run with Full Language rights.
+
+Your App Control policies must also allow any **dependent modules** that are loaded by an allowed module, and module functions must be exported explicitly by name when App Control is enforced. Modules that don't specify any exported functions (no export name list) still load but no module functions are accessible. Modules that use wildcards (\*) in their name will fail to load.
+
+Any PowerShell script that isn't allowed by App Control policy still runs, but only in Constrained Language Mode.
+
+PowerShell **dot-sourcing** isn't recommended. Instead, scripts should use PowerShell modules to provide common functionality. If an allowed script file does try to run dot-sourced script files, those script files must also pass the policy.
+
+App Control puts **interactive PowerShell** into Constrained Language Mode if any App Control UMCI policy is enforced and *any* active App Control policy enables script enforcement, even if that policy is in audit mode. To run interactive PowerShell with Full Language rights, you must disable script enforcement for *all* policies.
+
+For more information, see [About Language Modes](/powershell/module/microsoft.powershell.core/about/about_language_modes) and [Constrained Language Mode](https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/).
+
+### VBscript, cscript, and jscript
+
+Your App Control policies must allow all scripts run using the Windows Based Script Host (wscript.exe) or the Microsoft Console Based Script Host (cscript.exe). If not, the script is blocked.
+
+### Microsoft HTML Application Host (MSHTA) and MSXML
+
+All code execution using MSHTA or MSXML is blocked if any App Control policy with script enforcement is active, even if that policy is in audit mode.
+
+### COM objects
+
+App Control additionally enforces a restricted allowlist for COM objects that your App Control policy can expand or further restrict. COM object enforcement **isn't** affected by option **11 Disabled:Script Enforcement**. For more information on how to allow or deny COM objects, see [Allow COM object registration](allow-com-object-registration-in-appcontrol-policy.md).
+
+## Scripts that aren't directly controlled by App Control
+
+App Control doesn't directly control code run via the Windows Command Processor (cmd.exe), including .bat/.cmd script files. However, anything that such a batch script tries to run is subject to App Control control. If you don't need to run cmd.exe, it's recommended to block it outright or allow it only by exception based on the calling process. See [Use an App Control for Business policy to control specific plug-ins, add-ins, and modules](use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md).
+
+App Control doesn't control scripts run through an unenlightened script host, such as many 3rd-party Java or Python engines. If your App Control policy allows an unenlightened script host to run, then you implicitly allow all scripts run through that host. For non-Microsoft script hosts, you should check with the software vendor whether their script hosts are enlightened to App Control policy.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md
similarity index 60%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
rename to windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md
index ce2f7e2e2f..8cdfe418ba 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create.md
@@ -1,66 +1,65 @@
 ---
-title: Understand Windows Defender Application Control (WDAC) policy rules and file rules
-description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
+title: Understand App Control for Business policy rules and file rules
+description: Learn how App Control policy rules and file rules can control your Windows 10 and Windows 11 computers.
 ms.localizationpriority: medium
-ms.date: 11/22/2023
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
-# Understand Windows Defender Application Control (WDAC) policy rules and file rules
+# Understand App Control for Business policy rules and file rules
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+App Control for Business can control what runs on your Windows devices by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how to identify applications your organization trusts.
+
+## App Control for Business policy rules
+
+To modify the policy rule options of an existing App Control policy XML, use the [App Control Policy Wizard](appcontrol-wizard.md) or the [Set-RuleOption](/powershell/module/configci/set-ruleoption) PowerShell cmdlet.
+
+You can set several rule options within an App Control policy. Table 1 describes each rule option, and whether supplemental policies can set them. Some rule options are reserved for future work or not supported.
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
-
-Windows Defender Application Control (WDAC) can control what runs on your Windows devices by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how to identify applications your organization trusts.
-
-## Windows Defender Application Control policy rules
-
-To modify the policy rule options of an existing WDAC policy XML, use the [WDAC Policy Wizard](/windows/security/threat-protection/windows-defender-application-control/wdac-wizard) or the [Set-RuleOption](/powershell/module/configci/set-ruleoption) PowerShell cmdlet.
-
-You can set several rule options within a WDAC policy. Table 1 describes each rule option, and whether supplemental policies can set them. Some rule options are reserved for future work or not supported.
-
-> [!NOTE]
-> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, applications run normally but WDAC logs events whenever a file runs that isn't allowed by the policy. To allow these files, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode.
+> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new App Control policies before you enforce them. With audit mode, applications run normally but App Control logs events whenever a file runs that isn't allowed by the policy. To allow these files, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode.
 >
-> Some apps may behave differently even when your policy is in audit mode. When an option may change behaviors in audit mode, that is noted in Table 1. You should always test your apps thoroughly when deploying significant updates to your WDAC policies.
+> Some apps may behave differently even when your policy is in audit mode. When an option may change behaviors in audit mode, that is noted in Table 1. You should always test your apps thoroughly when deploying significant updates to your App Control policies.
 
-### Table 1. Windows Defender Application Control policy - policy rule options
+### Table 1. App Control for Business policy - policy rule options
 
 | Rule option | Description | Valid supplemental option |
 |------------ | ----------- | ----------- |
-| **0 Enabled:UMCI** | WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | No |
+| **0 Enabled:UMCI** | App Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. | No |
 | **1 Enabled:Boot Menu Protection** | This option isn't currently supported. | No |
 | **2 Required:WHQL** | By default, kernel drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to run. Enabling this rule requires that every driver is WHQL signed and removes legacy driver support. Kernel drivers built for Windows 10 should be WHQL certified. | No |
-| **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No |
+| **3 Enabled:Audit Mode (Default)** | Instructs App Control to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your App Control policy, and use the audit events to refine the policy before enforcement. To enforce an App Control policy, delete this option. | No |
 | **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No |
 | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes |
 | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes |
 | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes |
 | **8 Required:EV Signers** | This option isn't currently supported. | No |
-| **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No |
-| **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a boot-critical driver fails during startup, the WDAC policy is placed in audit mode so that Windows loads. Administrators can validate the reason for the failure in the CodeIntegrity event log. | No |
-| **11 Disabled:Script Enforcement** | This option disables script enforcement options, covering PowerShell, Windows Based Script Host (wscript.exe), Windows Console Based Script Host (cscript.exe), HTA files run in Microsoft HTML Application Host (mshta.exe), and MSXML. Some script hosts may behave differently even when your policy is in audit mode. For more information on script enforcement, see [Script enforcement with WDAC](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement). <br/> NOTE: This option isn't supported on Windows Server 2016 or Windows 10 1607 LTSB and shouldn't be used on those operating systems. | No |
-| **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies also apply to Universal Windows applications. | No |
-| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | Yes |
+| **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all App Control policies. Setting this rule option allows the F8 menu to appear to physically present users. | No |
+| **10 Enabled:Boot Audit on Failure** | Used when the App Control policy is in enforcement mode. When a boot-critical driver fails during startup, the App Control policy is placed in audit mode so that Windows loads. Administrators can validate the reason for the failure in the CodeIntegrity event log. | No |
+| **11 Disabled:Script Enforcement** | This option disables script enforcement options, covering PowerShell, Windows Based Script Host (wscript.exe), Windows Console Based Script Host (cscript.exe), HTA files run in Microsoft HTML Application Host (mshta.exe), and MSXML. Some script hosts may behave differently even when your policy is in audit mode. For more information on script enforcement, see [Script enforcement with App Control](script-enforcement.md). <br/> NOTE: This option isn't supported on Windows Server 2016 or Windows 10 1607 LTSB and shouldn't be used on those operating systems. | No |
+| **12 Required:Enforce Store Applications** | If this rule option is enabled, App Control policies also apply to Universal Windows applications. | No |
+| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with an App Control managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | Yes |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft's Intelligent Security Graph (ISG). | Yes |
-| **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files previously authorized by the ISG.| No |
-| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot.<br/> NOTE: This option is only supported on Windows 10, version 1709 and later, or Windows Server 2019 and later.| No |
+| **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, App Control sets an extended file attribute that indicates that the file was authorized to run. This option causes App Control to periodically revalidate the reputation for files previously authorized by the ISG.| No |
+| **16 Enabled:Update Policy No Reboot** | Use this option to allow future App Control policy updates to apply without requiring a system reboot.<br/> NOTE: This option is only supported on Windows 10, version 1709 and later, or Windows Server 2019 and later.| No |
 | **17 Enabled:Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it.<br/> NOTE: This option is only supported on Windows 10, version 1903 and later, or Windows Server 2022 and later. | No |
 | **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator.<br/> NOTE: This option is only supported on Windows 10, version 1903 and later, or Windows Server 2022 and later. | Yes |
-| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries.<br/> NOTE: This option is only supported on Windows 10, version 1803 and later, or Windows Server 2019 and later.<br/> NOTE: This option is always enforced if *any* WDAC UMCI policy enables it. There's no audit mode for .NET dynamic code security hardening. | No |
+| **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries.<br/> NOTE: This option is only supported on Windows 10, version 1803 and later, or Windows Server 2019 and later.<br/> NOTE: This option is always enforced if *any* App Control UMCI policy enables it. There's no audit mode for .NET dynamic code security hardening. | No |
 | **20 Enabled:Revoked Expired As Unsigned** | Use this option to treat binaries signed with revoked certificates, or expired certificates with the Lifetime Signing EKU on the signature, as "Unsigned binaries" for user-mode process/components, under enterprise signing scenarios. | No |
 | **Enabled:Developer Mode Dynamic Code Trust** | Use this option to trust UWP apps that are [debugged in Visual Studio](/visualstudio/debugger/run-windows-store-apps-on-a-remote-machine) or deployed through device portal when Developer Mode is enabled on the system. | No |
 
-## Windows Defender Application Control file rule levels
+## App Control for Business file rule levels
 
-File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary, or as general as a CA certificate. You specify file rule levels when using the WDAC Wizard or WDAC PowerShell cmdlets to create and modify policies.
+File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary, or as general as a CA certificate. You specify file rule levels when using the App Control Wizard or App Control PowerShell cmdlets to create and modify policies.
 
-Each file rule level has advantages and disadvantages. Use Table 2 to select the appropriate protection level for your available administrative resources and WDAC deployment scenario.
+Each file rule level has advantages and disadvantages. Use Table 2 to select the appropriate protection level for your available administrative resources and App Control deployment scenario.
 
 > [!NOTE]
-> WDAC signer-based rules only work with RSA cryptography with a maximum key length of 4096 bits. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. Files can be allowed instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
+> App Control signer-based rules only work with RSA cryptography with a maximum key length of 4096 bits. ECC algorithms, such as ECDSA, aren't supported. If you try to allow files by signature based on ECC signatures, you'll see VerificationError = 23 on the corresponding 3089 signature information events. Files can be allowed instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
 
-### Table 2. Windows Defender Application Control policy - file rule levels
+### Table 2. App Control for Business policy - file rule levels
 
 | Rule level | Description |
 |----------- | ----------- |
@@ -70,7 +69,7 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the
 | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. |
 | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). |
 | **FilePublisher** | This level combines the "FileName" attribute of the signed file, plus "Publisher" (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. By default, this level uses the OriginalFileName attribute of the file's resource header. Use [-SpecificFileNameLevel](#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) to choose an alternative attribute, such as ProductName. |
-| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. |
+| **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the App Control policy must be updated whenever these certificates change. |
 | **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root because the scan doesn't resolve the complete certificate chain via the local root stores or with an online check. |
 | **RootCertificate** | Not supported. |
 | **WHQL** | Only trusts binaries that were submitted to Microsoft and signed by the Windows Hardware Qualification Lab (WHQL). This level is primarily for kernel binaries. |
@@ -78,7 +77,7 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the
 | **WHQLFilePublisher** | This level combines the "FileName" attribute of the signed file, plus "WHQLPublisher", plus a minimum version number. This level is primarily for kernel binaries. By default, this level uses the OriginalFileName attribute of the file's resource header. Use [-SpecificFileNameLevel](#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) to choose an alternative attribute, such as ProductName. |
 
 > [!NOTE]
-> When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+> When you create App Control policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
 
 > [!NOTE]
 > When applicable, minimum and maximum version numbers in a file rule are referenced as MinimumFileVersion and MaximumFileVersion respectively in the policy XML.
@@ -91,16 +90,16 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the
 
 For example, consider an IT professional in a department that runs many servers. They only want to run software signed by the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run.
 
-To create the WDAC policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They deploy the policy in auditing mode to determine the potential impact from enforcing the policy. With the help of the audit data, they update their WDAC policies to include any other software they want to run. Then they enable the WDAC policy in enforced mode for their servers.
+To create the App Control policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](/powershell/module/configci/new-cipolicy) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They deploy the policy in auditing mode to determine the potential impact from enforcing the policy. With the help of the audit data, they update their App Control policies to include any other software they want to run. Then they enable the App Control policy in enforced mode for their servers.
 
-As part of normal operations, they'll eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they don't need to update their WDAC policy. If the unsigned, internal application is updated, they must also update the WDAC policy to allow the new version.
+As part of normal operations, they'll eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they don't need to update their App Control policy. If the unsigned, internal application is updated, they must also update the App Control policy to allow the new version.
 
 ## File rule precedence order
 
-WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-wdac-with-intelligent-security-graph.md) if allowed by the policy.
+App Control has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, App Control checks for a [Managed Installer claim](../deployment/deploy-appcontrol-policies-with-memcm.md) if allowed by the policy. Lastly, App Control falls back to the [ISG](use-appcontrol-with-intelligent-security-graph.md) if allowed by the policy.
 
 > [!NOTE]
-> To make it easier to reason over your WDAC policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple WDAC policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies).
+> To make it easier to reason over your App Control policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple App Control policies](deploy-multiple-appcontrol-policies.md).
 
 ## Use -SpecificFileNameLevel with FileName, FilePublisher, or WHQLFilePublisher level rules
 
@@ -125,19 +124,19 @@ Filepath rules don't provide the same security guarantees that explicit signer r
 
 ### User-writable filepaths
 
-By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath only allow write access for admin users.
+By default, App Control performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath only allow write access for admin users.
 
-There's a defined list of SIDs that WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described earlier.
+There's a defined list of SIDs that App Control recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override App Control's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described earlier.
 
-WDAC's list of well-known admin SIDs are:
+App Control's list of well-known admin SIDs are:
 
 S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523.
 
 When filepath rules are generated using [New-CIPolicy](/powershell/module/configci/new-cipolicy), a unique, fully qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use [New-CIPolicyRule](/powershell/module/configci/new-cipolicyrule) to define rules containing wildcards, using the [-FilePathRules](/powershell/module/configci/new-cipolicyrule#parameters) switch.
 
-### Using wildcards in WDAC filepath rules
+### Using wildcards in App Control filepath rules
 
-The following wildcards can be used in WDAC filepath rules:
+The following wildcards can be used in App Control filepath rules:
 
 | Wildcard character | Meaning | Supported operating systems |
 |------------ | ----------- | ----------- |
@@ -157,30 +156,30 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE%
 |------------ | ----------- | ----------- |
 | **C:\\Windows\\\*** <br> **D:\\EnterpriseApps\\MyApp\\\*** <br> **%OSDRIVE%\\Windows\\\*** | Wildcards placed at the end of a path authorize all files in the immediate path and its subdirectories recursively. | Windows 11, Windows 10, and Windows Server 2022 |
 | **\*\\bar.exe** | Wildcards placed at the beginning of a path allow the exact specified filename in any location. | Windows 11, Windows 10, and Windows Server 2022 |
-| **C:\\\*\\CCMCACHE\\\*\\7z????-x64.exe** <br> **%OSDRIVE%\\\*\\CCMCACHE\\\*\\7z????-x64.exe** | Wildcards used in the middle of a path allow all files that match that pattern. Consider carefully all the possible matches, particularly if your policy disables the admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option. In this example, both of these hypothetical paths would match: <br> *`C:\WINDOWS\CCMCACHE\12345\7zabcd-x64.exe`* <br> *`C:\USERS\WDACUSER\Downloads\Malware\CCMCACHE\Pwned\7zhaha-x64.exe`* | Windows 11 only |
+| **C:\\\*\\CCMCACHE\\\*\\7z????-x64.exe** <br> **%OSDRIVE%\\\*\\CCMCACHE\\\*\\7z????-x64.exe** | Wildcards used in the middle of a path allow all files that match that pattern. Consider carefully all the possible matches, particularly if your policy disables the admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option. In this example, both of these hypothetical paths would match: <br> *`C:\WINDOWS\CCMCACHE\12345\7zabcd-x64.exe`* <br> *`C:\USERS\AppControlUSER\Downloads\Malware\CCMCACHE\Pwned\7zhaha-x64.exe`* | Windows 11 only |
 
 Without a wildcard, the filepath rule allows only a specific file (ex. `C:\foo\bar.exe`).
 
 > [!NOTE]
-> When authoring WDAC policies with Configuration Manager, there is an option to create rules for specified files and folders. These rules **aren't** WDAC filepath rules. Rather, Configuration Manager performs a one-time scan of the specified files and folders and builds rules for any binaries found in those locations at the time of that scan. File changes to those specified files and folders after that scan won't be allowed unless the Configuration Manager policy is reapplied.
+> When authoring App Control policies with Configuration Manager, there is an option to create rules for specified files and folders. These rules **aren't** App Control filepath rules. Rather, Configuration Manager performs a one-time scan of the specified files and folders and builds rules for any binaries found in those locations at the time of that scan. File changes to those specified files and folders after that scan won't be allowed unless the Configuration Manager policy is reapplied.
 
 ## More information about hashes
 
-WDAC uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calculating the hash of a file. Unlike the more commonly known [flat file hash](/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum, the Certificate Table, and the Attribute Certificate Table. Therefore, the Authenticode hash of a file doesn't change when the file's signatures and timestamps are altered, or when a digital signature is removed from the file. With the help of the Authenticode hash, WDAC provides added security and less management overhead so customers don't need to revise the policy hash rules when the digital signature on the file is updated.
+App Control uses the [Authenticode/PE image hash algorithm](https://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx) when calculating the hash of a file. Unlike the more commonly known [flat file hash](/powershell/module/microsoft.powershell.utility/get-filehash), the Authenticode hash calculation omits the file's checksum, the Certificate Table, and the Attribute Certificate Table. Therefore, the Authenticode hash of a file doesn't change when the file's signatures and timestamps are altered, or when a digital signature is removed from the file. With the help of the Authenticode hash, App Control provides added security and less management overhead so customers don't need to revise the policy hash rules when the digital signature on the file is updated.
 
 The Authenticode/PE image hash can be calculated for digitally signed and unsigned files.
 
 ### Why does scan create four hash rules per XML file?
 
 The PowerShell cmdlet produces an Authenticode Sha1 Hash, Sha256 Hash, Sha1 Page Hash, Sha256 Page Hash.
-During validation, WDAC selects which hashes are calculated based on how the file is signed and the scenario in which the file is used.  For example, if the file is page-hash signed, WDAC validates each page of the file and avoids loading the entire file in memory to calculate the full sha256 authenticode hash.
+During validation, App Control selects which hashes are calculated based on how the file is signed and the scenario in which the file is used.  For example, if the file is page-hash signed, App Control validates each page of the file and avoids loading the entire file in memory to calculate the full sha256 authenticode hash.
 
-In the cmdlets, rather than try to predict which hash will be used, we precalculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already.
+In the cmdlets, rather than try to predict which hash will be used, we precalculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This method is also resilient to changes in how the file is signed since your App Control policy has more than one hash available for the file already.
 
 ### Why does scan create eight hash rules for certain files?
 
 Separate rules are created for UMCI and KMCI. If the cmdlets can't determine that a file only runs in user-mode or in the kernel, then rules are created for both signing scenarios out of an abundance of caution. If you know that a particular file only loads in either user-mode or kernel, then you can safely remove the extra rules.
 
-### When does WDAC use the flat file hash value?
+### When does App Control use the flat file hash value?
 
-There are some rare cases where a file's format doesn't conform to the Authenticode spec and so WDAC falls back to use the flat file hash. This behavior can occur for many reasons, such as if changes are made to the in-memory version of the file at runtime. In such cases, you'll see that the hash shown in the correlated 3089 signature information event matches the flat file hash from the 3076/3077 block event. To create rules for files with an invalid format, you can add hash rules to the policy for the flat file hash using the WDAC Wizard or by editing the policy XML directly.
+There are some rare cases where a file's format doesn't conform to the Authenticode spec and so App Control falls back to use the flat file hash. This behavior can occur for many reasons, such as if changes are made to the in-memory version of the file at runtime. In such cases, you'll see that the hash shown in the correlated 3089 signature information event matches the flat file hash from the 3076/3077 block event. To create rules for files with an invalid format, you can add hash rules to the policy for the flat file hash using the App Control Wizard or by editing the policy XML directly.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md
similarity index 53%
rename from windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
rename to windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md
index abaeda5f34..f808763724 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/app-control-for-business/design/understand-appcontrol-policy-design-decisions.md
@@ -1,21 +1,20 @@
 ---
-title: Understand Windows Defender Application Control policy design decisions
-description: Understand Windows Defender Application Control policy design decisions.
+title: Understand App Control for Business policy design decisions
+description: Understand App Control for Business policy design decisions.
 ms.localizationpriority: medium
-ms.date: 02/08/2018
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
-# Understand Windows Defender Application Control policy design decisions
+# Understand App Control for Business policy design decisions
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment.
+This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning App Control policies deployment using App Control for Business, within a Windows operating system environment.
 
-When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance.
+When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent App Control policy maintenance.
 
-You should consider using Windows Defender Application Control as part of your organization's application control policies if the following are true:
+You should consider using App Control for Business as part of your organization's App Control policies if the following are true:
 
 -   You have deployed or plan to deploy the supported versions of Windows in your organization.
 -   You need improved control over the access to your organization's applications and the data your users access.
@@ -26,28 +25,28 @@ You should consider using Windows Defender Application Control as part of your o
 
 ## Decide what policies to create
 
-Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-wdac-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create.
+Beginning with Windows 10, version 1903, App Control for Business allows [multiple simultaneous policies](deploy-multiple-appcontrol-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create.
 
-The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML.
+The first step is to define the desired "circle-of-trust" for your App Control policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML.
 
 For example, the DefaultWindows policy, which can be found under %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies, establishes a "circle-of-trust" that allows Windows, 3rd-party hardware and software kernel drivers, and applications from the Microsoft Store.
 
-Configuration Manager uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This process establishes the "circle-of-trust" for Configuration Manager's native WDAC integration.
+Configuration Manager uses the DefaultWindows policy as the basis for its policy but then modifies the policy rules to allow Configuration Manager and its dependencies, sets the managed installer policy rule, and additionally configures Configuration Manager as a managed installer. It also can optionally authorize apps with positive reputation and perform a one-time scan of folder paths specified by the Configuration Manager administrator, which adds rules for any apps found in the specified paths on the managed endpoint. This process establishes the "circle-of-trust" for Configuration Manager's native App Control integration.
 
-The following questions can help you plan your Windows Defender Application Control deployment and determine the right "circle-of-trust" for your policies. They aren't in priority or sequential order, and aren't meant to be an exhaustive set of design considerations.
+The following questions can help you plan your App Control for Business deployment and determine the right "circle-of-trust" for your policies. They aren't in priority or sequential order, and aren't meant to be an exhaustive set of design considerations.
 
-## WDAC design considerations
+## App Control design considerations
 
 ### How are apps managed and deployed in your organization?
 
-Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy Windows Defender Application Control with more relaxed rules, or may choose to deploy WDAC in audit mode to gain better visibility to the apps being used in their organization.
+Organizations with well-defined, centrally managed app management and deployment processes can create more restrictive, more secure policies. Other organizations may be able to deploy App Control for Business with more relaxed rules, or may choose to deploy App Control in audit mode to gain better visibility to the apps being used in their organization.
 
 | Possible answers | Design considerations|
 | - | - |
-| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
-| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-wdac-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. |
-| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
-| Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.|
+| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for App Control. App Control for Business options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
+| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-appcontrol-policies.md) can be used to allow team-specific exceptions to your core organization-wide App Control for Business policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. |
+| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | App Control for Business can integrate with Microsoft's [Intelligent Security Graph](use-appcontrol-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
+| Users and teams are free to download and install apps without restriction. | App Control for Business policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.|
 
 ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed?
 
@@ -55,17 +54,17 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 
 | Possible answers | Design considerations |
 | - | - |
-| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
+| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. App Control for Business rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
+| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-appcontrol.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
 
-### Are there specific groups in your organization that need customized application control policies?
+### Are there specific groups in your organization that need customized App Control policies?
 
-Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
+Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy App Control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
 
 | Possible answers | Design considerations |
 | - | - |
-| Yes | WDAC policies can be created unique per team, or team-specific supplemental policies can be used to expand what is allowed by a common, centrally defined base policy.|
-| No | WDAC policies can be applied globally to applications that are installed on PCs running Windows 10 and Windows 11. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|
+| Yes | App Control policies can be created unique per team, or team-specific supplemental policies can be used to expand what is allowed by a common, centrally defined base policy.|
+| No | App Control policies can be applied globally to applications that are installed on PCs running Windows 10 and Windows 11. Depending on the number of apps you need to control, managing all the rules and exceptions might be challenging.|
 
 ### Does your IT department have resources to analyze application usage, and to design and manage the policies?
 
@@ -73,7 +72,7 @@ The time and resources that are available to you to perform the research and ana
 
 | Possible answers | Design considerations |
 | - | - |
-| Yes | Invest the time to analyze your organization's application control requirements, and plan a complete deployment that uses rules that are constructed as possible.|
+| Yes | Invest the time to analyze your organization's App Control requirements, and plan a complete deployment that uses rules that are constructed as possible.|
 | No | Consider a focused and phased deployment for specific groups by using few rules. As you apply controls to applications in a specific group, learn from that deployment to plan your next deployment. Alternatively, you can create a policy with a broad trust profile to authorize as many apps as possible. |
 
 ### Does your organization have Help Desk support?
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md b/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md
new file mode 100644
index 0000000000..995deda446
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/understanding-appcontrol-policy-settings.md
@@ -0,0 +1,72 @@
+---
+title: Understanding App Control for Business secure settings
+description: Learn about secure settings in App Control for Business.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: conceptual
+---
+
+# Understanding App Control Policy Settings
+
+App Control for Business policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, ValueName, and a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
+
+An example settings section of an App Control for Business policy:
+
+```xml
+<Settings>
+  <Setting Provider="Contoso" Key="FooApplication" ValueName="DisableMacroExecution">
+    <Value>
+      <Boolean>true</Boolean>
+    </Value>
+  </Setting>
+</Settings>
+```
+
+## Example Scenario
+
+An application that may want to restrict its capabilities, when used on a system with an active App Control for Business policy. Application authors can define an App Control policy, setting their application queries, in order to disable certain features. For example, if Contoso's Foo Application wants to disable a risky feature, such as macro execution, they can define an App Control policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their App Control policy, if they don't want Foo Application to execute macros on a system with an App Control policy.
+
+## WldpQuerySecurityPolicy
+
+API that queries the secure settings of an App Control for Business policy.
+
+### Syntax
+
+``` C++
+HRESULT WINAPI WldpQuerySecurityPolicy(
+    _In_ const UNICODE_STRING * Provider,
+    _In_ const UNICODE_STRING * Key,
+    _In_ const UNICODE_STRING * ValueName,
+    _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType,
+    _Out_writes_bytes_opt_(*ValueSize) PVOID Value,
+    _Inout_ PULONG ValueSize)
+```
+
+### Parameters
+
+Provider [in]
+Setting Provider name.
+
+#### Key [in]
+
+Key name of the Key-Value pair under Setting Provider "Provider".
+
+#### ValueName [in]
+
+The value name of the "Key-Value" pair.
+
+#### ValueType [in, out]
+
+Pointer to receive the value type.
+
+#### Value [in, out]
+
+Pointer to a buffer to receive the value. The buffer should be of size "ValueSize". If this value is NULL, this function returns the required buffer size for Value.
+
+#### ValueSize [in, out]
+
+On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer.
+
+#### Return Value
+
+This method returns S_OK if successful or a failure code otherwise.
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md
new file mode 100644
index 0000000000..d6fdc8e670
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -0,0 +1,32 @@
+---
+title: Use an App Control for Business policy to control specific plug-ins, add-ins, and modules
+description: App Control policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# Use an App Control for Business policy to control specific plug-ins, add-ins, and modules
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+You can use App Control for Business policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
+
+| Approach | Guideline |
+|---|---|
+| You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use `New-CIPolicyRule` with the `-AppID` option. |
+| In addition, you can work  from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use `New-CIPolicyRule` with the `-AppID` and `-Deny` options. |
+
+For example, to add rules to an App Control policy called "Lamna_FullyManagedClients_Audit.xml" that allow **addin1.dll** and **addin2.dll** to be run by **ERP1.exe**, Lamna's enterprise resource planning (ERP) application, run the following commands. In the second command, **+=** is used to add a second rule to the **$rule** variable:
+
+```powershell
+$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
+$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
+```
+
+As another example, to create an App Control for Business policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application. Once you have all the rules you want, you can merge them into an existing App Control policy using the Merge-CIPolicy cmdlet as shown here:
+
+```powershell
+$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
+Merge-CIPolicy -OutputFilePath .\Lamna_FullyManagedClients_Audit.xml -PolicyPaths .\Lamna_FullyManagedClients_Audit.xml -Rules $rule
+```
diff --git a/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md
new file mode 100644
index 0000000000..14ebfd9259
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph.md
@@ -0,0 +1,96 @@
+---
+title: Authorize reputable apps with the Intelligent Security Graph (ISG)
+description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# Authorize reputable apps with the Intelligent Security Graph (ISG)
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+App Control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective App Control policy.
+
+To reduce end-user friction and helpdesk calls, you can set App Control for Business to automatically allow applications that Microsoft's Intelligent Security Graph (ISG) recognizes as having known good reputation. The ISG option helps organizations begin to implement App Control even when the organization has limited control over their app ecosystem. To learn more about the ISG, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services).
+
+> [!WARNING]
+> Binaries that are critical to boot the system must be allowed using explicit rules in your App Control policy. Do not rely on the ISG to authorize these files.
+>
+> The ISG option is not the recommended way to allow apps that are business critical. You should always authorize business critical apps using explicit allow rules or by installing them with a [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md).
+
+## How does App Control work with the ISG?
+
+The ISG isn't a "list" of apps. Rather, it uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good", "known bad", or "unknown" reputation. This cloud-based AI is based on trillions of signals collected from Windows endpoints and other data sources, and processed every 24 hours. As a result, the decision from the cloud can change.
+
+App Control only checks the ISG for binaries that aren't explicitly allowed or denied by your policy, and that weren't installed by a managed installer. When such a binary runs on a system with App Control enabled with the ISG option, App Control will check the file's reputation by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, then the file will be allowed to run. Otherwise, it will be blocked by App Control.
+
+If the file with good reputation is an application installer, the installer's reputation will pass along to any files that it writes to disk. This way, all the files needed to install and run an app inherit the positive reputation data from the installer. Files authorized based on the installer's reputation will have the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) written to the file.
+
+App Control periodically requeries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option.
+
+## Configuring ISG authorization for your App Control policy
+
+Setting up the ISG is easy using any management solution you wish. Configuring the ISG option involves these basic steps:
+
+- [Ensure that the **Enabled:Intelligent Security Graph authorization** option is set in the App Control policy XML](#ensure-that-the-isg-option-is-set-in-the-app-control-policy-xml)
+- [Enable the necessary services to allow App Control to use the ISG correctly on the client](#enable-the-necessary-services-to-allow-app-control-to-use-the-isg-correctly-on-the-client)
+
+### Ensure that the ISG option is set in the App Control policy XML
+
+To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the App Control policy. This step can be done with the Set-RuleOption cmdlet. You should also set the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option isn't recommended for devices that don't have regular access to the internet. The following example shows both options set.
+
+```xml
+<Rules>
+    <Rule>
+      <Option>Enabled:Unsigned System Integrity Policy</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Advanced Boot Options Menu</Option>
+    </Rule>
+    <Rule>
+      <Option>Required:Enforce Store Applications</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:UMCI</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Managed Installer</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Intelligent Security Graph Authorization</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Invalidate EAs on Reboot</Option>
+    </Rule>
+</Rules>
+```
+
+### Enable the necessary services to allow App Control to use the ISG correctly on the client
+
+In order for the heuristics used by the ISG to function properly, other components in Windows must be enabled. You can configure these components by running the appidtel executable in `c:\windows\system32`.
+
+```console
+appidtel start
+```
+
+This step isn't required for App Control policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using Configuration Manager's App Control integration.
+
+## Security considerations with the ISG option
+
+Since the ISG is a heuristic-based mechanism, it doesn't provide the same security guarantees as explicit allow or deny rules. It's best suited where users operate with standard user rights and where a security monitoring solution like Microsoft Defender for Endpoint is used.
+
+Processes running with kernel privileges can circumvent App Control by setting the ISG extended file attribute to make a binary appear to have known good reputation.
+
+Also, since the ISG option passes along reputation from app installers to the binaries they write to disk, it can over-authorize files in some cases. For example, if the installer launches the app upon completion, any files the app writes during that first run will also be allowed.
+
+## Known limitations with using the ISG
+
+Since the ISG only allows binaries that are "known good", there are cases where the ISG may be unable to predict whether legitimate software is safe to run. If that happens, the software will be blocked by App Control. In this case, you need to allow the software with a rule in your App Control policy, deploy a catalog signed by a certificate trusted in the App Control policy, or install the software from an App Control managed installer. Installers or applications that dynamically create binaries at runtime, and self-updating applications, may exhibit this symptom.
+
+Packaged apps aren't supported with the ISG and will need to be separately authorized in your App Control policy. Since packaged apps have a strong app identity and must be signed, it's straightforward to [authorize packaged apps](manage-packaged-apps-with-appcontrol.md) with your App Control policy.
+
+The ISG doesn't authorize kernel mode drivers. The App Control policy must have rules that allow the necessary drivers to run.
+
+> [!NOTE]
+> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in App Control support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using App Control will need to deploy a custom App Control policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-appcontrol-policies-using-intune.md#deploy-app-control-policies-with-custom-oma-uri).
diff --git a/windows/security/application-security/application-control/app-control-for-business/feature-availability.md b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md
new file mode 100644
index 0000000000..378c52a9d2
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/feature-availability.md
@@ -0,0 +1,30 @@
+---
+title: App Control for Business feature availability
+description: Compare App Control for Business and AppLocker feature availability.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: overview
+---
+
+# App Control for Business and AppLocker feature availability
+
+> [!NOTE]
+> Some capabilities of App Control for Business are only available on specific Windows versions. Review the following table to learn more.
+
+| Capability  | App Control for Business | AppLocker   |
+|-------------|------|-------------|
+| Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later.  | Available on Windows 8 or later.   |
+| Edition availability     | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> App Control PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul>|
+| Management solutions   | <ul><li>[Intune](deployment/deploy-appcontrol-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](deployment/deploy-appcontrol-policies-using-group-policy.md) </li><li>[Script](deployment/deploy-appcontrol-policies-with-script.md)</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
+| Per-user and Per-user group rules | Not available (policies are device-wide).  | Available on Windows 8+.  |
+| Kernel mode policies  | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
+| [Rule option 11 - Disabled:Script Enforcement](design/script-enforcement.md)  | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. **Disabled:Script Enforcement** isn't supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and shouldn't be used on those platforms. Doing so results in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. |
+| [Per-app rules](design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
+| [Managed Installer (MI)](design/configure-authorized-apps-deployed-with-a-managed-installer.md)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
+| [Reputation-Based intelligence](design/use-appcontrol-with-intelligent-security-graph.md)     | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
+| [Multiple policy support](design/deploy-multiple-appcontrol-policies.md) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022.  | Not available.  |
+| [Path-based rules](design/select-types-of-rules-to-create.md) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default.  | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
+| [COM object allowlisting](design/allow-com-object-registration-in-appcontrol-policy.md) | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
+| [Packaged app rules](design/manage-packaged-apps-with-appcontrol.md) | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Available on Windows 8+. |
+| Enforceable file types | <ul><li>Driver files: .sys</li><li>Executable files: .exe and .com</li><li>DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>| <ul><li>Executable files: .exe and .com</li><li>[Optional] DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .bat, .cmd, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>|
+| [Application ID (AppId) Tagging](AppIdTagging/appcontrol-appid-tagging-guide.md) | Available on Windows 10, version 20H1 and later, and Windows 11. | Not available. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-edit-gp.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-edit-gp.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-intune-custom-oma-uri.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-intune-custom-oma-uri.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-confirm-base-policy-modification.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-confirm-base-policy-modification.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-file-attribute-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-file-attribute-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-manual-pfn-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-manual-pfn-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-pfn-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-pfn-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-publisher-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-custom-publisher-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-policy-rules.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-policy-rules.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-remove-file-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-edit-remove-file-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files-expanded.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files-expanded.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-files.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export-expanded.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export-expanded.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-export.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing-expanded.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-mde-ah-parsing.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system-expanded.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system-expanded.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-log-system.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation-expanded.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation-expanded.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-event-rule-creation.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-merge.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-merge.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI-advanced-collapsed.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-rule-options-UI.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-expandable.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-expandable.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-not-base.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-not-base.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-policy-rule-options-UI.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-supplemental-policy-rule-options-UI.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png b/windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-template-selection.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appcontrol-wizard-template-selection.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-1.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-1.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-2.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appid-appcontrol-wizard-2.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-task-mgr.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-task-mgr.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg-token.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg-token.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png b/windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png
rename to windows/security/application-security/application-control/app-control-for-business/images/appid-pid-windbg.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/bit-toggling-keyboard-icon.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png
rename to windows/security/application-security/application-control/app-control-for-business/images/bit-toggling-keyboard-icon.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/calculator-menu-icon.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png
rename to windows/security/application-security/application-control/app-control-for-business/images/calculator-menu-icon.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/application-security/application-control/app-control-for-business/images/calculator-with-hex-in-binary.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png
rename to windows/security/application-security/application-control/app-control-for-business/images/calculator-with-hex-in-binary.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig12-verifysigning.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig12-verifysigning.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig13-createnewgpo.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig13-createnewgpo.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig14-createnewfile.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig14-createnewfile.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig15-setnewfileprops.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig15-setnewfileprops.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig16-specifyinfo.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig16-specifyinfo.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig17-specifyinfo.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig17-specifyinfo.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig18-specifyux.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig18-specifyux.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig19-customsettings.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig19-customsettings.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig20-setsoftwareinv.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig20-setsoftwareinv.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig21-pathproperties.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig21-pathproperties.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig23-exceptionstocode.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig23-exceptionstocode.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig24-creategpo.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig24-creategpo.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig26-enablecode.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig26-enablecode.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig27-managecerttemp.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig27-managecerttemp.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig29-enableconstraints.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig29-enableconstraints.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig30-selectnewcert.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig30-selectnewcert.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/application-security/application-control/app-control-for-business/images/dg-fig31-getmoreinfo.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png
rename to windows/security/application-security/application-control/app-control-for-business/images/dg-fig31-getmoreinfo.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3077.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png
rename to windows/security/application-security/application-control/app-control-for-business/images/event-3077.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3089.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png
rename to windows/security/application-security/application-control/app-control-for-business/images/event-3089.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png b/windows/security/application-security/application-control/app-control-for-business/images/event-3099-options.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png
rename to windows/security/application-security/application-control/app-control-for-business/images/event-3099-options.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png b/windows/security/application-security/application-control/app-control-for-business/images/hex-icon.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png
rename to windows/security/application-security/application-control/app-control-for-business/images/hex-icon.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png b/windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule-xml.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png
rename to windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule-xml.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png b/windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png
rename to windows/security/application-security/application-control/app-control-for-business/images/known-issue-appid-dll-rule.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-confirm-appcontrol-rule.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-confirm-appcontrol-rule.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy-2.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy-2.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-policy.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-2.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-2.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-3.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule-3.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-create-appcontrol-rule.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-2.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-2.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-3.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-3.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-4.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol-4.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg b/windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol.jpg
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg
rename to windows/security/application-security/application-control/app-control-for-business/images/memcm/memcm-deploy-appcontrol.jpg
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png b/windows/security/application-security/application-control/app-control-for-business/images/policyflow.png
similarity index 100%
rename from windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png
rename to windows/security/application-security/application-control/app-control-for-business/images/policyflow.png
diff --git a/windows/security/application-security/application-control/app-control-for-business/includes/feature-availability-note.md b/windows/security/application-security/application-control/app-control-for-business/includes/feature-availability-note.md
new file mode 100644
index 0000000000..52d0be397b
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/includes/feature-availability-note.md
@@ -0,0 +1,9 @@
+---
+author: vinaypamnani-msft
+ms.author: vinpa
+ms.topic: include
+ms.date: 09/11/2024
+---
+
+> [!NOTE]
+> Some capabilities of App Control for Business are only available on specific Windows versions. Learn more about [App Control feature availability](../feature-availability.md).
\ No newline at end of file
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/app-control-for-business/index.yml
similarity index 51%
rename from windows/security/application-security/application-control/windows-defender-application-control/index.yml
rename to windows/security/application-security/application-control/app-control-for-business/index.yml
index 04252abe74..576efefff8 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml
+++ b/windows/security/application-security/application-control/app-control-for-business/index.yml
@@ -3,12 +3,12 @@
 title: Application Control for Windows
 metadata:
   title: Application Control for Windows
-  description: Landing page for Windows Defender Application Control
+  description: Landing page for App Control for Business
   ms.topic: landing-page
   author: vinaypamnani-msft
   ms.author: vinpa
   manager: aaroncz
-  ms.date: 08/14/2024
+  ms.date: 09/11/2024
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects
@@ -19,45 +19,43 @@ landingContent:
       - linkListType: overview
         links:
           - text: What is Application Control?
-            url: wdac.md
-          - text: What is Windows Defender Application Control (WDAC)?
-            url: wdac-and-applocker-overview.md
+            url: appcontrol.md
           - text: What is AppLocker?
             url: applocker\applocker-overview.md
-          - text: WDAC and AppLocker feature availability
-            url: feature-availability.md
+          - text: App Control and AppLocker overview
+            url: appcontrol-and-applocker-overview.md
   # Card
   - title: Learn about Policy Design
     linkLists:
       - linkListType: overview
         links:
-          - text: Using code signing to simplify application control
+          - text: Using code signing to simplify app control
             url: deployment/use-code-signing-for-better-control-and-protection.md
-          - text: Applications that can bypass WDAC and how to block them
-            url: design/applications-that-can-bypass-wdac.md
+          - text: Applications that can bypass App Control and how to block them
+            url: design/applications-that-can-bypass-appcontrol.md
           - text: Microsoft's Recommended Driver Blocklist
             url: design/microsoft-recommended-driver-block-rules.md
-          - text: Example WDAC policies
-            url: design/example-wdac-base-policies.md
+          - text: Example App Control policies
+            url: design/example-appcontrol-base-policies.md
           - text: Managing multiple policies
-            url: design/deploy-multiple-wdac-policies.md
+            url: design/deploy-multiple-appcontrol-policies.md
       - linkListType: how-to-guide
         links:
-          - text: Create a WDAC policy for a lightly managed device
-            url: design/create-wdac-policy-for-lightly-managed-devices.md
-          - text: Create a WDAC policy for a fully managed device
-            url: design/create-wdac-policy-for-fully-managed-devices.md
-          - text: Create a WDAC policy for a fixed-workload
-            url: design/create-wdac-policy-using-reference-computer.md
-          - text: Create a WDAC blocklist policy
-            url: design/create-wdac-deny-policy.md
-          - text: Deploying catalog files for WDAC management
-            url: deployment/deploy-catalog-files-to-support-wdac.md
-          - text: Using the WDAC Wizard
-            url: design/wdac-wizard.md
+          - text: Create an App Control policy for a lightly managed device
+            url: design/create-appcontrol-policy-for-lightly-managed-devices.md
+          - text: Create an App Control policy for a fully managed device
+            url: design/create-appcontrol-policy-for-fully-managed-devices.md
+          - text: Create an App Control policy for a fixed-workload
+            url: design/create-appcontrol-policy-using-reference-computer.md
+          - text: Create an App Control blocklist policy
+            url: design/create-appcontrol-deny-policy.md
+          - text: Deploying catalog files for App Control management
+            url: deployment/deploy-catalog-files-to-support-appcontrol.md
+          - text: Using the App Control Wizard
+            url: design/appcontrol-wizard.md
       #- linkListType: Tutorial (videos)
       #  links:
-      #    - text: Using the WDAC Wizard
+      #    - text: Using the App Control Wizard
       #      url:  video md
       #    - text: Specifying custom values
       #      url:  video md
@@ -68,50 +66,50 @@ landingContent:
         links:
           - text: Understanding policy and file rules
             url: design/select-types-of-rules-to-create.md
-          - text: Understanding WDAC secure settings
-            url: design/understanding-wdac-policy-settings.md
+          - text: Understanding App Control secure settings
+            url: design/understanding-appcontrol-policy-settings.md
       - linkListType: how-to-guide
         links:
           - text: Allow managed installer and configure managed installer rules
             url: design/configure-authorized-apps-deployed-with-a-managed-installer.md
           - text: Allow reputable apps with ISG
-            url: design/use-wdac-with-intelligent-security-graph.md
+            url: design/use-appcontrol-with-intelligent-security-graph.md
           - text: Managed MSIX and Appx Packaged Apps
-            url: design/manage-packaged-apps-with-wdac.md
+            url: design/manage-packaged-apps-with-appcontrol.md
           - text: Allow com object registration
-            url: design/allow-com-object-registration-in-wdac-policy.md
+            url: design/allow-com-object-registration-in-appcontrol-policy.md
           - text: Manage plug-ins, add-ins, and modules
-            url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+            url: design/use-appcontrol-policy-to-control-specific-plug-ins-add-ins-and-modules.md
   # Card
-  - title: Learn how to deploy WDAC Policies
+  - title: Learn how to deploy App Control Policies
     linkLists:
       - linkListType: overview
         links:
           - text: Using signed policies to protect against tampering
-            url: deployment/use-signed-policies-to-protect-wdac-against-tampering.md
+            url: deployment/use-signed-policies-to-protect-appcontrol-against-tampering.md
           - text: Audit mode policies
-            url: deployment/audit-wdac-policies.md
+            url: deployment/audit-appcontrol-policies.md
           - text: Enforcement mode policies
-            url: deployment/enforce-wdac-policies.md
-          - text: Disabling WDAC policies
-            url: deployment/disable-wdac-policies.md
+            url: deployment/enforce-appcontrol-policies.md
+          - text: Disabling App Control policies
+            url: deployment/disable-appcontrol-policies.md
       - linkListType: tutorial
         links:
           - text: Deployment with MDM
-            url: deployment/deploy-wdac-policies-using-intune.md
+            url: deployment/deploy-appcontrol-policies-using-intune.md
           - text: Deployment with Configuration Manager
-            url: deployment/deploy-wdac-policies-with-memcm.md
+            url: deployment/deploy-appcontrol-policies-with-memcm.md
           - text: Deployment with script and refresh policy
-            url: deployment/deploy-wdac-policies-with-script.md
+            url: deployment/deploy-appcontrol-policies-with-script.md
           - text: Deployment with group policy
-            url: deployment/deploy-wdac-policies-using-group-policy.md
+            url: deployment/deploy-appcontrol-policies-using-group-policy.md
   # Card
-  - title: Learn how to troubleshoot and debug WDAC events
+  - title: Learn how to troubleshoot and debug App Control events
     linkLists:
       - linkListType: overview
         links:
           - text: Debugging and troubleshooting
-            url: operations/wdac-debugging-and-troubleshooting.md
+            url: operations/appcontrol-debugging-and-troubleshooting.md
           - text: Understanding event IDs
             url: operations/event-id-explanations.md
           - text: Understanding event Tags
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md
similarity index 60%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md
index dc6c98cb9b..d83c66d961 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-debugging-and-troubleshooting.md
@@ -1,24 +1,23 @@
 ---
-title: WDAC debugging and troubleshooting guide
-description: Learn how to debug and troubleshoot app and script failures when using WDAC
+title: App Control debugging and troubleshooting guide
+description: Learn how to debug and troubleshoot app and script failures when using App Control
 ms.topic: how-to
-ms.date: 04/06/2023
+ms.date: 09/11/2024
 ---
 
-# WDAC debugging and troubleshooting
+# App Control debugging and troubleshooting
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This article describes how to debug and troubleshoot app and script failures when using Windows Defender Application Control (WDAC).
+This article describes how to debug and troubleshoot app and script failures when using App Control for Business.
 
-## 1 - Gather WDAC diagnostic data
+## 1 - Gather App Control diagnostic data
 
-Before debugging and troubleshooting WDAC issues, you must collect information from a device exhibiting the problem behavior.
+Before debugging and troubleshooting App Control issues, you must collect information from a device exhibiting the problem behavior.
 
 Run the following commands from an elevated PowerShell window to collect the diagnostic information you may need:
 
-1. Gather general WDAC diagnostic data and copy it to %userprofile%\AppData\Local\Temp\DiagOutputDir\CiDiag:
+1. Gather general App Control diagnostic data and copy it to %userprofile%\AppData\Local\Temp\DiagOutputDir\CiDiag:
 
     ```powershell
     cidiag.exe /stop
@@ -26,9 +25,9 @@ Run the following commands from an elevated PowerShell window to collect the dia
 
     If CiDiag.exe isn't present in your version of Windows, gather this information manually:
 
-    - WDAC policy binaries from the [Windows and EFI system partitions](known-issues.md#wdac-policy-file-locations)
-    - [WDAC event logs](#core-wdac-event-logs)
-    - [AppLocker event logs](#core-wdac-event-logs)
+    - App Control policy binaries from the [Windows and EFI system partitions](known-issues.md#app-control-policy-file-locations)
+    - [App Control event logs](#core-app-control-event-logs)
+    - [AppLocker event logs](#core-app-control-event-logs)
     - [Other event logs that may contain useful information](#other-windows-event-logs-that-may-be-useful) from other Windows apps and services
 
 2. Save the device's System Information to the CiDiag folder:
@@ -37,7 +36,7 @@ Run the following commands from an elevated PowerShell window to collect the dia
     msinfo32.exe /report $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\SystemInformation.txt
     ```
 
-3. Use [CiTool.exe](citool-commands.md) to inventory the list of WDAC policies on the device. Skip this step if CiTool.exe isn't present in your version of Windows.
+3. Use [CiTool.exe](citool-commands.md) to inventory the list of App Control policies on the device. Skip this step if CiTool.exe isn't present in your version of Windows.
 
     ```powershell
     citool.exe -lp -json > $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\CiToolOutput.json
@@ -76,9 +75,9 @@ Run the following commands from an elevated PowerShell window to collect the dia
     sc.exe query appid > $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLockerServices.txt; sc.exe query appidsvc >> $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLockerServices.txt; sc.exe query applockerfltr >> $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLockerServices.txt
     ```
 
-### Core WDAC event logs
+### Core App Control event logs
 
-WDAC events are generated under two locations:
+App Control events are generated under two locations:
 
 - Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational
 - Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script
@@ -87,7 +86,7 @@ Within the CiDiag output directory, these event logs are called CIOperational.ev
 
 ### Other Windows event logs that may be useful
 
-Sometimes, you may be able to supplement the information contained in the core WDAC event logs with information found in these other event logs. CIDiag.exe doesn't collect the ones shown in *italics*.
+Sometimes, you may be able to supplement the information contained in the core App Control event logs with information found in these other event logs. CIDiag.exe doesn't collect the ones shown in *italics*.
 
 - Applications and Services logs - Microsoft - Windows - CodeIntegrity - Verbose
 - Applications and Services logs - Microsoft - Windows - AppLocker - EXE and DLL
@@ -104,61 +103,61 @@ Sometimes, you may be able to supplement the information contained in the core W
 
 Having gathered the necessary diagnostic information from a device, you're ready to begin your analysis of the diagnostic data collected in the previous section.
 
-1. Verify the set of WDAC policies that are active and enforced. Confirm that only those policies you expect to be active are currently active. Be aware of the [Windows inbox policies](inbox-wdac-policies.md) that may also be active. You can use either of these methods:
+1. Verify the set of App Control policies that are active and enforced. Confirm that only those policies you expect to be active are currently active. Be aware of the [Windows inbox policies](inbox-appcontrol-policies.md) that may also be active. You can use either of these methods:
 
     - Review the output from *CiTool.exe -lp*, if applicable, which was saved to the CIDiag output directory as CiToolOutput.json. See [use Microsoft Edge to view the formatted json file](/microsoft-edge/devtools-guide-chromium/json-viewer/json-viewer).
-    - Review all [policy activation events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-policy-activation-events) from the core WDAC event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx.
+    - Review all [policy activation events](event-id-explanations.md#app-control-policy-activation-events) from the core App Control event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx.
 
-2. Review any [block events for executables, dlls, and drivers](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-executables-dlls-and-drivers) from the core WDAC event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx. Use information from the block events and their correlated 3089 signature details event(s) to investigate any blocks that are unexplained or unexpected. See the blocked executable example described later in this article for reference.
-3. Review any [block events for packaged apps, MSI installers, scripts, and COM objects](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects) from the core script enforcement event log found at  **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script**. Within the CIDiag output directory, this event log is called ALMsiAndScript.evtx. Use information from the block events and their correlated 8038 signature details event(s) to investigate any blocks that are unexplained or unexpected.
+2. Review any [block events for executables, dlls, and drivers](event-id-explanations.md#app-control-block-events-for-executables-dlls-and-drivers) from the core App Control event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx. Use information from the block events and their correlated 3089 signature details event(s) to investigate any blocks that are unexplained or unexpected. See the blocked executable example described later in this article for reference.
+3. Review any [block events for packaged apps, MSI installers, scripts, and COM objects](event-id-explanations.md#app-control-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects) from the core script enforcement event log found at  **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script**. Within the CIDiag output directory, this event log is called ALMsiAndScript.evtx. Use information from the block events and their correlated 8038 signature details event(s) to investigate any blocks that are unexplained or unexpected.
 
-Most WDAC-related issues, including app and script failures, can be diagnosed using the preceding steps.
+Most App Control-related issues, including app and script failures, can be diagnosed using the preceding steps.
 
 ### Event analysis for an example blocked executable
 
-Here's an example of detailed EventData from a typical WDAC enforcement mode block event 3077, and one of its correlated 3089 signature information events. The tables that follow each event screenshot describe some of the elements contained in the events. Following the event descriptions is a step-by-step walkthrough explaining how to use the events to understand why the block occurred.
+Here's an example of detailed EventData from a typical App Control enforcement mode block event 3077, and one of its correlated 3089 signature information events. The tables that follow each event screenshot describe some of the elements contained in the events. Following the event descriptions is a step-by-step walkthrough explaining how to use the events to understand why the block occurred.
 
-#### Event 3077 - WDAC enforcement block event
+#### Event 3077 - App Control enforcement block event
 
 ![Example 3077 block event for PowerShell.exe.](../images/event-3077.png)
 
 | Element name | Description |
 | ----- | ----- |
-| System - Correlation - \[ActivityID\] | **Not shown in screenshot** <br> Use the correlation ActivityID to match a WDAC block event with one or more 3089 signature events. |
-| File Name | The file's path and name on disk that was blocked from running. Since the name on disk is mutable, this value **isn't** the one used when creating WDAC file rules with `-Level FileName`. Instead, see the OriginalFileName element later in this table. |
+| System - Correlation - \[ActivityID\] | **Not shown in screenshot** <br> Use the correlation ActivityID to match an App Control block event with one or more 3089 signature events. |
+| File Name | The file's path and name on disk that was blocked from running. Since the name on disk is mutable, this value **isn't** the one used when creating App Control file rules with `-Level FileName`. Instead, see the OriginalFileName element later in this table. |
 | Process Name | The path and name of the file that attempted to run the blocked file. Also called the parent process. |
-| Requested Signing Level | The Windows signing authorization level the code needed to pass in order to run. See [Requested and validated signing level](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#requested-and-validated-signing-level). |
-| Validated Signing Level | The Windows signing authorization level the code was given. See [Requested and validated signing level](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#requested-and-validated-signing-level). |
+| Requested Signing Level | The Windows signing authorization level the code needed to pass in order to run. See [Requested and validated signing level](event-tag-explanations.md#requested-and-validated-signing-level). |
+| Validated Signing Level | The Windows signing authorization level the code was given. See [Requested and validated signing level](event-tag-explanations.md#requested-and-validated-signing-level). |
 | Status | Windows NT status code. You can use `certutil.exe -error <status>` to look up the meaning of the status code. |
 | SHA1 Hash | The SHA1 Authenticode hash for the blocked file. |
 | SHA256 Hash | The SHA256 Authenticode hash for the blocked file. |
 | SHA1 Flat Hash | The SHA1 flat file hash for the blocked file. |
 | SHA256 Flat Hash | The SHA256 flat file hash for the blocked file. |
-| PolicyName | The friendly name of the WDAC policy that caused the block event. A separate 3077 block event (or 3076 audit block event) is shown for each policy that blocks the file from running. |
-| PolicyId | The friendly ID value of the WDAC policy that caused the block event. |
-| PolicyHash | The SHA256 Authenticode hash of the WDAC policy binary that caused the block event. |
-| OriginalFileName | The immutable file name set by the developer in the blocked file's resource header. This value is the one used when creating WDAC file rules with `-Level FileName`. |
+| PolicyName | The friendly name of the App Control policy that caused the block event. A separate 3077 block event (or 3076 audit block event) is shown for each policy that blocks the file from running. |
+| PolicyId | The friendly ID value of the App Control policy that caused the block event. |
+| PolicyHash | The SHA256 Authenticode hash of the App Control policy binary that caused the block event. |
+| OriginalFileName | The immutable file name set by the developer in the blocked file's resource header. This value is the one used when creating App Control file rules with `-Level FileName`. |
 | InternalName | Another immutable value set by the developer in the blocked file's resource header. You can substitute this value for the OriginalFileName in file rules with `-Level FileName -SpecificFileNameLevel InternalName`. |
 | FileDescription | Another immutable value set by the developer in the blocked file's resource header. You can substitute this value for the OriginalFileName in file rules with `-Level FileName -SpecificFileNameLevel FileDescription`. |
 | ProductName | Another immutable value set by the developer in the blocked file's resource header. You can substitute this value for the OriginalFileName in file rules with `-Level FileName -SpecificFileNameLevel ProductName`. |
 | FileVersion | The policy's VersionEx value used to enforce version control over signed policies. |
-| PolicyGUID | The PolicyId of the WDAC policy that caused the block event. |
+| PolicyGUID | The PolicyId of the App Control policy that caused the block event. |
 | UserWriteable | A boolean value indicating if the file was in a user-writeable location. This information is useful for diagnosing issues when allowing by FilePath rules. |
 | PackageFamilyName | The Package Family Name for the packaged app (MSIX) that includes the blocked file. |
 
-#### Event 3089 - WDAC signature information event
+#### Event 3089 - App Control signature information event
 
 ![Example 3089 signature information event for PowerShell.exe.](../images/event-3089.png)
 
 | Element name | Description |
 | ----- | ----- |
-| System - Correlation - \[ActivityID\] | Use the correlation ActivityID to match a WDAC signature event with its block event. |
+| System - Correlation - \[ActivityID\] | Use the correlation ActivityID to match an App Control signature event with its block event. |
 | TotalSignatureCount | The total number of signatures detected for the blocked file. |
 | Signature | The index count, starting at 0, of the current signature shown in this 3089 event. If the file had multiple signatures, you'll find other 3089 events for the other signatures. |
-| Hash | The hash value that WDAC used to match the file. This value should match one of the four hashes shown on the 3077 or 3076 block event. If no signatures were found for the file (TotalSignatureCount = 0), then only the hash value is shown. |
-| SignatureType | The [type of signature](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#signaturetype). |
-| ValidatedSigningLevel | The Windows signing authorization level the signature met. See [Requested and validated signing level](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#requested-and-validated-signing-level). |
-| VerificationError | The reason this particular signature failed to pass the WDAC policy. See [VerificationError](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#verificationerror). |
+| Hash | The hash value that App Control used to match the file. This value should match one of the four hashes shown on the 3077 or 3076 block event. If no signatures were found for the file (TotalSignatureCount = 0), then only the hash value is shown. |
+| SignatureType | The [type of signature](event-tag-explanations.md#signaturetype). |
+| ValidatedSigningLevel | The Windows signing authorization level the signature met. See [Requested and validated signing level](event-tag-explanations.md#requested-and-validated-signing-level). |
+| VerificationError | The reason this particular signature failed to pass the App Control policy. See [VerificationError](event-tag-explanations.md#verificationerror). |
 | PublisherName | The common name (CN) value from the leaf certificate. |
 | IssuerName | The CN value from the highest available certificate in the certificate chain. This level is typically one certificate below the root. |
 | PublisherTBSHash | The TBS hash of the leaf certificate. |
@@ -166,7 +165,7 @@ Here's an example of detailed EventData from a typical WDAC enforcement mode blo
 
 #### Step-by-step walkthrough of the example 3077 and 3089 events
 
-Now let's walk through how to use the event data in the example 3077 and 3089 events to understand why the WDAC policy blocked this file.
+Now let's walk through how to use the event data in the example 3077 and 3089 events to understand why the App Control policy blocked this file.
 
 ##### Understand what file is being blocked and the block context
 
@@ -174,11 +173,11 @@ Referring to the 3077 event, locate the information that identifies the policy,
 
 In the example, the file being blocked is PowerShell.exe, which is part of Windows and would normally be expected to run. However, in this case, the policy was based off of the Windows in S mode policy template, which doesn't allow script hosts to run as a way to limit the attack surface. For S mode, this block event is a success. But let's assume the policy author was unaware of that constraint when they chose the template, and treat this block as unexpected.
 
-##### Determine why WDAC rejected the file
+##### Determine why App Control rejected the file
 
-Again referring to the 3077 event, we see the Requested Signing Level of 2 means the code must pass the WDAC policy. But the Validated Signing Level of 1 means the code was treated as though unsigned. "Unsigned" could mean the file was truly unsigned, signed but with an invalid certificate, or signed but without any certificates allowed by the WDAC policy.
+Again referring to the 3077 event, we see the Requested Signing Level of 2 means the code must pass the App Control policy. But the Validated Signing Level of 1 means the code was treated as though unsigned. "Unsigned" could mean the file was truly unsigned, signed but with an invalid certificate, or signed but without any certificates allowed by the App Control policy.
 
-Now, let's inspect the correlated 3089 event(s) for the blocked file. In the example, we're looking at only the first signature (Signature index 0) found on a file that had multiple signatures. For this signature, the ValidatedSigningLevel is 12, meaning it has a Microsoft Windows product signature. The VerificationError of 21 means that the signature didn't pass the WDAC policy.
+Now, let's inspect the correlated 3089 event(s) for the blocked file. In the example, we're looking at only the first signature (Signature index 0) found on a file that had multiple signatures. For this signature, the ValidatedSigningLevel is 12, meaning it has a Microsoft Windows product signature. The VerificationError of 21 means that the signature didn't pass the App Control policy.
 
 It's important to review the information for each correlated 3089 event as each signature may have a different ValidatedSigningLevel and VerificationError.
 
@@ -191,11 +190,11 @@ It's important to review the information for each correlated 3089 event as each
 
 ## 3 - Resolve common problems
 
-Having analyzed the WDAC diagnostic data, you can take steps to resolve the issue or do more debugging steps. Following are some common problems and steps you can try to resolve or further isolate the root issue:
+Having analyzed the App Control diagnostic data, you can take steps to resolve the issue or do more debugging steps. Following are some common problems and steps you can try to resolve or further isolate the root issue:
 
 ### Issue: A file was blocked that you want to allow
 
-- Use data from the core WDAC event logs to add rules to allow the blocked file.
+- Use data from the core App Control event logs to add rules to allow the blocked file.
 - Redeploy the file or app using a managed installer if your policy trusts managed installers.
 
 ### Issue: A policy is active that is unexpected
@@ -208,51 +207,51 @@ This condition may exist if:
 - A policy was incorrectly deployed to the device.
 - An attacker with administrator access has applied a policy to cause denial of service for some critical processes.
 
-To resolve such an issue, follow the instructions to [Remove WDAC policies](/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies) for the identified policy.
+To resolve such an issue, follow the instructions to [Remove App Control policies](../deployment/disable-appcontrol-policies.md) for the identified policy.
 
-### Issue: An unhandled app failure is occurring and no WDAC events are observed
+### Issue: An unhandled app failure is occurring and no App Control events are observed
 
-Some apps alter their behavior when a user mode WDAC policy is active, which can result in unexpected failures. It can also be a side-effect of script enforcement for apps that don't properly handle the enforcement behaviors implemented by the script hosts.
+Some apps alter their behavior when a user mode App Control policy is active, which can result in unexpected failures. It can also be a side-effect of script enforcement for apps that don't properly handle the enforcement behaviors implemented by the script hosts.
 
 Try to isolate the root cause by doing the following actions:
 
 - Check the other event logs listed in section 1 of this article for events corresponding with the unexpected app failures.
-- Temporarily replace the WDAC policy with another policy that [disables script enforcement](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement) and retest.
-- Temporarily replace the WDAC policy with another policy that [allows all COM objects](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy) and retest.
-- Temporarily replace the WDAC policy with another policy that relaxes other [policy rules](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-policy-rules) and retest.
+- Temporarily replace the App Control policy with another policy that [disables script enforcement](../design/script-enforcement.md) and retest.
+- Temporarily replace the App Control policy with another policy that [allows all COM objects](../design/allow-com-object-registration-in-appcontrol-policy.md) and retest.
+- Temporarily replace the App Control policy with another policy that relaxes other [policy rules](../design/select-types-of-rules-to-create.md#app-control-for-business-policy-rules) and retest.
 
 ### Issue: An app deployed by a managed installer isn't working
 
 To debug issues using managed installer, try these steps:
 
-- Check that the WDAC policy that is blocking the app includes the option to enable managed installer.
-- Check that the effective AppLocker policy $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLocker.xml is correct as described in [Automatically allow apps deployed by a managed installer](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls).
+- Check that the App Control policy that is blocking the app includes the option to enable managed installer.
+- Check that the effective AppLocker policy $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLocker.xml is correct as described in [Automatically allow apps deployed by a managed installer](../design/configure-authorized-apps-deployed-with-a-managed-installer.md#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls).
 - Check that the AppLocker services are running. This information is found in $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLockerServices.txt created in section 1 of this article.
 - Check that an AppLocker file exists called MANAGEDINSTALLER.APPLOCKER exists in the CiDiag folder created earlier. If not, repeat the steps to deploy and enable the managed installer AppLocker configuration.
 - Restart the managed installer process and check that an 8002 event is observed in the **AppLocker - EXE and DLL** event log for the managed installer process with PolicyName = MANAGEDINSTALLER. If instead you see an event with 8003 or 8004 with PolicyName = MANAGEDINSTALLER, then check the ManagedInstaller rules in the AppLocker policy XML and ensure a rule matches the managed installer process.
-- [Use fsutil.exe](/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer#using-fsutil-to-query-extended-attributes-for-managed-installer-mi) to verify files written by the managed installer process have the managed installer origin extended attribute. If not, redeploy the files with the managed installer and check again.
+- [Use fsutil.exe](configure-appcontrol-managed-installer.md#using-fsutil-to-query-extended-attributes-for-managed-installer-mi) to verify files written by the managed installer process have the managed installer origin extended attribute. If not, redeploy the files with the managed installer and check again.
 - Test installation of a different app using the managed installer.
 - Add another managed installer to your AppLocker policy and test installation using the other managed installer.
-- Check if the app is encountering a [known limitation with managed installer](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#known-limitations-with-managed-installer). If so, you must authorize the app using other means.
+- Check if the app is encountering a [known limitation with managed installer](../design/configure-authorized-apps-deployed-with-a-managed-installer.md#known-limitations-with-managed-installer). If so, you must authorize the app using other means.
 
 ### Issue: An app you expected the Intelligent Security Graph (ISG) to allow isn't working
 
 To debug issues using ISG, try these steps:
 
-- Check that the WDAC policy that is blocking the app includes the option to enable the intelligent security graph.
+- Check that the App Control policy that is blocking the app includes the option to enable the intelligent security graph.
 - Check that the AppLocker services are running. This information is found in $env:USERPROFILE\AppData\Local\Temp\DiagOutputDir\CiDiag\AppLockerServices.txt created in section 1 of this article.
-- [Use fsutil.exe](/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer#using-fsutil-to-query-extended-attributes-for-intelligent-security-graph-isg) to verify files have the ISG origin extended attribute. If not, redeploy the files with the managed installer and check again.
-- Check if the app is encountering a [known limitation with ISG](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph#known-limitations-with-using-the-isg).
+- [Use fsutil.exe](configure-appcontrol-managed-installer.md#using-fsutil-to-query-extended-attributes-for-intelligent-security-graph-isg) to verify files have the ISG origin extended attribute. If not, redeploy the files with the managed installer and check again.
+- Check if the app is encountering a [known limitation with ISG](../design/use-appcontrol-with-intelligent-security-graph.md#known-limitations-with-using-the-isg).
 
 ## 4 - Report issues to Microsoft, if appropriate
 
 If after following the guidance covered by this article you believe you've identified a product issue, report the issue to Microsoft.
 
 - Customers with Microsoft Premier Support should log a service request through normal channels.
-- All other customers can report issues directly to the WDAC product team via the Windows [Feedback Hub](feedback-hub:?contextid=790&tabid=2&newFeedback=true). Select the category **Security & Privacy - Application Control** to ensure the issue is properly routed to the WDAC product team.
+- All other customers can report issues directly to the App Control product team via the Windows [Feedback Hub](feedback-hub:?contextid=790&tabid=2&newFeedback=true). Select the category **Security & Privacy - Application Control** to ensure the issue is properly routed to the App Control product team.
 
 When reporting issues, be sure to provide the following information:
 
-- All [WDAC diagnostic data](#1---gather-wdac-diagnostic-data) described earlier.
+- All [App Control diagnostic data](#1---gather-app-control-diagnostic-data) described earlier.
 - If possible, the blocked file(s).
 - Clear instructions to reproduce the problem.
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md
new file mode 100644
index 0000000000..755488b5a3
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/appcontrol-operational-guide.md
@@ -0,0 +1,26 @@
+---
+title: Managing and troubleshooting App Control for Business policies
+description: Gather information about how your deployed App Control for Business policies are behaving.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: how-to
+---
+
+# App Control for Business operational guide
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+You now understand how to design and deploy your App Control for Business policies. This guide explains how to understand the effects your policies have and how to troubleshoot when they aren't behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
+
+## In this section
+
+| Article | Description |
+| - | - |
+| [Debugging and troubleshooting](appcontrol-debugging-and-troubleshooting.md) | This article explains how to debug app and script failures with App Control. |
+| [Understanding App Control event IDs](event-id-explanations.md) | This article explains the meaning of different App Control event IDs. |
+| [Understanding App Control event tags](event-tag-explanations.md) | This article explains the meaning of different App Control event tags. |
+| [Query App Control events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This article covers how to view App Control events centrally from all systems that are connected to Microsoft Defender for Endpoint. |
+| [Admin Tips & Known Issues](known-issues.md) | This article describes some App Control Admin Tips & Known Issues. |
+| [Managed installer and ISG technical reference and troubleshooting guide](configure-appcontrol-managed-installer.md) | This article provides technical details and debugging steps for managed installer and ISG. |
+| [CITool.exe technical reference](citool-commands.md) | This article explains how to use CITool.exe. |
+| [Inbox App Control policies](inbox-appcontrol-policies.md) | This article describes the App Control policies that ship with Windows and when they're active. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md
similarity index 82%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md
index 729ecd07ee..c8bb39fb47 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md
@@ -2,14 +2,14 @@
 title: Managing CI policies and tokens with CiTool
 description: Learn how to use policy commands, token commands, and miscellaneous commands in CiTool
 ms.topic: reference
-ms.date: 10/02/2023
+ms.date: 09/11/2024
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
 
 # CiTool technical reference
 
-CiTool makes Windows Defender Application Control (WDAC) policy management easier for IT admins. You can use this tool to manage Windows Defender Application Control policies and CI tokens. This article describes how to use CiTool to update and manage policies. It's currently included as part of the Windows image in Windows 11, version 22H2.
+CiTool makes App Control for Business policy management easier for IT admins. You can use this tool to manage App Control for Business policies and CI tokens. This article describes how to use CiTool to update and manage policies. It's currently included as part of the Windows image in Windows 11, version 22H2.
 
 ## Policy commands
 
@@ -35,24 +35,24 @@ CiTool makes Windows Defender Application Control (WDAC) policy management easie
 | Command | Description | Alias |
 |--------|---------|---------|
 | `--device-id` | Dump the code integrity device ID. | `-id` |
-| `--refresh` | Attempt to refresh WDAC policies. | `-r` |
+| `--refresh` | Attempt to refresh App Control policies. | `-r` |
 | `--help` | Display the tool's help menu. | `-h` |
 
 ## Output attributes and descriptions
 
 ### List policies (`--list-policies`)
 
-```output
-    Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
-    Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
-    Friendly Name: Microsoft Windows Driver Policy
-    Version: 2814751463178240
-    Platform Policy: true
-    Policy is Signed: true
-    Has File on Disk: false
-    Is Currently Enforced: true
-    Is Authorized: true
-    Status: 0
+```console
+Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
+Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
+Friendly Name: Microsoft Windows Driver Policy
+Version: 2814751463178240
+Platform Policy: true
+Policy is Signed: true
+Has File on Disk: false
+Is Currently Enforced: true
+Is Authorized: true
+Status: 0
 ```
 
 | Attribute | Description | Example value |
@@ -69,25 +69,25 @@ CiTool makes Windows Defender Application Control (WDAC) policy management easie
 
 ## Examples
 
-### Deploy a WDAC policy
+### Deploy an App Control policy
 
 ```powershell
 CiTool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
 ```
 
-### Refresh the WDAC policies on the system
+### Refresh the App Control policies on the system
 
 ```powershell
 CiTool --refresh
 ```
 
-### Remove a specific WDAC policy by its policy ID
+### Remove a specific App Control policy by its policy ID
 
 ```powershell
 CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
 ```
 
-### List the actively enforced WDAC policies on the system
+### List the actively enforced App Control policies on the system
 
 ```powershell
 # Check each policy's IsEnforced state and return only the enforced policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md
similarity index 79%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md
index 98e2c42da8..d75a2df983 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/configure-appcontrol-managed-installer.md
@@ -2,22 +2,21 @@
 title: Managed installer and ISG technical reference and troubleshooting guide
 description: A technical reference and troubleshooting guide for managed installer and Intelligent Security Graph (ISG).
 ms.localizationpriority: medium
-ms.date: 11/11/2022
+ms.date: 09/11/2024
 ms.topic: troubleshooting
 ---
 
 # Managed installer and ISG technical reference and troubleshooting guide
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
 ## Enabling managed installer and Intelligent Security Graph (ISG) logging events
 
-Refer to [Understanding Application Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events.
+Refer to [Understanding App Control Events](event-id-explanations.md#diagnostic-events-for-intelligent-security-graph-isg-and-managed-installer-mi) for information on enabling optional managed installer diagnostic events.
 
 ## Using fsutil to query extended attributes for Managed Installer (MI)
 
-Customers using Windows Defender Application Control (WDAC) with Managed Installer (MI) enabled can use fsutil.exe to determine whether a file was created by a managed installer process. This verification is done by querying the Extended Attributes (EAs) on a file using fsutil.exe and looking for the KERNEL.SMARTLOCKER.ORIGINCLAIM EA. Then, you can use the data from the first row of output to identify if the file was created by a managed installer. For example, let's look at the fsutil.exe output for a file called application.exe:
+Customers using App Control for Business with Managed Installer (MI) enabled can use fsutil.exe to determine whether a file was created by a managed installer process. This verification is done by querying the Extended Attributes (EAs) on a file using fsutil.exe and looking for the KERNEL.SMARTLOCKER.ORIGINCLAIM EA. Then, you can use the data from the first row of output to identify if the file was created by a managed installer. For example, let's look at the fsutil.exe output for a file called application.exe:
 
 **Example:**
 
@@ -47,7 +46,7 @@ If there is "00" in the fifth position of the output (the start of the second UL
 
 0000: 01 00 00 00 **`00` 00 00 00** 00 00 00 00 01 00 00 00
 
-Finally, the two-character set in the ninth position of the output (the start of the third ULONG) indicates whether the file was created by a process running as managed installer. A value of "00" means the file was directly written by a managed installer process and will run if your WDAC policy trusts managed installers.
+Finally, the two-character set in the ninth position of the output (the start of the third ULONG) indicates whether the file was created by a process running as managed installer. A value of "00" means the file was directly written by a managed installer process and will run if your App Control policy trusts managed installers.
 
 0000: 01 00 00 00 00 00 00 00 **`00` 00 00 00** 01 00 00 00
 
@@ -98,4 +97,4 @@ Both managed installer and the ISG depend on AppLocker to provide some functiona
    Get-AppLockerPolicy -Effective -XML > $env:USERPROFILE\Desktop\AppLocker.xml
    ```
 
-   Then open the XML file created and confirm it contains the rules you expect. In particular, the policy should include at least one rule for each of the EXE, DLL, and MANAGEDINSTALLER RuleCollections. The RuleCollections can either be set to AuditOnly or Enabled. Additionally, the EXE and DLL RuleCollections must include the RuleCollectionExtensions configuration as shown in [Automatically allow apps deployed by a managed installer with Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls).
+   Then open the XML file created and confirm it contains the rules you expect. In particular, the policy should include at least one rule for each of the EXE, DLL, and MANAGEDINSTALLER RuleCollections. The RuleCollections can either be set to AuditOnly or Enabled. Additionally, the EXE and DLL RuleCollections must include the RuleCollectionExtensions configuration as shown in [Automatically allow apps deployed by a managed installer with App Control for Business](../design/configure-authorized-apps-deployed-with-a-managed-installer.md#create-and-deploy-an-applocker-policy-that-defines-your-managed-installer-rules-and-enables-services-enforcement-for-executables-and-dlls).
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md
new file mode 100644
index 0000000000..ceaac2953b
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations.md
@@ -0,0 +1,161 @@
+---
+title: Understanding App Control event IDs
+description: Learn what different App Control for Business event IDs signify.
+ms.localizationpriority: medium
+ms.date: 09/11/2024
+ms.topic: reference
+---
+
+# Understanding App Control events
+
+## App Control Events Overview
+
+App Control logs events when a policy is loaded, when a file is blocked, or when a file would be blocked if in audit mode. These block events include information that identifies the policy and gives more details about the block. App Control doesn't generate events when a binary is allowed. However, you can turn on allow audit events for files authorized by a managed installer or the Intelligent Security Graph (ISG) as described later in this article.
+
+### Core App Control event logs
+
+App Control events are generated under two locations in the Windows Event Viewer:
+
+- **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational** includes events about App Control policy activation and the control of executables, dlls, and drivers.
+- **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** includes events about the control of MSI installers, scripts, and COM objects.
+
+Most app and script failures that occur when App Control is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding App Control event tags](event-tag-explanations.md).
+
+> [!NOTE]
+> **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** events are not included on Windows Server Core edition.
+
+## App Control block events for executables, dlls, and drivers
+
+These events are found in the **CodeIntegrity - Operational** event log.
+
+| Event ID | Explanation |
+|--------|-----------|
+| 3004 | This event isn't common and may occur with or without an App Control policy present. It typically indicates a kernel driver tried to load with an invalid signature. For example, the file may not be WHQL-signed on a system where WHQL is required. <br><br> This event is also seen for kernel- or user-mode code that the developer opted-in to [/INTEGRITYCHECK](/cpp/build/reference/integritycheck-require-signature-check) but isn't signed correctly. |
+| 3033 | This event may occur with or without an App Control policy present and should occur alongside a 3077 event if caused by App Control policy. It often means the file's signature is revoked or a signature with the Lifetime Signing EKU has expired. Presence of the Lifetime Signing EKU is the only case where App Control blocks files due to an expired signature. Try using option `20 Enabled:Revoked Expired As Unsigned` in your policy along with a rule (for example, hash) that doesn't rely on the revoked or expired cert. <br><br> This event also occurs if code compiled with [Code Integrity Guard (CIG)](/microsoft-365/security/defender-endpoint/exploit-protection-reference#code-integrity-guard) tries to load other code that doesn't meet the CIG requirements. |
+| 3034 | This event isn't common. It's the audit mode equivalent of event 3033. |
+| 3076 | This event is the main App Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. |
+| 3077 | This event is the main App Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. |
+| 3089 | This event contains signature information for files that were blocked or audit blocked by App Control. One of these events is created for each signature of a file. Each event shows the total number of signatures found and an index value to identify the current signature. Unsigned files generate a single one of these events with TotalSignatureCount of 0. These events are correlated with 3004, 3033, 3034, 3076 and 3077 events. You can match the events using the `Correlation ActivityID` found in the **System** portion of the event. |
+
+## App Control block events for packaged apps, MSI installers, scripts, and COM objects
+
+These events are found in the **AppLocker - MSI and Script** event log.
+
+| Event ID | Explanation |
+|--------|-----------|
+| 8028 | This event indicates that a script host, such as PowerShell, queried App Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the App Control policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with App Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. |
+| 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your App Control policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). |
+| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in an App Control for Business policy](../design/allow-com-object-registration-in-appcontrol-policy.md). |
+| 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the App Control policy. |
+| 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files generate a single 8038 event with TotalSignatureCount 0. These events are correlated with 8028 and 8029 events and can be matched using the `Correlation ActivityID` found in the **System** portion of the event. |
+| 8039 | This event indicates that a packaged app (MSIX/AppX) was allowed to install or run because the App Control policy is in audit mode. But, it would have been blocked if the policy was enforced. |
+| 8040 | This event indicates that a packaged app was prevented from installing or running due to the App Control policy. |
+
+## App Control policy activation events
+
+These events are found in the **CodeIntegrity - Operational** event log.
+
+| Event ID | Explanation |
+|--------|-----------|
+| 3095 | The App Control policy can't be refreshed and must be rebooted instead. |
+| 3096 | The App Control policy wasn't refreshed since it's already up-to-date. This event's Details includes useful information about the policy, such as its policy options. |
+| 3097 | The App Control policy can't be refreshed. |
+| 3099 | Indicates that a policy has been loaded. This event's Details includes useful information about the App Control policy, such as its policy options. |
+| 3100 | The App Control policy was refreshed but was unsuccessfully activated. Retry. |
+| 3101 | App Control policy refresh started for *N* policies. |
+| 3102 | App Control policy refresh finished for *N* policies. |
+| 3103 | The system is ignoring the App Control policy refresh. For example, an inbox Windows policy that doesn't meet the conditions for activation. |
+| 3105 | The system is attempting to refresh the App Control policy with the specified ID. |
+
+## Diagnostic events for Intelligent Security Graph (ISG) and Managed Installer (MI)
+
+> [!NOTE]
+> When Managed Installer is enabled, customers using LogAnalytics should be aware that Managed Installer may fire many 3091 events.  Customers may need to filter out these events to avoid high LogAnalytics costs.
+
+The following events provide helpful diagnostic information when an App Control policy includes the ISG or MI option. These events can help you debug why something was allowed/denied based on managed installer or ISG. Events 3090, 3091, and 3092 don't necessarily indicate a problem but should be reviewed in context with other events like 3076 or 3077.
+
+Unless otherwise noted, these events are found in either the **CodeIntegrity - Operational** event log or the **CodeIntegrity - Verbose** event log depending on your version of Windows.
+
+| Event ID | Explanation |
+|--------|---------|
+| 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. |
+| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the App Control policy is in audit mode. |
+| 3092 | This event is the enforcement mode equivalent of 3091. |
+| 8002 | This event is found in the **AppLocker - EXE and DLL** event log. When a process launches that matches a managed installer rule, this event is raised with PolicyName = MANAGEDINSTALLER found in the event Details. Events with PolicyName = EXE or DLL aren't related to App Control. |
+
+Events 3090, 3091, and 3092 are reported per active policy on the system, so you may see multiple events for the same file.
+
+### ISG and MI diagnostic event details
+
+The following information is found in the details for 3090, 3091, and 3092 events.
+
+| Name | Explanation |
+|------|------|
+| ManagedInstallerEnabled | Indicates whether the specified policy enables managed installer trust |
+| PassesManagedInstaller | Indicates whether the file originated from a MI |
+| SmartlockerEnabled | Indicates whether the specified policy enables ISG trust |
+| PassesSmartlocker | Indicates whether the file had positive reputation according to the ISG |
+| AuditEnabled | True if the App Control policy is in audit mode, otherwise it is in enforce mode |
+| PolicyName | The name of the App Control policy to which the event applies |
+
+### Enabling ISG and MI diagnostic events
+
+To enable 3090 allow events, create a TestFlags regkey with a value of 0x300 as shown in the following PowerShell command. Then restart your computer.
+
+```powershell
+reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
+```
+
+Events 3091 and 3092 are inactive on some versions of Windows and are turned on by the preceding command.
+
+## Appendix
+
+A list of other relevant event IDs and their corresponding description.
+
+| Event ID | Description |
+|-------|------|
+| 3001 | An unsigned driver was attempted to load on the system. |
+| 3002 | Code Integrity couldn't verify the boot image as the page hash couldn't be found. |
+| 3004 | Code Integrity couldn't verify the file as the page hash couldn't be found. |
+| 3010 | The catalog containing the signature for the file under validation is invalid. |
+| 3011 | Code Integrity finished loading the signature catalog. |
+| 3012 | Code Integrity started loading the signature catalog. |
+| 3023 | The driver file under validation didn't meet the requirements to pass the App Control policy. |
+| 3024 | Windows App Control was unable to refresh the boot catalog file. |
+| 3026 | Microsoft or the certificate issuing authority revoked the certificate that signed the catalog. |
+| 3032 | The file under validation is revoked or the file has a signature that is revoked.
+| 3033 | The file under validation didn't meet the requirements to pass the App Control policy. |
+| 3034 | The file under validation wouldn't meet the requirements to pass the App Control policy if it was enforced. The file was allowed since the policy is in audit mode. |
+| 3036 | Microsoft or the certificate issuing authority revoked the certificate that signed the file being validated. |
+| 3064 | If the App Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the App Control policy. The DLL was allowed since the policy is in audit mode. |
+| 3065 | If the App Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the App Control policy. |
+| 3074 | Page hash failure while hypervisor-protected code integrity was enabled. |
+| 3075 | This event measures the performance of the App Control policy check during file validation. |
+| 3076 | This event is the main App Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. |
+| 3077 | This event is the main App Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. |
+| 3079 | The file under validation didn't meet the requirements to pass the App Control policy. |
+| 3080 | If the App Control policy was in enforced mode, the file under validation wouldn't have met the requirements to pass the App Control policy. |
+| 3081 | The file under validation didn't meet the requirements to pass the App Control policy. |
+| 3082 | If the App Control policy was enforced, the policy would have blocked this non-WHQL driver. |
+| 3084 | Code Integrity is enforcing WHQL driver signing requirements on this boot session. |
+| 3085 | Code Integrity isn't enforcing WHQL driver signing requirements on this boot session. |
+| 3086 | The file under validation doesn't meet the signing requirements for an isolated user mode (IUM) process. |
+| 3089 | This event contains signature information for files that were blocked or audit blocked by App Control. One 3089 event is created for each signature of a file. |
+| 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. |
+| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the App Control policy is in audit mode. |
+| 3092 | This event is the enforcement mode equivalent of 3091. |
+| 3095 | The App Control policy can't be refreshed and must be rebooted instead. |
+| 3096 | The App Control policy wasn't refreshed since it's already up-to-date. |
+| 3097 | The App Control policy can't be refreshed. |
+| 3099 | Indicates that a policy has been loaded. This event also includes information about the options set by the App Control policy.  |
+| 3100 | The App Control policy was refreshed but was unsuccessfully activated. Retry. |
+| 3101 | The system started refreshing the App Control policy. |
+| 3102 | The system finished refreshing the App Control policy. |
+| 3103 | The system is ignoring the App Control policy refresh. |
+| 3104 | The file under validation doesn't meet the signing requirements for a PPL (protected process light) process. |
+| 3105 | The system is attempting to refresh the App Control policy. |
+| 3108 | Windows mode change event was successful. |
+| 3110 | Windows mode change event was unsuccessful. |
+| 3111 | The file under validation didn't meet the hypervisor-protected code integrity (HVCI) policy. |
+| 3112 | Windows has revoked the certificate that signed the file being validated. |
+| 3114 | Dynamic Code Security opted the .NET app or DLL into App Control policy validation. The file under validation didn't pass your policy and was blocked. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
similarity index 83%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
index 298b965229..0f5513efc4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md
@@ -1,14 +1,14 @@
 ---
-title: Understanding Application Control event tags
-description: Learn what different Windows Defender Application Control event tags signify.
+title: Understanding App Control event tags
+description: Learn what different App Control for Business event tags signify.
 ms.localizationpriority: medium
-ms.date: 05/09/2023
+ms.date: 09/11/2024
 ms.topic: conceptual
 ---
 
-# Understanding Application Control event tags
+# Understanding App Control event tags
 
-Windows Defender Application Control (WDAC) events include many fields, which provide helpful troubleshooting information to figure out exactly what an event means. This article describes the values and meanings for a few useful event tags.
+App Control for Business events include many fields, which provide helpful troubleshooting information to figure out exactly what an event means. This article describes the values and meanings for a few useful event tags.
 
 ## SignatureType
 
@@ -33,7 +33,7 @@ Represents the signature level at which the code was verified.
 |---|----------|
 | 0 | Signing level hasn't yet been checked |
 | 1 | File is unsigned or has no signature that passes the active policies |
-| 2 | Trusted by Windows Defender Application Control policy |
+| 2 | Trusted by App Control for Business policy |
 | 3 | Developer signed code |
 | 4 | Authenticode signed |
 | 5 | Microsoft Store signed app PPL (Protected Process Light) |
@@ -71,7 +71,7 @@ Represents why verification failed, or if it succeeded.
 | 18 | Custom signing level not met; returned if signature fails to match `CISigners` in UMCI. |
 | 19 | Binary is revoked based on its file hash. |
 | 20 | SHA1 cert hash's timestamp is missing or after valid cutoff as defined by Weak Crypto Policy. |
-| 21 | Failed to pass Windows Defender Application Control policy. |
+| 21 | Failed to pass App Control for Business policy. |
 | 22 | Not Isolated User Mode (IUM)) signed; indicates an attempt to load a standard Windows binary into a virtualization-based security (VBS) trustlet. |
 | 23 | Invalid image hash. This error can indicate file corruption or a problem with the file's signature. Signatures using elliptic curve cryptography (ECC), such as ECDSA, return this VerificationError. |
 | 24 | Flight root not allowed; indicates trying to run flight-signed code on production OS. |
@@ -82,7 +82,7 @@ Represents why verification failed, or if it succeeded.
 
 ## Policy activation event Options
 
-The Application Control policy rule option values can be derived from the "Options" field in the Details section for successful [policy activation events](event-id-explanations.md#wdac-policy-activation-events). To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow.
+The App Control policy rule option values can be derived from the "Options" field in the Details section for successful [policy activation events](event-id-explanations.md#app-control-policy-activation-events). To parse the values, first convert the hex value to binary. To derive and parse these values, follow the below workflow.
 
 - Access Event Viewer.
 - Access the Code integrity 3099 event.
@@ -105,7 +105,7 @@ For a simple solution for converting hex to binary, follow these steps:
 
 This view provides the hex code in binary form, with each bit address shown separately.  The bit addresses start at 0 in the bottom right.  Each bit address correlates to a specific event policy-rule option.  If the bit address holds a value of 1, the setting is in the policy.
 
-Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](../design/select-types-of-rules-to-create.md#table-1-windows-defender-application-control-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode.
+Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](../design/select-types-of-rules-to-create.md#table-1-app-control-for-business-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode.
 
 | Bit Address | Policy Rule Option |
 |-------|------|
@@ -157,7 +157,7 @@ The rule means trust anything signed by a certificate that chains to this root C
 | 18 | Microsoft ECC Product Root CA 2018 |
 | 19 | Microsoft ECC Devices Root CA 2017 |
 
-For well-known roots, the TBS hashes for the certificates are baked into the code for Windows Defender Application Control. For example, they don't need to be listed as TBS hashes in the policy file.
+For well-known roots, the TBS hashes for the certificates are baked into the code for App Control for Business. For example, they don't need to be listed as TBS hashes in the policy file.
 
 ## Status values
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
similarity index 73%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
index c8432d0129..f62b037cb4 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md
@@ -1,24 +1,23 @@
 ---
-title: Inbox WDAC policies
-description: This article describes the inbox WDAC policies that may be active on a device.
+title: Inbox App Control policies
+description: This article describes the inbox App Control policies that may be active on a device.
 ms.manager: jsuther
-ms.date: 03/10/2023
+ms.date: 09/11/2024
 ms.topic: conceptual
 ms.localizationpriority: medium
 ---
 
-# Inbox WDAC policies
+# Inbox App Control policies
 
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
 
-This article describes the Windows Defender Application Control (WDAC) policies that ship inbox with Windows and may be active on your devices. To see which policies are active on your device, use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) or check the *CodeIntegrity - Operational* event log for 3099 policy activation events.
+This article describes the App Control for Business policies that ship inbox with Windows and may be active on your devices. To see which policies are active on your device, use [citool.exe](citool-commands.md) or check the *CodeIntegrity - Operational* event log for 3099 policy activation events.
 
-## Inbox WDAC Policies
+## Inbox App Control Policies
 
-| **Policy Name** | **Policy ID** | **Policy Type** | **Description** |
+| Policy Name | Policy ID | Policy Type | Description |
 |-----------|-----------|-----------|-----------|
-| **Microsoft Windows Driver Policy** | {d2bda982-ccf6-4344-ac5b-0b44427b6816} | Kernel-only Base policy | This policy blocks known [vulnerable or malicious kernel drivers](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules). It's active by default on Windows 11 22H2, [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85), [Windows 11 SE](/education/windows/windows-11-se-overview), and anywhere [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\driversipolicy.p7b` and in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\driversipolicy.p7b`. |
+| **Microsoft Windows Driver Policy** | {d2bda982-ccf6-4344-ac5b-0b44427b6816} | Kernel-only Base policy | This policy blocks known [vulnerable or malicious kernel drivers](../design/microsoft-recommended-driver-block-rules.md). It's active by default on Windows 11 22H2, [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85), [Windows 11 SE](/education/windows/windows-11-se-overview), and anywhere [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at `%windir%\System32\CodeIntegrity\driversipolicy.p7b` and in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\driversipolicy.p7b`. |
 | **Windows10S_Lockdown_Policy_Supplementable** | {5951a96a-e0b5-4d3d-8fb8-3e5b61030784} | Base policy | This policy is active on devices running [Windows in S mode](https://support.microsoft.com/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\winsipolicy.p7b`. |
 | **WindowsE_Lockdown_Policy** | {82443e1e-8a39-4b4a-96a8-f40ddc00b9f3} | Base policy | This policy is active on devices running [Windows 11 SE](/education/windows/windows-11-se-overview). Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}.cip`. |
 | **WindowsE_Lockdown_Flight_Policy_Supplemental** | {5dac656c-21ad-4a02-ab49-649917162e70} | Supplemental policy | This policy is active on devices running [Windows 11 SE](/education/windows/windows-11-se-overview) that are enrolled in the [Windows Insider](https://insider.windows.com) program. Its policy binary file is found in the EFI system partition at `<EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{5dac656c-21ad-4a02-ab49-649917162e70}.cip`. |
diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
new file mode 100644
index 0000000000..4181691e76
--- /dev/null
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
@@ -0,0 +1,104 @@
+---
+title: App Control Admin Tips & Known Issues
+description: App Control Known Issues
+ms.manager: jsuther
+ms.date: 09/11/2024
+ms.topic: troubleshooting
+ms.localizationpriority: medium
+---
+
+# App Control Admin Tips & Known Issues
+
+[!INCLUDE [Feature availability note](../includes/feature-availability-note.md)]
+
+This article covers tips and tricks for admins and known issues with App Control for Business. Test this configuration in your lab before enabling it in production.
+
+## App Control policy file locations
+
+**Multiple policy format App Control policies** are found in the following locations depending on whether the policy is signed or not, and the method of policy deployment that was used.
+
+- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
+- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
+
+The *\{PolicyId GUID\}* value is unique by policy and defined in the policy XML with the &lt;PolicyId&gt; element.
+
+For **single policy format App Control policies**, in addition to the two preceding locations, also look for a file called SiPolicy.p7b in the following locations:
+
+- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\SiPolicy.p7b
+- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\SiPolicy.p7b
+
+> [!NOTE]
+> A multiple policy format App Control policy using the single policy format GUID `{A244370E-44C9-4C06-B551-F6016E563076}` may exist under any of the policy file locations.
+
+## File Rule Precedence Order
+
+When the App Control engine evaluates files against the active set of policies on the device, rules are applied in the following order. Once a file encounters a match, App Control stops further processing.
+
+1. Explicit deny rules - a file is blocked if any explicit deny rule exists for it, even if other rules are created to try to allow it. Deny rules can use any [rule level](../design/select-types-of-rules-to-create.md#app-control-for-business-file-rule-levels). Use the most specific rule level practical when creating deny rules to avoid blocking more than you intend.
+
+2. Explicit allow rules - if any explicit allow rule exists for the file, the file runs.
+
+3. App Control then checks for the [Managed Installer extended attribute (EA)](../design/configure-authorized-apps-deployed-with-a-managed-installer.md) or the [Intelligent Security Graph (ISG) EA](../design/use-appcontrol-with-intelligent-security-graph.md) on the file. If either EA exists and the policy enables the corresponding option, then the file is allowed.
+
+4. Lastly, App Control makes a cloud call to the ISG to get reputation about the file, if the policy enables the ISG option.
+
+5. Any file not allowed by an explicit rule or based on ISG or MI is blocked implicitly.
+
+## Known issues
+
+### Boot stop failure (blue screen) occurs if more than 32 policies are active
+
+Until you apply the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies. If the maximum number of policies is exceeded, the device bluescreens referencing ci.dll with a bug check value of 0x0000003b. Consider this maximum policy count limit when planning your App Control policies. Any [Windows inbox policies](inbox-appcontrol-policies.md) that are active on the device also count towards this limit. To remove the maximum policy limit, install the Windows security update released on, or after, April 9, 2024 and then restart the device. Otherwise, reduce the number of policies on the device to remain below 32 policies.
+
+> [!NOTE]
+> The policy limit was not removed on Windows 11 21H2, and will remain limited to 32 policies.
+
+### Audit mode policies can change the behavior for some apps or cause app crashes
+
+Although App Control audit mode is designed to avoid impact to apps, some features are always on/always enforced with any App Control policy that turns on user mode code integrity (UMCI) with the option **0 Enabled:UMCI**. Here's a list of known system changes in audit mode:
+
+- Some script hosts might block code or run code with fewer privileges even in audit mode. See [Script enforcement with App Control](../design/script-enforcement.md) for information about individual script host behaviors.
+- Option **19 Enabled:Dynamic Code Security** is always enforced if any UMCI policy includes that option. See [App Control and .NET](../design/appcontrol-and-dotnet.md#app-control-and-net-hardening).
+
+### .NET native images may generate false positive block events
+
+In some cases, the code integrity logs where App Control for Business errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
+
+### Signatures using elliptical curve cryptography (ECC) aren't supported
+
+App Control signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If App Control blocks a file based on ECC signatures, the corresponding 3089 signature information events show VerificationError = 23. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
+
+### MSI installers are treated as user writeable on Windows 10 when allowed by FilePath rule
+
+MSI installer files are always detected as user writeable on Windows 10, and on Windows Server 2022 and earlier. If you need to allow MSI files using FilePath rules, you must set option **18 Disabled:Runtime FilePath Rule Protection** in your App Control policy.
+
+### MSI Installations launched directly from the internet are blocked by App Control
+
+Installing .msi files directly from the internet to a computer protected by App Control fails.
+For example, this command fails:
+
+```cmd
+msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
+```
+
+As a workaround, download the MSI file and run it locally:
+
+```cmd
+msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
+```
+
+### Slow boot and performance with custom policies
+
+App Control evaluates all processes that run, including inbox Windows processes. You can cause slower boot times, degraded performance, and possibly boot issues if your policies don't build upon the App Control templates or don't trust the Windows signers. For these reasons, you should use the [App Control base templates](../design/example-appcontrol-base-policies.md) whenever possible to create your policies.
+
+#### AppId Tagging policy considerations
+
+AppId Tagging policies that aren't built upon the App Control base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
+
+If you can't allowlist the Windows signers or build off the App Control base templates, add the following rule to your policies to improve the performance:
+
+:::image type="content" source="../images/known-issue-appid-dll-rule.png" alt-text="Allow all dlls in the policy.":::
+
+:::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy.":::
+
+Since AppId Tagging policies evaluate but can't tag dll files, this rule short circuits dll evaluation and improve evaluation performance.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md
similarity index 79%
rename from windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
rename to windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md
index c17adb2b1c..d39105c4a1 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -1,29 +1,29 @@
 ---
-title: Query Application Control events with Advanced Hunting
-description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
+title: Query App Control events with Advanced Hunting
+description: Learn how to query App Control for Business events across your entire organization by using Advanced Hunting.
 ms.localizationpriority: medium
-ms.date: 03/01/2022
+ms.date: 09/11/2024
 ms.topic: troubleshooting
 ---
 
-# Querying Application Control events centrally using Advanced hunting
+# Querying App Control events centrally using Advanced hunting
 
-A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode.
+An App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode.
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems.
 
-In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view WDAC events centrally from all connected systems.
+In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view App Control events centrally from all connected systems.
 
-Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with "AppControl".
+Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. App Control events can be queried with using an ActionType that starts with "AppControl".
 This capability is supported beginning with Windows version 1607.
 
 ## Action Types
 
 | ActionType Name | ETW Source Event ID | Description |
 | - | - | - |
-| AppControlCodeIntegrityDriverRevoked | 3023 | The driver file under validation didn't meet the requirements to pass the application control policy. |
+| AppControlCodeIntegrityDriverRevoked | 3023 | The driver file under validation didn't meet the requirements to pass the App Control policy. |
 | AppControlCodeIntegrityImageRevoked | 3036 | The signed file under validation is signed by a code signing certificate that has been revoked by Microsoft or the certificate issuing authority. |
-| AppControlCodeIntegrityPolicyAudited | 3076 | This event is the main Windows Defender Application Control block event for audit mode policies. It indicates the file would have been blocked if the WDAC policy was enforced. |
-| AppControlCodeIntegrityPolicyBlocked | 3077 | This event is the main Windows Defender Application Control block event for enforced policies. It indicates the file didn't pass your WDAC policy and was blocked. |
+| AppControlCodeIntegrityPolicyAudited | 3076 | This event is the main App Control for Business block event for audit mode policies. It indicates the file would have been blocked if the App Control policy was enforced. |
+| AppControlCodeIntegrityPolicyBlocked | 3077 | This event is the main App Control for Business block event for enforced policies. It indicates the file didn't pass your App Control policy and was blocked. |
 | AppControlExecutableAudited | 8003 | Applied only when the Audit only enforcement mode is enabled. Specifies the .exe or .dll file would be blocked if the Enforce rules enforcement mode were enabled. |
 | AppControlExecutableBlocked | 8004 | The .exe or .dll file can't run. |
 | AppControlPackagedAppAudited | 8021 | Applied only when the Audit only enforcement mode is enabled. Specifies the packaged app would be blocked if the Enforce rules enforcement mode were enabled. |
@@ -39,15 +39,15 @@ This capability is supported beginning with Windows version 1607.
 | AppControlCodeIntegritySigningInformation | 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. |
 | AppControlPolicyApplied | 8001 | Indicates the AppLocker policy was successfully applied to the computer. |
 
-Learn more about the [Understanding Application Control event IDs (Windows)](event-id-explanations.md)
+Learn more about the [Understanding App Control event IDs (Windows)](event-id-explanations.md)
 
-## Example Advanced Hunting Application Control Queries
+## Example Advanced Hunting App Control Queries
 
-Query Example 1: Query the application control action types summarized by type for past seven days
+Query Example 1: Query the App Control action types summarized by type for past seven days
 
-Here's a simple example query that shows all the Windows Defender Application Control events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
+Here's a simple example query that shows all the App Control for Business events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
 
-```
+```kusto
 DeviceEvents
 | where Timestamp > ago(7d) and
 ActionType startswith "AppControl"
@@ -55,7 +55,7 @@ ActionType startswith "AppControl"
 | order by Machines desc
 ```
 
-The query results can be used for several important functions related to managing Windows Defender Application Control including:
+The query results can be used for several important functions related to managing App Control for Business including:
 
 - Assessing the impact of deploying policies in audit mode
   Since applications still run in audit mode, it's an ideal way to see the impact and correctness of the rules included in the policy. Integrating the generated events with Advanced Hunting makes it much easier to have broad deployments of audit mode policies and see how the included rules would influence those systems in real world usage. This audit mode data will help streamline the transition to using policies in enforced mode.
@@ -64,7 +64,7 @@ The query results can be used for several important functions related to managin
 
 Query Example #2: Query to determine audit blocks in the past seven days
 
-```
+```kusto
 DeviceEvents
 | where ActionType startswith "AppControlExecutableAudited"
 | where Timestamp > ago(7d)
diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
deleted file mode 100644
index 239ddd052c..0000000000
--- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Windows Defender Application Control and virtualization-based code integrity
-description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with Windows Defender Application Control (WDAC).
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.date: 03/26/2024
-ms.topic: conceptual
-appliesto:
-- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
-- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
-- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>
-- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>
-- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>
----
-
-# Windows Defender Application Control and virtualization-based protection of code integrity
-
-Windows includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they behave more like kiosk devices. In this configuration, [**Windows Defender Application Control (WDAC)**](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md).
-
-> [!NOTE]
-> Memory integrity is sometimes referred to as *hypervisor-protected code integrity (HVCI)* or *hypervisor enforced code integrity*, and was originally released as part of *Device Guard*. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
-
-WDAC policies and memory integrity are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows devices. Using WDAC to restrict devices to only authorized apps has these advantages over other solutions:
-
-1. The Windows kernel handles enforcement of WDAC policy and requires no other services or agents.
-1. The WDAC policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run.
-1. WDAC lets you set application control policy for any code that runs on Windows, including kernel mode drivers and even code that runs as part of Windows.
-1. Customers can protect the WDAC policy even from local administrator tampering by digitally signing the policy. Changing signed policy requires both administrative privilege and access to the organization's digital signing process. Using signed policies makes it difficult for an attacker, including one who manages to gain administrative privilege, to tamper with WDAC policy.
-1. You can protect the entire WDAC enforcement mechanism with memory integrity. Even if a vulnerability exists in kernel mode code, memory integrity greatly reduces the likelihood that an attacker could successfully exploit it. Without memory integrity, an attacker who compromises the kernel could normally disable most system defenses, including application control policies enforced by WDAC or any other application control solution.
-
-There are no direct dependencies between WDAC and memory integrity. You can deploy them individually or together and there's no order in which they must be deployed.
-
-Memory integrity relies on Windows Virtualization-based security, and has hardware, firmware, and kernel driver compatibility requirements that some older systems can't meet.
-
-WDAC has no specific hardware or software requirements.
-
-## Related articles
-
-- [Windows Defender Application Control](windows-defender-application-control/wdac.md)
-- [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
-- [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865)
diff --git a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md
new file mode 100644
index 0000000000..ce8d6225a0
--- /dev/null
+++ b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md
@@ -0,0 +1,43 @@
+---
+title: App Control for Business and virtualization-based code integrity
+description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with App Control for Business.
+ms.localizationpriority: medium
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
+ms.date: 09/11/2024
+ms.topic: conceptual
+appliesto:
+- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
+- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
+- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>
+- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>
+- ✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>
+---
+
+# App Control and virtualization-based protection of code integrity
+
+Windows includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they behave more like kiosk devices. In this configuration, [**App Control for Business**](app-control-for-business/appcontrol.md) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md).
+
+> [!NOTE]
+> Memory integrity is sometimes referred to as **hypervisor-protected code integrity (HVCI)** or **hypervisor enforced code integrity**, and was originally released as part of **Device Guard**. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
+
+App Control policies and memory integrity are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows devices. Using App Control to restrict devices to only authorized apps has these advantages over other solutions:
+
+1. The Windows kernel handles enforcement of App Control policy and requires no other services or agents.
+1. The App Control policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run.
+1. App Control lets you set application control policy for any code that runs on Windows, including kernel mode drivers and even code that runs as part of Windows.
+1. Customers can protect the App Control policy even from local administrator tampering by digitally signing the policy. Changing signed policy requires both administrative privilege and access to the organization's digital signing process. Using signed policies makes it difficult for an attacker, including one who manages to gain administrative privilege, to tamper with App Control policy.
+1. You can protect the entire App Control enforcement mechanism with memory integrity. Even if a vulnerability exists in kernel mode code, memory integrity greatly reduces the likelihood that an attacker could successfully exploit it. Without memory integrity, an attacker who compromises the kernel could normally disable most system defenses, including application control policies enforced by App Control or any other application control solution.
+
+There are no direct dependencies between App Control and memory integrity. You can deploy them individually or together and there's no order in which they must be deployed.
+
+Memory integrity relies on Windows Virtualization-based security, and has hardware, firmware, and kernel driver compatibility requirements that some older systems can't meet.
+
+App Control has no specific hardware or software requirements.
+
+## Related articles
+
+- [App Control for Business](app-control-for-business/appcontrol.md)
+- [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
+- [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865)
diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml
index f8b2ebf7a8..3a7a1fa706 100644
--- a/windows/security/application-security/application-control/toc.yml
+++ b/windows/security/application-security/application-control/toc.yml
@@ -1,10 +1,10 @@
 items:
 - name: Smart App Control
-  href: windows-defender-application-control/wdac.md
-- name: Windows Defender Application Control
-  href: windows-defender-application-control/wdac.md
-- name: Windows Defender Application Control and virtualization-based protection of code integrity
-  href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+  href: app-control-for-business/appcontrol.md
+- name: App Control for Business
+  href: app-control-for-business/appcontrol.md
+- name: App Control for Business and virtualization-based protection of code integrity
+  href: introduction-to-virtualization-based-security-and-appcontrol.md
 - name: User Account Control (UAC)
   items:
   - name: Overview
@@ -14,5 +14,4 @@ items:
   - name: UAC settings and configuration
     href: user-account-control/settings-and-configuration.md
 - name: Microsoft Vulnerable Driver Blocklist
-  href: windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
-  
+  href: app-control-for-business/design/microsoft-recommended-driver-block-rules.md
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
deleted file mode 100644
index 4b7e1e6b2f..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Create your Windows Defender Application Control AppId Tagging Policies
-description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
-ms.localizationpriority: medium
-ms.date: 04/29/2022
-ms.topic: conceptual
----
-
-# Creating your WDAC AppId Tagging Policies
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-## Create the policy using the WDAC Wizard
-
-You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md).
-
-1. Create a new base policy using the templates:
-
-	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
-
-	![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
-
-	> [!NOTE]
-	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
-	For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
-
-2. 	Set the following rule-options using the Wizard toggles:
-
-	![Configuring the policy rule-options.](../images/appid-wdac-wizard-2.png)
-
-3. Create custom rules:
-
-	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
-
-	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
-	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
-	- File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name.
-	- Package app name rules: Create a rule based off the package family name of an appx/msix.
-	- Hash rules: Create a rule based off the PE Authenticode hash of a file.
-
-	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
-
-4. Convert to AppId Tagging Policy:
-
-	After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
-
-	```powershell
-	Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
-	```
-	The policyID GUID is returned by the PowerShell command if successful.
-
-## Create the policy using PowerShell
-
-Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
-
-1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules:
-
-	```powershell
-	$rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath <path_to_application>
-	```
-2. Create the AppId Tagging Policy. Replace the AppIdTagging Key-Value pair for your scenario:
-
-	```powershell
-	New-CIPolicy -rules $rule -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
-	```
-3. Set the rule-options for the policy:
-
-	```powershell
-	Set-RuleOption -Option 0 .\AppIdPolicy.xml  # Usermode Code Integrity (UMCI)
-	Set-RuleOption -Option 16 .\AppIdPolicy.xml # Refresh Policy no Reboot
-	Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
-	```
-
-	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
-
-4. Set the name and ID on the policy, which is helpful for future debugging:
-
-	```powershell
-	Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
-	```
-	The policyID GUID is returned by the PowerShell command if successful.
-
-## Deploy for Local Testing
-
-After creating your AppId Tagging policy in the above steps, you can deploy the policy to your local machine for testing before broadly deploying the policy to your endpoints:
-
-1. Depending on your deployment method, convert the xml to binary:
-
-	```powershell
-	Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip"
-	```
-
-2. Optionally, deploy it for local testing:
-
-	```powershell
-		copy ".\{Policy ID}.cip" c:\windows\system32\codeintegrity\CiPolicies\Active\
-		./RefreshPolicy.exe
-	```
-
-	RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925).
-
-## Next Steps
-For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
deleted file mode 100644
index fa463a999a..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Use audit events to create WDAC policy rules
-description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
-ms.localizationpriority: medium
-ms.date: 05/03/2018
-ms.topic: conceptual
----
-
-# Use audit events to create WDAC policy rules
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
-
-Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included.
-
-While a WDAC policy is running in audit mode, any binary that runs but would have been denied is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. Script and MSI are logged in the **Applications and Services Logs\\Microsoft\\Windows\\AppLocker\\MSI and Script** event log. These events can be used to generate a new WDAC policy that can be merged with the original Base policy or deployed as a separate Supplemental policy, if allowed.
-
-## Overview of the process to create WDAC policy to allow apps using audit events
-
-> [!Note]
-> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md).
-
-To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy.
-
-1. Install and run an application not allowed by the WDAC policy but that you want to allow.
-
-2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md).
-
-   **Figure 1. Exceptions to the deployed WDAC policy**
-   ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png)
-
-3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
-
-   ```powershell
-   $PolicyName= "Lamna_FullyManagedClients_Audit"
-   $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
-   $EventsPolicy=$env:userprofile+"\Desktop\EventsPolicy.xml"
-   $EventsPolicyWarnings=$env:userprofile+"\Desktop\EventsPolicyWarnings.txt"
-   ```
-
-4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**.
-
-   ```powershell
-   New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
-   ```
-
-   > [!NOTE]
-   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
-
-5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)).
-
-6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level.
-
-   > [!NOTE]
-   > New-CIPolicy only creates rules for files that can still be found on disk. Files which are no longer present on the system will not have a rule created to allow them. However, the event log should have sufficient information to allow these files by manually editing the policy XML to add rules. You can use an existing rule as a template and verify your results against the WDAC policy schema definition found at **%windir%\schemas\CodeIntegrity\cipolicy.xsd**.
-
-7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy.
-
-    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md).
-
-8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
deleted file mode 100644
index 78a686dada..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Deploy WDAC policies via Group Policy
-description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
-ms.localizationpriority: medium
-ms.date: 01/23/2023
-ms.topic: how-to
----
-
-# Deploy Windows Defender Application Control policies by using Group Policy
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-> [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart.
->
-> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
-
-Single-policy format Windows Defender Application Control policies (pre-1903 policy schema) can be easily deployed and managed with Group Policy.
-
-> [!IMPORTANT]
-> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for policy deployment.
-
-You should now have a WDAC policy converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
-
-The following procedure walks you through how to deploy a WDAC policy called **SiPolicy.p7b** to a test OU called *WDAC Enabled PCs* by using a GPO called **Contoso GPO Test**.
-
-To deploy and manage a Windows Defender Application Control policy with Group Policy:
-
-1. On a client computer on which RSAT is installed, open the GPMC by running **GPMC.MSC**
-
-2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**.
-
-   > [!NOTE]
-   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md).
-
-   ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png)
-
-3. Name the new GPO. You can choose any name.
-
-4. Open the Group Policy Management Editor: right-click the new GPO, and then select **Edit**.
-
-5. In the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Deploy Windows Defender Application Control** and then select **Edit**.
-
-    ![Edit the Group Policy for Windows Defender Application Control.](../images/wdac-edit-gp.png)
-
-6. In the **Deploy Windows Defender Application Control** dialog box, select the **Enabled** option, and then specify the WDAC policy deployment path.
-
-    In this policy setting, you specify either the local path where the policy will exist on each client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. For example, the path to SiPolicy.p7b using the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) would be %USERPROFILE%\Desktop\SiPolicy.p7b.
-
-    > [!NOTE]
-    > This policy file does not need to be copied to every computer. You can instead copy the WDAC policies to a file share to which all computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers.
-
-    ![Group Policy called Deploy Windows Defender Application Control.](../images/dg-fig26-enablecode.png)
-
-    > [!NOTE]
-    > You may have noticed that the GPO setting references a .p7b file, but the file extension and name of the policy binary do not matter. Regardless of what you name your policy binary, they are all converted to SIPolicy.p7b when applied to the client computers running Windows 10. If you are deploying different WDAC policies to different sets of devices, you may want to give each of your WDAC policies a friendly name and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository.
-
-7. Close the Group Policy Management Editor, and then restart the Windows test computer. Restarting the computer updates the WDAC policy.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md
deleted file mode 100644
index c7086b6b5e..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-title: Deploy WDAC policies using Mobile Device Management (MDM)
-description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-ms.localizationpriority: medium
-ms.date: 08/30/2023
-ms.topic: how-to
----
-
-# Deploy WDAC policies using Mobile Device Management (MDM)
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
-
-> [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart.
->
-> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
-
-## Use Intune's built-in policies
-
-Intune's built-in Windows Defender Application Control support allows you to configure Windows client computers to only run:
-
-- Windows components
-- Third-party hardware and software kernel drivers
-- Microsoft Store-signed apps
-- [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG)
-
-> [!NOTE]
-> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to create and deploy multiple-policy format files. Or, you can use Intune's custom OMA-URI feature to deploy your own multiple-policy format WDAC policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic.
-
-> [!NOTE]
-> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP always requests a device restart when it applies WDAC policies. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to deploy your own WDAC policies without a restart. Or, you can use Intune's custom OMA-URI feature with the ApplicationControl CSP.
-
-To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windows 10 (and later)](/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json).
-
-## Deploy WDAC policies with custom OMA-URI
-
-> [!NOTE]
-> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy.
-
-You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
-
-### Deploy custom WDAC policies on Windows 10 1903+
-
-Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies.
-
-> [!NOTE]
-> You must convert your custom policy XML to binary form before deploying with OMA-URI.
-
-The steps to use Intune's custom OMA-URI functionality are:
-
-1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
-
-2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
-    - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy`
-    - **Data type**: Base64 (file)
-    - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf.
-
-    :::image type="content" alt-text="Configure custom WDAC." source="../images/wdac-intune-custom-oma-uri.png" lightbox="../images/wdac-intune-custom-oma-uri.png":::
-
-> [!NOTE]
-> For the _Policy GUID_ value, do not include the curly brackets.
-
-### Remove WDAC policies on Windows 10 1903+
-
-Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable Windows Defender Application Control enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example  policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This deletion will prevent anything from being blocked and fully remove the WDAC policy on the next reboot.
-
-### For pre-1903 systems
-
-#### Deploying policies
-
-The steps to use Intune's Custom OMA-URI functionality to apply the [AppLocker CSP](/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are:
-
-1. Convert the policy XML to binary format using the [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-
-2. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
-
-3. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
-    - **OMA-URI**: `./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy`
-    - **Data type**: Base64 (file)
-    - **Certificate file**: upload your binary format policy file
-
-   > [!NOTE]
-   > Deploying policies via the AppLocker CSP will force a reboot during OOBE.
-
-#### Removing policies
-
-Policies deployed through Intune via the AppLocker CSP can't be deleted through the Intune console. In order to disable Windows Defender Application Control policy enforcement, either deploy an audit-mode policy or use a script to delete the existing policy.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
deleted file mode 100644
index d4135733c2..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: Deploy Windows Defender Application Control policies with Configuration Manager
-description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-ms.date: 06/27/2022
-ms.topic: how-to
-ms.localizationpriority: medium
----
-
-# Deploy WDAC policies by using Microsoft Configuration Manager
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
-
-You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines.
-
-## Use Configuration Manager's built-in policies
-
-Configuration Manager includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
-
-- Windows components
-- Microsoft Store apps
-- Apps installed by Configuration Manager (Configuration Manager self-configured as a managed installer)
-- (Optional) Reputable apps as defined by the Intelligent Security Graph (ISG)
-- (Optional) Apps and executables already installed in admin-definable folder locations that Configuration Manager will allow through a one-time scan during policy creation on managed endpoints.
-
-Configuration Manager doesn't remove policies once deployed. To stop enforcement, you should switch the policy to audit mode, which will produce the same effect. If you want to disable Windows Defender Application Control (WDAC) altogether (including audit mode), you can deploy a script to delete the policy file from disk, and either trigger a reboot or wait for the next reboot.
-
-### Create a WDAC Policy in Configuration Manager
-
-1. Select **Asset and Compliance** > **Endpoint Protection** > **Windows Defender Application Control** > **Create Application Control Policy**
-
-    ![Create a WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy.jpg)
-
-2. Enter the name of the policy > **Next**
-3. Enable **Enforce a restart of devices so that this policy can be enforced for all processes**
-4. Select the mode that you want the policy to run (Enforcement enabled / Audit Only)
-5. Select **Next**
-
-    ![Create an enforced WDAC policy in Configuration Manager.](../images/memcm/memcm-create-wdac-policy-2.jpg)
-
-6. Select **Add** to begin creating rules for trusted software
-
-    ![Create a WDAC path rule in Configuration Manager.](../images/memcm/memcm-create-wdac-rule.jpg)
-
-7. Select **File** or **Folder** to create a path rule > **Browse**
-
-    ![Select a file or folder to create a path rule.](../images/memcm/memcm-create-wdac-rule-2.jpg)
-
-8. Select the executable or folder for your path rule > **OK**
-
-    ![Select the executable file or folder.](../images/memcm/memcm-create-wdac-rule-3.jpg)
-
-9. Select **OK** to add the rule to the table of trusted files or folder
-10. Select **Next** to navigate to the summary page > **Close**
-
-    ![Confirm the WDAC path rule in Configuration Manager.](../images/memcm/memcm-confirm-wdac-rule.jpg)
-
-### Deploy the WDAC policy in Configuration Manager
-
-1. Right-click the newly created policy > **Deploy Application Control Policy**
-
-    ![Deploy WDAC via Configuration Manager.](../images/memcm/memcm-deploy-wdac.jpg)
-
-2. Select **Browse**
-
-    ![Select Browse.](../images/memcm/memcm-deploy-wdac-2.jpg)
-
-3. Select the Device Collection you created earlier > **OK**
-
-    ![Select the device collection.](../images/memcm/memcm-deploy-wdac-3.jpg)
-
-4. Change the schedule > **OK**
-
-    ![Change the WDAC deployment schedule.](../images/memcm/memcm-deploy-wdac-4.jpg)
-
-For more information on using Configuration Manager's native WDAC policies, see [Windows Defender Application Control management with Configuration Manager](/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager).
-
-Download the entire [WDAC in Configuration Manager lab paper](https://download.microsoft.com/download/c/f/d/cfd6227c-8ec4-442d-8c50-825550d412f6/WDAC-Deploy-WDAC-using-MEMCM.pdf).
-
-## Deploy custom WDAC policies using Packages/Programs or Task Sequences
-
-Using Configuration Manager's built-in policies can be a helpful starting point, but customers may find the circle-of-trust options available in Configuration Manager too limiting. To define your own circle-of-trust, you can use Configuration Manager to deploy custom WDAC policies using [script-based deployment](deploy-wdac-policies-with-script.md) via Software Distribution Packages and Programs or Operating System Deployment Task Sequences.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
deleted file mode 100644
index 6910b03b04..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ /dev/null
@@ -1,105 +0,0 @@
----
-title: Deploy Windows Defender Application Control (WDAC) policies using script
-description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
-ms.manager: jsuther
-ms.date: 01/23/2023
-ms.topic: how-to
-ms.localizationpriority: medium
----
-
-# Deploy WDAC policies using script
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The following instructions use PowerShell but can work with any scripting host.
-
-You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
-
-> [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
->
-> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
-
-## Deploying policies for Windows 11 22H2 and above
-
-You can use the inbox [CiTool](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **&lt;Path to policy binary file to deploy&gt;** in the following example with the actual path to your WDAC policy binary file.
-
-```powershell
-# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
-$PolicyBinary = "<Path to policy binary file to deploy>"
-CiTool --update-policy $PolicyBinary [-json]
-```
-
-## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above
-
-To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
-
-1. Initialize the variables to be used by the script.
-
-    ```powershell
-    # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
-    $PolicyBinary = "<Path to policy binary file to deploy>"
-    $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\"
-    $RefreshPolicyTool = "<Path where RefreshPolicy.exe can be found from managed endpoints>"
-    ```
-
-2. Copy Windows Defender Application Control (WDAC) policy binary to the destination folder.
-
-   ```powershell
-   Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force
-   ```
-
-3. Repeat steps 1-2 as appropriate to deploy more WDAC policies.
-4. Run RefreshPolicy.exe to activate and refresh all WDAC policies on the managed endpoint.
-
-   ```powershell
-   & $RefreshPolicyTool
-   ```
-
-## Deploying policies for all other versions of Windows and Windows Server
-
-Use WMI to apply policies on all other versions of Windows and Windows Server.
-
-1. Initialize the variables to be used by the script.
-
-    ```powershell
-    # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903
-    $PolicyBinary = "<Path to policy binary file to deploy>"
-    $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b"
-    ```
-
-2. Copy Windows Defender Application Control (WDAC) policy binary to the destination.
-
-   ```powershell
-   Copy-Item  -Path $PolicyBinary -Destination $DestinationBinary -Force
-   ```
-
-3. Refresh and activate WDAC policy using WMI
-
-   ```powershell
-   Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary}
-   ```
-
-## Deploying signed policies
-
-If you're using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the locations outlined in the earlier sections. Unsigned WDAC policies don't need to be present in the EFI partition. <!-- Deploying your policy via [Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. -->
-
-1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt:
-
-    ```powershell
-   $MountPoint = 'C:\EFIMount'
-   $EFIDestinationFolder = "$MountPoint\EFI\Microsoft\Boot\CiPolicies\Active"
-   $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
-   if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
-   mountvol $MountPoint $EFIPartition
-   if (-Not (Test-Path $EFIDestinationFolder)) { New-Item -Path $EFIDestinationFolder -Type Directory -Force }
-    ```
-
-2. Copy the signed policy to the created folder:
-
-    ```powershell
-   Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force
-    ```
-
-3. Restart the system.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
deleted file mode 100644
index 46d07c19a7..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Deploying Windows Defender Application Control (WDAC) policies
-description: Learn how to plan and implement a WDAC deployment.
-ms.localizationpriority: medium
-ms.date: 01/23/2023
-ms.topic: overview
----
-
-# Deploying Windows Defender Application Control (WDAC) policies
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding.
-
-## Convert your WDAC policy XML to binary
-
-Before you deploy your WDAC policies, you must first convert the XML to its binary form. You can do this using the following PowerShell example. You must set the $WDACPolicyXMLFile variable to point to your WDAC policy XML file.
-
-   ```powershell
-    ## Update the path to your WDAC policy XML
-    $WDACPolicyXMLFile = $env:USERPROFILE + "\Desktop\MyWDACPolicy.xml"
-    [xml]$WDACPolicy = Get-Content -Path $WDACPolicyXMLFile
-    if (($WDACPolicy.SiPolicy.PolicyID) -ne $null) ## Multiple policy format (For Windows builds 1903+ only, including Server 2022)
-    {
-        $PolicyID = $WDACPolicy.SiPolicy.PolicyID
-        $PolicyBinary = $PolicyID+".cip"
-    }
-    else ## Single policy format (Windows Server 2016 and 2019, and Windows 10 1809 LTSC)
-    {
-        $PolicyBinary = "SiPolicy.p7b"
-    }
-
-    ## Binary file will be written to your desktop
-    ConvertFrom-CIPolicy -XmlFilePath $WDACPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary
-   ```
-
-## Plan your deployment
-
-As with any significant change to your environment, implementing application control can have unintended consequences. To ensure the best chance for success, you should follow safe deployment practices and plan your deployment carefully. Identify the devices you'll manage with WDAC and split them into deployment rings. This way, you can control the speed and scale of the deployment and respond if anything goes wrong. Define the success criteria that will determine when it's safe to continue from one ring to the next.
-
-All Windows Defender Application Control policy changes should be deployed in audit mode before proceeding to enforcement. Carefully monitor events from devices where the policy has been deployed to ensure the block events you observe match your expectation before broadening the deployment to other deployment rings. If your organization uses Microsoft Defender for Endpoint, you can use the Advanced Hunting feature to centrally monitor WDAC-related events. Otherwise, we recommend using an event log forwarding solution to collect relevant events from your managed endpoints.
-
-## Choose how to deploy WDAC policies
-
-> [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case.
->
-> This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
-
-There are several options to deploy Windows Defender Application Control policies to managed endpoints, including:
-
-- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune
-- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md)
-- [Deploy via script](deploy-wdac-policies-with-script.md)
-- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
deleted file mode 100644
index 7f203efaf7..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Policy creation for common WDAC usage scenarios
-description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
-ms.localizationpriority: medium
-ms.date: 04/05/2023
-ms.topic: conceptual
----
-
-# Windows Defender Application Control deployment in different scenarios: types of devices
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply "turn on." The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described.
-
-## Types of devices
-
-|  Type of device                 | How WDAC relates to this type of device  |
-|------------------------------------|------------------------------------------------------|
-| **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Application Control can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. |
-| **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request for more software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline Windows Defender Application Control policy can be established and enforced. Whenever the IT department approves more applications, it updates the WDAC policy and (for unsigned LOB applications) the catalog. |
-| **Fixed-workload devices**: Perform same tasks every day.<br>Lists of approved applications rarely change.<br>Examples: kiosks, point-of-sale systems, call center computers. | Windows Defender Application Control can be deployed fully, and deployment and ongoing administration are relatively straightforward.<br>After Windows Defender Application Control deployment, only approved applications can run. This rule is because of protections offered by WDAC. |
-| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, Windows Defender Application Control doesn't apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a blocklist only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. |
-
-## An introduction to Lamna Healthcare Company
-
-In the next set of articles, we'll explore each of the above scenarios using a fictional organization called Lamna Healthcare Company.
-
-Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
-
-Lamna uses [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Intune to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
-
-Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized many new security IT responses, including tightening policies for application use and introducing application control.
-
-## Up next
-
-- [Create a Windows Defender Application Control policy for lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md
deleted file mode 100644
index 76720b9535..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md
+++ /dev/null
@@ -1,149 +0,0 @@
----
-title: Create a WDAC policy for fully managed devices
-description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in system core.
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 11/07/2022
----
-
-# Create a WDAC policy for fully managed devices
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
-
-> [!NOTE]
-> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
-
-As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
-
-**Alice Pena** is the IT team lead tasked with the rollout of WDAC.
-
-Alice previously created a policy for the organization's lightly managed devices. Some devices, however, are more tightly managed and can benefit from a more constrained policy. In particular, certain job functions such as administrative staff and firstline workers aren't granted administrator level access to their devices. Similarly, shared kiosks are configured only with a managed set of apps and all users of the device except IT run as standard user. On these devices, all apps are deployed and installed by IT.
-
-## Define the "circle-of-trust" for fully managed devices
-
-Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed devices:
-
-- All clients are running Windows 10 version 1903 or above or Windows 11;
-- All clients are managed by Configuration Manager or with Intune;
-- Most, but not all, apps are deployed using Configuration Manager;
-- Sometimes, IT staff install apps directly to these devices without using Configuration Manager;
-- All users except IT are standard users on these devices.
-
-Alice's team develops a simple console application, called *LamnaITInstaller.exe*, which will become the authorized way for IT staff to install apps directly to devices. *LamnaITInstaller.exe* allows the IT pro to launch another process, such as an app installer. Alice will configure *LamnaITInstaller.exe* as an extra managed installer for WDAC and allows her to remove the need for filepath rules.
-
-Based on the above, Alice defines the pseudo-rules for the policy:
-
-1. **"Windows works"** rules that authorize:
-   - Windows
-   - WHQL (third-party kernel drivers)
-   - Windows Store signed apps
-
-2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function.
-3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer)
-
-The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
-
-- Removal of the Intelligent Security Graph (ISG) option; and
-- Removal of filepath rules.
-
-## Create a custom base policy using an example WDAC base policy
-
-Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully managed devices and decides to use Configuration Manager to create the initial base policy and then customize it to meet Lamna's needs.
-
-Alice follows these steps to complete this task:
-
-> [!NOTE]
-> If you do not use Configuration Manager or prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the Configuration Manager policy path with your preferred example base policy.
-
-1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above, or Windows 11.
-
-2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
-
-      ```powershell
-      $PolicyPath=$env:userprofile+"\Desktop\"
-      $PolicyName= "Lamna_FullyManagedClients_Audit"
-      $LamnaPolicy=$PolicyPath+$PolicyName+".xml"
-      $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
-      ```
-
-3. Copy the policy created by Configuration Manager to the desktop:
-
-      ```powershell
-      cp $ConfigMgrPolicy $LamnaPolicy
-      ```
-
-4. Give the new policy a unique ID, descriptive name, and initial version number:
-
-      ```powershell
-      Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID
-      Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0"
-      ```
-
-5. Modify the copied policy to set policy rules:
-
-      ```powershell
-      Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode
-      Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy
-      Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu
-      Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps
-      Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
-      Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot
-      Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental
-      Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security
-      ```
-
-6. If appropriate, add more signer or file rules to further customize the policy for your organization.
-
-7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the Windows Defender Application Control policy to a binary format:
-
-   ```powershell
-    [xml]$PolicyXML = Get-Content $LamnaPolicy
-    $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip"
-    ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin
-   ```
-
-8. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
-
-At this point, Alice now has an initial policy that is ready to deploy in audit mode to the managed clients within Lamna.
-
-## Security considerations of this fully managed policy
-
-Alice has defined a policy for Lamna's fully managed devices that makes some trade-offs between security and manageability for apps. Some of the trade-offs include:
-
-- **Users with administrative access**<br>
-    Although applying to fewer users, Lamna still allows some IT staff to sign in to its fully managed devices as administrator. This privilege allows these users (or malware running with the user's privileges) to modify or remove altogether the WDAC policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer that would allow them to gain persistent app authorization for whatever apps or binaries they wish.
-
-   Possible mitigations:
-  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
-  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
-  - Use device attestation to detect the configuration state of WDAC at boot time and use that information to condition access to sensitive corporate resources.
-- **Unsigned policies**<br>
-    Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy.
-
-   Existing mitigations applied:
-  - Limit who can elevate to administrator on the device.
-
-   Possible mitigations:
-  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
-- **Managed installer**<br>
-    See [security considerations with managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md#security-considerations-with-managed-installer)
-
-   Existing mitigations applied:
-  - Limit who can elevate to administrator on the device.
-
-   Possible mitigations:
-  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
-- **Supplemental policies**<br>
-    Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction.
-
-   Possible mitigations:
-  - Use signed WDAC policies that allow authorized signed supplemental policies only.
-  - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
-
-## Up next
-
-- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md)
-- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
deleted file mode 100644
index 4b7a2f317b..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
+++ /dev/null
@@ -1,125 +0,0 @@
----
-title: Create a WDAC policy using a reference computer
-description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
-ms.localizationpriority: medium
-ms.date: 08/08/2022
-ms.topic: how-to
----
-
-# Create a WDAC policy using a reference computer
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity.
-
-> [!NOTE]
-> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
-
-As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
-
-**Alice Pena** is the IT team lead tasked with the rollout of WDAC.
-
-## Create a custom base policy using a reference device
-
-Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a "golden" image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on.
-
-> [!NOTE]
-> Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. <br><br> Each installed software application should be validated as trustworthy before you create a policy. <br><br> We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer.
-
-Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's critical infrastructure servers:
-
-- All devices are running Windows Server 2019 or above;
-- All apps are centrally managed and deployed;
-- No interactive users.
-
-Based on the above, Alice defines the pseudo-rules for the policy:
-
-1. **"Windows works"** rules that authorize:
-   - Windows
-   - WHQL (third-party kernel drivers)
-   - Windows Store signed apps
-
-2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
-
-To create the WDAC policy, Alice runs each of the following commands in an elevated Windows PowerShell session, in order:
-
-1. Initialize variables.
-
-   ```powershell
-   $PolicyPath=$env:userprofile+"\Desktop\"
-   $PolicyName="FixedWorkloadPolicy_Audit"
-   $LamnaServerPolicy=$PolicyPath+$PolicyName+".xml"
-   $DefaultWindowsPolicy=$env:windir+"\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml"
-   ```
-
-2. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a new WDAC policy by scanning the system for installed applications:
-
-   ```powershell
-   New-CIPolicy -FilePath $LamnaServerPolicy -Level SignedVersion -Fallback FilePublisher,FileName,Hash -ScanPath c:\ -UserPEs -MultiplePolicyFormat -OmitPaths c:\Windows,'C:\Program Files\WindowsApps\',c:\windows.old\,c:\users\ 3> CIPolicyLog.txt
-   ```
-
-   > [!Note]
-   >
-   > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md).
-   > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the tool will scan the C-drive by default.
-   > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. If you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers. In other words, the allow list will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
-   > - To create a policy for Windows 10 1903 and above, including support for supplemental policies, use **-MultiplePolicyFormat**.
-   > - To specify a list of paths to exclude from the scan, use the **-OmitPaths** option and supply a comma-delimited list of paths.
-   > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
-
-3. Merge the new policy with the WindowsDefault_Audit policy to ensure all Windows binaries and kernel drivers will load.
-
-      ```powershell
-      Merge-CIPolicy -OutputFilePath $LamnaServerPolicy -PolicyPaths $LamnaServerPolicy,$DefaultWindowsPolicy
-      ```
-
-4. Give the new policy a descriptive name, and initial version number:
-
-      ```powershell
-      Set-CIPolicyIdInfo -FilePath $LamnaServerPolicy -PolicyName $PolicyName
-      Set-CIPolicyVersion -FilePath $LamnaServerPolicy -Version "1.0.0.0"
-      ```
-
-5. Modify the merged policy to set policy rules:
-
-      ```powershell
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 3 # Audit Mode
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 6 # Unsigned Policy
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 9 # Advanced Boot Menu
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 12 # Enforce Store Apps
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 16 # No Reboot
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 17 # Allow Supplemental
-      Set-RuleOption -FilePath $LamnaServerPolicy -Option 19 # Dynamic Code Security
-      ```
-
-6. If appropriate, add more signer or file rules to further customize the policy for your organization.
-
-7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
-
-   ```powershell
-   [xml]$LamnaServerPolicyXML = Get-Content $LamnaServerPolicy
-   $PolicyId = $LamnaServerPolicyXML.SiPolicy.PolicyId
-   $LamnaServerPolicyBin = $PolicyPath+$PolicyId+".cip"
-   ConvertFrom-CIPolicy $LamnaServerPolicy $LamnaServerPolicyBin
-   ```
-
-8. Upload the base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
-
-Alice now has an initial policy for Lamna's critical infrastructure servers that is ready to deploy in audit mode.
-
-## Create a custom base policy to minimize user impact on in-use client devices
-
-Alice previously created a policy for the organization's fully managed devices. Alice has included the fully managed device policy as part of Lamna's device build process so all new devices now begin with WDAC enabled. She's preparing to deploy the policy to systems that are already in use, but is worried about causing disruption to users' productivity. To minimize that risk, Alice decides to take a different approach for those systems. She'll continue to deploy the fully managed device policy in audit mode to those devices, but for enforcement mode she'll merge the fully managed device policy rules with a policy created by scanning the device for all previously installed software. In this way, each device is treated as its own "golden" system.
-
-Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed in-use devices:
-
-- Everything described for Lamna's [Fully Managed Devices](create-wdac-policy-for-fully-managed-devices.md);
-- Users have installed apps that they need to continue to run.
-
-Based on the above, Alice defines the pseudo-rules for the policy:
-
-1. Everything included in the Fully Managed Devices policy
-2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
-
-For Lamna's existing, in-use devices, Alice deploys a script along with the Fully Managed Devices policy XML (not the converted WDAC policy binary). The script then generates a custom policy locally on the client as described in the previous section, but instead of merging with the DefaultWindows policy, the script merges with Lamna's Fully Managed Devices policy. Alice also modifies the steps above to match the requirements of this different use case.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
deleted file mode 100644
index caebc2c6c3..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
+++ /dev/null
@@ -1,89 +0,0 @@
----
-title: Plan for WDAC policy management
-description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
-ms.localizationpriority: medium
-ms.date: 11/22/2023
-ms.topic: conceptual
----
-
-# Plan for Windows Defender Application Control lifecycle policy management
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-This article describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies.
-
-## Policy XML lifecycle management
-
-The first step in implementing application control is to consider how your policies will be managed and maintained over time. Developing a process for managing Windows Defender Application Control policies helps ensure that WDAC continues to effectively control how applications are allowed to run in your organization.
-
-Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include:
-
-1. [Define (or refine) the "circle-of-trust"](understand-wdac-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing.
-2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices.
-3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks.
-4. Repeat steps 2-3 until the remaining block events meet expectations.
-5. [Generate the enforced mode version](/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies) of the policy. In enforced mode, files that the policy doesn't allow are prevented from running and corresponding block events are generated.
-6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
-7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
-
-![Recommended WDAC policy deployment process.](../images/policyflow.png)
-
-### Keep WDAC policies in a source control or document management solution
-
-To effectively manage Windows Defender Application Control policies, you should store and maintain your policy XML documents in a central repository that is accessible to everyone responsible for WDAC policy management. We recommend a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration), which provide version control and allow you to specify metadata about the XML documents.
-
-### Set PolicyName, PolicyID, and Version metadata for each policy
-
-Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique policy ID. These unique attributes help you differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy.
-
-> [!NOTE]
-> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-wdac-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10.
-> PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy.
-
-In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0").
-
-### Policy rule updates
-
-You might need to revise your policy when new apps are deployed or existing apps are updated by the software publisher to ensure that apps run correctly. Whether policy rule updates are required will depend significantly on the types of rules your policy includes. Rules based on codesigning certificates provide the most resiliency against app changes while rules based on file attributes or hash are most likely to require updates when apps change. Alternatively, if you use WDAC [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) functionality and consistently deploy all apps and their updates through your managed installer, then you're less likely to need policy updates.
-
-## WDAC event management
-
-Each time that WDAC blocks a process, events are written to either the CodeIntegrity\Operational or the AppLocker\MSI and Script Windows event logs. The event describes the file that tried to run, the attributes of that file and its signatures, and the process that attempted to run the blocked file.
-
-Collecting these events in a central location can help you maintain your Windows Defender Application Control policy and troubleshoot rule configuration problems. You can [use the Azure Monitor Agent](/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent) to automatically collect your WDAC events for analysis.
-
-Additionally, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) collects WDAC events which can be queried using the [advanced hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md) feature.
-
-## Application and user support policy
-
-Considerations include:
-
-- What type of end-user support is provided for blocked applications?
-- How are new rules added to the policy?
-- How are existing rules updated?
-- Are events forwarded for review?
-
-### Help desk support
-
-If your organization has an established help desk support department in place, consider the following points when deploying Windows Defender Application Control policies:
-
-- What documentation does your support department require for new policy deployments?
-- What are the critical processes in each business group both in work flow and timing that will be affected by application control policies and how could they affect your support department's workload?
-- Who are the contacts in the support department?
-- How will the support department resolve application control issues between the end user and those resources who maintain the Windows Defender Application Control rules?
-
-### End-user support
-
-Because Windows Defender Application Control is preventing unapproved apps from running, it's important that your organization carefully plans how to provide end-user support. Considerations include:
-
-- Do you want to use an intranet site as a frontline of support for users who try to run a blocked app?
-- How do you want to support exceptions to the policy? Will you allow users to run a script to temporarily allow access to a blocked app?
-
-## Document your plan
-
-After deciding how your organization will manage your Windows Defender Application Control policy, record your findings.
-
-- **End-user support policy.** Document the process that you'll use for handling calls from users who have attempted to run a blocked app, and ensure that support personnel have clear escalation steps so that the administrator can update the Windows Defender Application Control policy, if necessary.
-- **Event processing.** Document whether events will be collected in a central location called a store, how that store will be archived, and whether the events will be processed for analysis.
-- **Policy management.** Detail what policies are planned, how they'll be managed, and how rules will be maintained over time.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
deleted file mode 100644
index 8ebfc6ca57..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Understand WDAC script enforcement
-description: WDAC script enforcement
-ms.manager: jsuther
-ms.date: 05/26/2023
-ms.topic: conceptual
-ms.localizationpriority: medium
----
-
-# Script enforcement with Windows Defender Application Control (WDAC)
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-> [!IMPORTANT]
-> Option **11 Disabled:Script Enforcement** is not supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and should not be used on those platforms. Doing so will result in unexpected script enforcement behaviors.
-
-## Script enforcement overview
-
-By default, script enforcement is enabled for all WDAC policies unless the option **11 Disabled:Script Enforcement** is set in the policy. WDAC script enforcement involves a handshake between an enlightened script host, such as PowerShell, and WDAC. However, the script host handles the actual enforcement behavior. Some script hosts, like the Microsoft HTML Application Host (mshta.exe), block all code execution if any WDAC UMCI policy is active. Most script hosts first ask WDAC whether a script should be allowed to run based on the WDAC policies currently active. The script host then either blocks, allows, or changes *how* the script is run to best protect the user and the device.
-
-Validation for signed scripts is done using the [WinVerifyTrust API](/windows/win32/api/wintrust/nf-wintrust-winverifytrust). To pass validation, the signature root must be present in the trusted root store on the device and your WDAC policy must allow it. This behavior is different from WDAC validation for executable files, which doesn't require installation of the root certificate.
-
-WDAC shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks WDAC if a script should be allowed, an event is logged with the answer WDAC returned to the script host. For more information on WDAC script enforcement events, see [Understanding Application Control events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#windows-applocker-msi-and-script-log).
-
-> [!NOTE]
-> When a script runs that is not allowed by policy, WDAC raises an event indicating that the script was "blocked." However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running.
->
-> Also be aware that some script hosts may change how they behave even if a WDAC policy is in audit mode only. You should review the script host specific information in this article and test thoroughly within your environment to ensure the scripts you need to run are working properly.
-
-## Enlightened script hosts that are part of Windows
-
-### PowerShell
-
-Your WDAC policies must allow all PowerShell scripts (.ps1), modules (.psm1), and manifests (.psd1) for them to run with Full Language rights.
-
-Your WDAC policies must also allow any **dependent modules** that are loaded by an allowed module, and module functions must be exported explicitly by name when WDAC is enforced. Modules that don't specify any exported functions (no export name list) still load but no module functions are accessible. Modules that use wildcards (\*) in their name will fail to load.
-
-Any PowerShell script that isn't allowed by WDAC policy still runs, but only in Constrained Language Mode.
-
-PowerShell **dot-sourcing** isn't recommended. Instead, scripts should use PowerShell modules to provide common functionality. If an allowed script file does try to run dot-sourced script files, those script files must also pass the policy.
-
-WDAC puts **interactive PowerShell** into Constrained Language Mode if any WDAC UMCI policy is enforced and *any* active WDAC policy enables script enforcement, even if that policy is in audit mode. To run interactive PowerShell with Full Language rights, you must disable script enforcement for *all* policies.
-
-For more information, see [About Language Modes](/powershell/module/microsoft.powershell.core/about/about_language_modes) and [Constrained Language Mode](https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/).
-
-### VBscript, cscript, and jscript
-
-Your WDAC policies must allow all scripts run using the Windows Based Script Host (wscript.exe) or the Microsoft Console Based Script Host (cscript.exe). If not, the script is blocked.
-
-### Microsoft HTML Application Host (MSHTA) and MSXML
-
-All code execution using MSHTA or MSXML is blocked if any WDAC policy with script enforcement is active, even if that policy is in audit mode.
-
-### COM objects
-
-WDAC additionally enforces a restricted allowlist for COM objects that your WDAC policy can expand or further restrict. COM object enforcement **isn't** affected by option **11 Disabled:Script Enforcement**. For more information on how to allow or deny COM objects, see [Allow COM object registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy).
-
-## Scripts that aren't directly controlled by WDAC
-
-WDAC doesn't directly control code run via the Windows Command Processor (cmd.exe), including .bat/.cmd script files. However, anything that such a batch script tries to run is subject to WDAC control. If you don't need to run cmd.exe, it's recommended to block it outright or allow it only by exception based on the calling process. See [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules).
-
-WDAC doesn't control scripts run through an unenlightened script host, such as many 3rd-party Java or Python engines. If your WDAC policy allows an unenlightened script host to run, then you implicitly allow all scripts run through that host. For non-Microsoft script hosts, you should check with the software vendor whether their script hosts are enlightened to WDAC policy.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
deleted file mode 100644
index 6f2f154463..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
+++ /dev/null
@@ -1,72 +0,0 @@
----
-title: Understanding Windows Defender Application Control (WDAC) secure settings
-description: Learn about secure settings in Windows Defender Application Control.
-ms.localizationpriority: medium
-ms.date: 04/05/2023
-ms.topic: conceptual
----
-
-# Understanding WDAC Policy Settings
-
-Windows Defender Application Control (WDAC) policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, ValueName, and a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
-
-An example settings section of a Windows Defender Application Control policy:
-
-```xml
-<Settings>
-  <Setting Provider="Contoso" Key="FooApplication" ValueName="DisableMacroExecution">
-    <Value>
-      <Boolean>true</Boolean>
-    </Value>
-  </Setting>
-</Settings>
-```
-
-## Example Scenario
-
-An application that may want to restrict its capabilities, when used on a system with an active Windows Defender Application Control policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso's Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don't want Foo Application to execute macros on a system with a WDAC policy.
-
-## WldpQuerySecurityPolicy
-
-API that queries the secure settings of a Windows Defender Application Control policy.
-
-### Syntax
-
-``` C++
-HRESULT WINAPI WldpQuerySecurityPolicy(
-    _In_ const UNICODE_STRING * Provider,
-    _In_ const UNICODE_STRING * Key,
-    _In_ const UNICODE_STRING * ValueName,
-    _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType,
-    _Out_writes_bytes_opt_(*ValueSize) PVOID Value,
-    _Inout_ PULONG ValueSize)
-```
-
-### Parameters
-
-Provider [in]
-Setting Provider name.
-
-#### Key [in]
-
-Key name of the Key-Value pair under Setting Provider "Provider".
-
-#### ValueName [in]
-
-The value name of the "Key-Value" pair.
-
-#### ValueType [in, out]
-
-Pointer to receive the value type.
-
-#### Value [in, out]
-
-Pointer to a buffer to receive the value. The buffer should be of size "ValueSize". If this value is NULL, this function returns the required buffer size for Value.
-
-#### ValueSize [in, out]
-
-On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer.
-
-#### Return Value
-
-This method returns S_OK if successful or a failure code otherwise.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
deleted file mode 100644
index d46c2de5a6..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
-description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
-ms.localizationpriority: medium
-ms.date: 11/02/2022
-ms.topic: how-to
----
-
-# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
-
-| Approach | Guideline |
-|---|---|
-| You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use `New-CIPolicyRule` with the `-AppID` option. |
-| In addition, you can work  from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use `New-CIPolicyRule` with the `-AppID` and `-Deny` options. |
-
-For example, to add rules to a WDAC policy called "Lamna_FullyManagedClients_Audit.xml" that allow **addin1.dll** and **addin2.dll** to be run by **ERP1.exe**, Lamna's enterprise resource planning (ERP) application, run the following commands. In the second command, **+=** is used to add a second rule to the **$rule** variable:
-
-```powershell
-$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
-$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
-```
-
-As another example, to create a Windows Defender Application Control policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application. Once you have all the rules you want, you can merge them into an existing WDAC policy using the Merge-CIPolicy cmdlet as shown here:
-
-```powershell
-$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
-Merge-CIPolicy -OutputFilePath .\Lamna_FullyManagedClients_Audit.xml -PolicyPaths .\Lamna_FullyManagedClients_Audit.xml -Rules $rule
-```
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
deleted file mode 100644
index 02cd2f93cd..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
+++ /dev/null
@@ -1,97 +0,0 @@
----
-title: Authorize reputable apps with the Intelligent Security Graph (ISG)
-description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
-ms.localizationpriority: medium
-ms.date: 12/31/2017
-ms.topic: how-to
----
-
-# Authorize reputable apps with the Intelligent Security Graph (ISG)
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy.
-
-To reduce end-user friction and helpdesk calls, you can set Windows Defender Application Control (WDAC) to automatically allow applications that Microsoft's Intelligent Security Graph (ISG) recognizes as having known good reputation. The ISG option helps organizations begin to implement application control even when the organization has limited control over their app ecosystem. To learn more about the ISG, see the Security section in [Major services and features in Microsoft Graph](/graph/overview-major-services).
-
-> [!WARNING]
-> Binaries that are critical to boot the system must be allowed using explicit rules in your WDAC policy. Do not rely on the ISG to authorize these files.
->
-> The ISG option is not the recommended way to allow apps that are business critical. You should always authorize business critical apps using explicit allow rules or by installing them with a [managed installer](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer).
-
-## How does WDAC work with the ISG?
-
-The ISG isn't a "list" of apps. Rather, it uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good", "known bad", or "unknown" reputation. This cloud-based AI is based on trillions of signals collected from Windows endpoints and other data sources, and processed every 24 hours. As a result, the decision from the cloud can change.
-
-WDAC only checks the ISG for binaries that aren't explicitly allowed or denied by your policy, and that weren't installed by a managed installer. When such a binary runs on a system with WDAC enabled with the ISG option, WDAC will check the file's reputation by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, then the file will be allowed to run. Otherwise, it will be blocked by WDAC.
-
-If the file with good reputation is an application installer, the installer's reputation will pass along to any files that it writes to disk. This way, all the files needed to install and run an app inherit the positive reputation data from the installer. Files authorized based on the installer's reputation will have the $KERNEL.SMARTLOCKER.ORIGINCLAIM kernel Extended Attribute (EA) written to the file.
-
-WDAC periodically requeries the reputation data on a file. Additionally, enterprises can specify that any cached reputation results are flushed on reboot by using the **Enabled:Invalidate EAs on Reboot** option.
-
-## Configuring ISG authorization for your WDAC policy
-
-Setting up the ISG is easy using any management solution you wish. Configuring the ISG option involves these basic steps:
-
-- [Ensure that the **Enabled:Intelligent Security Graph authorization** option is set in the WDAC policy XML](#ensure-that-the-isg-option-is-set-in-the-wdac-policy-xml)
-- [Enable the necessary services to allow WDAC to use the ISG correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client)
-
-### Ensure that the ISG option is set in the WDAC policy XML
-
-To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also set the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option isn't recommended for devices that don't have regular access to the internet. The following example shows both options set.
-
-```xml
-<Rules>
-    <Rule>
-      <Option>Enabled:Unsigned System Integrity Policy</Option>
-    </Rule>
-    <Rule>
-      <Option>Enabled:Advanced Boot Options Menu</Option>
-    </Rule>
-    <Rule>
-      <Option>Required:Enforce Store Applications</Option>
-    </Rule>
-    <Rule>
-      <Option>Enabled:UMCI</Option>
-    </Rule>
-    <Rule>
-      <Option>Enabled:Managed Installer</Option>
-    </Rule>
-    <Rule>
-      <Option>Enabled:Intelligent Security Graph Authorization</Option>
-    </Rule>
-    <Rule>
-      <Option>Enabled:Invalidate EAs on Reboot</Option>
-    </Rule>
-</Rules>
-```
-
-### Enable the necessary services to allow WDAC to use the ISG correctly on the client
-
-In order for the heuristics used by the ISG to function properly, other components in Windows must be enabled. You can configure these components by running the appidtel executable in `c:\windows\system32`.
-
-```console
-appidtel start
-```
-
-This step isn't required for WDAC policies deployed over MDM, as the CSP will enable the necessary components. This step is also not required when the ISG is configured using Configuration Manager's WDAC integration.
-
-## Security considerations with the ISG option
-
-Since the ISG is a heuristic-based mechanism, it doesn't provide the same security guarantees as explicit allow or deny rules. It's best suited where users operate with standard user rights and where a security monitoring solution like Microsoft Defender for Endpoint is used.
-
-Processes running with kernel privileges can circumvent WDAC by setting the ISG extended file attribute to make a binary appear to have known good reputation.
-
-Also, since the ISG option passes along reputation from app installers to the binaries they write to disk, it can over-authorize files in some cases. For example, if the installer launches the app upon completion, any files the app writes during that first run will also be allowed.
-
-## Known limitations with using the ISG
-
-Since the ISG only allows binaries that are "known good", there are cases where the ISG may be unable to predict whether legitimate software is safe to run. If that happens, the software will be blocked by WDAC. In this case, you need to allow the software with a rule in your WDAC policy, deploy a catalog signed by a certificate trusted in the WDAC policy, or install the software from a WDAC managed installer. Installers or applications that dynamically create binaries at runtime, and self-updating applications, may exhibit this symptom.
-
-Packaged apps aren't supported with the ISG and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it's straightforward to [authorize packaged apps](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) with your WDAC policy.
-
-The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
-
-> [!NOTE]
-> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
deleted file mode 100644
index f99639f8fd..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Windows Defender Application Control and .NET
-description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
-ms.localizationpriority: medium
-ms.date: 11/22/2023
-ms.topic: conceptual
----
-
-# Windows Defender Application Control (WDAC) and .NET
-
-.NET apps (as written in a high-level language like C#) are compiled to an Intermediate Language (IL). IL is a compact code format that can be supported on any operating system or architecture. Most .NET apps use APIs that are supported in multiple environments, requiring only the .NET runtime to run. IL needs to be compiled to native code in order to execute on a CPU, for example Arm64 or x64. When .NET compiles IL to native image (NI) on a device with a WDAC user mode policy, it first checks whether the original IL file passes the current WDAC policies. If so, .NET sets an NTFS extended attribute (EA) on the generated NI file so that WDAC knows to trust it as well. When the .NET app runs, WDAC sees the EA on the NI file and allows it.
-
-The EA set on the NI file only applies to the currently active WDAC policies. If one of the active WDAC policies is updated or a new policy is applied, the EA on the NI file is invalidated. The next time the app runs, WDAC will block the NI file. .NET handles the block gracefully and falls back to the original IL code. If the IL still passes the latest WDAC policies, then the app runs without any functional impact. Since the IL is now being compiled at runtime, you might notice a slight impact to performance of the app. When .NET must fall back to IL, .NET will also schedule a process to run at the next maintenance window to regenerate all NI files, thus reestablishing the WDAC EA for all code that passes the latest WDAC policies.
-
-In some cases, if an NI file is blocked, you might see a "false positive" block event in the *CodeIntegrity - Operational* event log as described in [WDAC Admin Tips & Known Issues](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues#net-native-images-may-generate-false-positive-block-events).
-
-To mitigate any performance impact caused when the WDAC EA isn't valid or missing:
-
-- Avoid updating the WDAC policies often.
-- Run `ngen update` (on all machine architectures) to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies.
-- Migrate applications to .NET Core (.NET 6 or greater).
-
-## WDAC and .NET hardening
-
-Security researchers found that some .NET capabilities that allow apps to load libraries from external sources or generate new code at runtime can be used to circumvent WDAC controls.
-To address this potential vulnerability, WDAC includes an option called *Dynamic Code Security* that works with .NET to verify code loaded at runtime.
-
-When the Dynamic Code Security option is enabled, Application Control policy is applied to libraries that .NET loads from external sources. For example, any remote sources, such as the internet or a network share.
-
-> [!IMPORTANT]
-> .Net dynamic code security hardening is *turned on and enforced* if any WDAC policy with UMCI enabled has set option **19 Enabled:Dynamic Code Security**. There is no audit mode for this feature. You should test your apps with this option set before turning it on across large numbers of devices.
-
-Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that was tampered with.
-
-Dynamic Code Security isn't enabled by default because existing policies might not account for externally loaded libraries.
-Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, aren't currently supported with Dynamic Code Security enabled.
-Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy.
-
-Additionally, customers can precompile for deployment only to prevent an allowed executable from being terminated because it tries to load unsigned dynamically generated code. See the "Precompiling for Deployment Only" section in the [ASP.NET Precompilation Overview](/previous-versions/aspnet/bb398860(v=vs.100)) document for how to fix that.
-
-To enable Dynamic Code Security, add the following option to the `<Rules>` section of your WDAC policy:
-
-```xml
-<Rule>
-    <Option>Enabled:Dynamic Code Security</Option>
-</Rule>
-```
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md
deleted file mode 100644
index 84a5e4839a..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-title: Windows Defender Application Control design guide
-description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows devices.
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 02/20/2018
----
-
-# Windows Defender Application Control design guide
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-This guide covers design and planning for Windows Defender Application Control (WDAC). It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization.
-
-## Plan for success
-
-A common refrain you may hear about application control is that it is "too hard." While it's true that application control isn't as simple as flipping a switch, organizations can be successful, if they're methodical when carefully planning their approach. In reality, the issues that lead to failure with application control often arise from business issues rather than technology challenges. Organizations that have successfully deployed application control have ensured the following before starting their planning:
-
--   Executive sponsorship and organizational buy-in is in place.
--   There's a clear **business** objective for using application control, and it's not being planned as a purely technical problem from IT.
--   The organization has a plan to handle potential helpdesk support requests for users who are blocked from running some apps.
--   The organization has considered where application control can be most useful (for example, securing sensitive workloads or business functions) and also where it may be difficult to achieve (for example, developer workstations).
-
-Once these business factors are in place, you're ready to begin planning your Windows Defender Application Control (WDAC) deployment. The following topics can help guide you through your planning process.
-
-## In this section
-
-| Topic | Description |
-| - | - |
-| [Plan for WDAC policy management](plan-wdac-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. |
-| [Understand WDAC policy design decisions](understand-wdac-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. |
-| [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
-| [Policy creation for common WDAC usage scenarios](common-wdac-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. |
-| [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. |
-
-After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/wdac-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md
deleted file mode 100644
index 95692365fc..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Editing Windows Defender Application Control Policies with the Wizard
-description: Editing existing base and supplemental policies with the Microsoft WDAC Wizard.
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 10/14/2020
----
-
-# Editing existing base and supplemental WDAC policies with the Wizard
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-The Windows Defender Application Control Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: 
-<ul>
-    <li><a href="#configuring-policy-rules">Configuring policy rules</a></li>
-    <li><a href="#adding-file-rules">Adding new allow or block file rules to existing policies</a></li>
-    <li><a href="#removing-file-rules">Removing allow or block file rules on existing policies</a></li>
-</ul>
-
-## Configuring Policy Rules
-
-The `Policy Rules` page will load with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button will reveal the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state.  For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules).
-
-![Configuring the policy rules.](../images/wdac-wizard-edit-policy-rules.png)
-
-A description of the policy rule is shown at the bottom of the page when the cursor is placed over the rule title. For a complete list of the policy rules and their capabilities, see the [Windows Defender Application Control policy rules table](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules).
-
-## Adding File Rules
-
-The Windows Defender Application Control Wizard allows users to add rules to their existing policy seamlessly. Previously, this rule-adding task would have involved creating a new policy with the new rules and merging it with the existing policy. 
-
-Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](wdac-wizard-create-base-policy.md#creating-custom-file-rules).
-
-## Removing File Rules
-
-The WDAC Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. 
-
-![Removing file rule from policy during edit.](../images/wdac-wizard-edit-remove-file-rule.png)
-
-**Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. 
-
-```xml
-    <Signer ID="ID_SIGNER_CONTOSO_PUBLISHER" Name="Contoso LOB Publisher CA">
-      <CertRoot Type="TBS" Value="0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" />
-      <CertPublisher Value="Contoso IT Dept App Publisher" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LOB_APP_1" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_LOB_APP_2" />
-```
-
-[comment]: <> (## Editing File Rules Coming soon!)
-
-### Policy Creation
-
-Once the policy is created, the new policy will be written to the same path as the in-edit policy. The new policy file name will have the policy version appended to the end of the file name. For instance, if the in-edit policy is saved at MyDocuments\BasePolicy.xml, after edit, the new policy will be saved at MyDocuments\BasePolicy_v10.0.0.1.xml. 
-
-## Up next
-
-- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md
deleted file mode 100644
index 2db7264ca4..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-title: Windows Defender Application Control Wizard Policy Merging Operation
-description: Merging multiple policies into a single application control policy with the Microsoft WDAC Wizard.
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 10/14/2020
----
-
-# Merging existing policies with the WDAC Wizard
-
-Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports multiple policies. Before version 1903, however, Windows 10 could only have one WDAC policy. So, users were required to merge multiple WDAC policies into one. The WDAC Wizard has a simple to use user interface to allow users to merge multiple WDAC policies. The Wizard can support up to 15 policy files as input during the merge workflow.  
-
-Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table. 
-
-> [!NOTE]
-> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-wdac-policies.md).
-
-Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. 
-
-![Merging WDAC policies into a final WDAC policy.](../images/wdac-wizard-merge.png)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
deleted file mode 100644
index 5fb5ff24d3..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-title: Windows Defender Application Control Wizard WDAC Event Parsing
-description: Creating WDAC policy rules from the WDAC event logs and the MDE Advanced Hunting WDAC events.
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 01/24/2024
----
-
-# Creating WDAC Policy Rules from WDAC Events in the Wizard
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the WDAC Wizard supports creating WDAC policy rules from the following event log types: 
-
-1. [WDAC event log events on the system](#wdac-event-viewer-log-parsing)
-2. [Exported WDAC events (EVTX files) from any system](#wdac-event-log-file-parsing)
-3. [Exported WDAC events from MDE Advanced Hunting](#mde-advanced-hunting-wdac-event-parsing)
-
-## WDAC Event Viewer Log Parsing
-
-To create rules from the WDAC event logs on the system:
-
-1. Select **Policy Editor** from the main page.
-2. Select **Convert Event Log to a WDAC Policy**.
-3. Select the **Parse Event Logs** button under the **Parse Event Logs from the System Event Viewer to Policy** header.
-
-   The Wizard parses the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You see a notification when the Wizard successfully finishes reading the events. 
-
-   > [!div class="mx-imgBorder"]
-   > [![Parse WDAC and AppLocker event log system events](../images/wdac-wizard-event-log-system.png)](../images/wdac-wizard-event-log-system-expanded.png)
-
-4. Select the Next button to view the audit and block events and create rules.
-5. [Generate rules from the events](#creating-policy-rules-from-the-events).
-
-## WDAC Event Log File Parsing
-
-To create rules from the WDAC `.EVTX` event logs files on the system:
-
-1. Select **Policy Editor** from the main page.
-2. Select **Convert Event Log to a WDAC Policy**.
-3. Select the **Parse Log File(s)** button under the **Parse Event Log evtx Files to Policy** header.
-4. Select the WDAC CodeIntegrity Event log EVTX file(s) from the disk to parse.
-
-   The Wizard parses the relevant audit and block events from the selected log files. You see a notification when the Wizard successfully finishes reading the events. 
-
-   > [!div class="mx-imgBorder"]
-   > [![Parse evtx file WDAC events](../images/wdac-wizard-event-log-files.png)](../images/wdac-wizard-event-log-files-expanded.png)
-
-5. Select the Next button to view the audit and block events and create rules.
-6. [Generate rules from the events](#creating-policy-rules-from-the-events).
-
-## MDE Advanced Hunting WDAC Event Parsing
-
-To create rules from the WDAC events in [MDE Advanced Hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md):
-
-1. Navigate to the Advanced Hunting section within the MDE console and query the WDAC events. **The Wizard requires the following fields** in the Advanced Hunting csv file export: 
-
-   ```KQL
-   | project-keep Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName
-   ```
-
-   The following Advanced Hunting query is recommended:
-
-   ```KQL
-   DeviceEvents 
-   // Take only WDAC events
-   | where ActionType startswith 'AppControlCodeIntegrity' 
-   // SigningInfo Fields
-   | extend IssuerName = parsejson(AdditionalFields).IssuerName
-   | extend IssuerTBSHash = parsejson(AdditionalFields).IssuerTBSHash
-   | extend PublisherName = parsejson(AdditionalFields).PublisherName
-   | extend PublisherTBSHash = parsejson(AdditionalFields).PublisherTBSHash
-   // Audit/Block Fields
-   | extend AuthenticodeHash = parsejson(AdditionalFields).AuthenticodeHash
-   | extend PolicyId = parsejson(AdditionalFields).PolicyID
-   | extend PolicyName = parsejson(AdditionalFields).PolicyName
-   // Keep only required fields for the WDAC Wizard
-   | project-keep Timestamp,DeviceId,DeviceName,ActionType,FileName,FolderPath,SHA1,SHA256,IssuerName,IssuerTBSHash,PublisherName,PublisherTBSHash,AuthenticodeHash,PolicyId,PolicyName
-   ```
-
-2. Export the WDAC event results by selecting the **Export** button in the results view.
-
-   > [!div class="mx-imgBorder"]
-   > [![Export the MDE Advanced Hunting results to CSV](../images/wdac-wizard-event-log-mde-ah-export.png)](../images/wdac-wizard-event-log-mde-ah-export-expanded.png)
-
-3. Select **Policy Editor** from the main page.
-4. Select **Convert Event Log to a WDAC Policy**.
-5. Select the **Parse Log File(s)** button under the "Parse MDE Advanced Hunting Events to Policy" header.
-6. Select the WDAC MDE Advanced Hunting export CSV files from the disk to parse.
-
-   The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You see a notification when the Wizard successfully finishes reading the events. 
-
-   > [!div class="mx-imgBorder"]
-   > [![Parse the Advanced Hunting CSV WDAC event files](../images/wdac-wizard-event-log-mde-ah-parsing.png)](../images/wdac-wizard-event-log-mde-ah-parsing-expanded.png)
-
-7. Select the Next button to view the audit and block events and create rules.
-8. [Generate rules from the events](#creating-policy-rules-from-the-events).
-
-## Creating Policy Rules from the Events
-
-On the "Configure Event Log Rules" page, the unique WDAC log events are shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, and the file publisher are all shown in the table. The table can be sorted alphabetically by clicking on any of the headers. 
-
-To create a rule and add it to the WDAC policy: 
-
-1. Select an audit or block event in the table by selecting the row of interest.
-2. Select a rule type from the dropdown. The Wizard supports creating Publisher, Path, File Attribute, Packaged App and Hash rules.
-3. Select the attributes and fields that should be added to the policy rules using the checkboxes provided for the rule type.
-4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label is shown in the selected row confirming that the rule will be generated.
-
-   > [!div class="mx-imgBorder"]
-   > [![Adding a publisher rule to the WDAC policy](../images/wdac-wizard-event-rule-creation.png)](../images/wdac-wizard-event-rule-creation-expanded.png)
-
-5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. 
-
-> [!WARNING]
-> It is not recommended to deploy the event log policy on its own, as it likely lacks rules to authorize Windows and may cause blue screens.
-
-## Up next
-
-- [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md
deleted file mode 100644
index 2f67ee3ad7..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Windows Defender Application Control Wizard
-description: The Windows Defender Application Control policy wizard tool allows you to create, edit, and merge application control policies in a simple to use Windows application.
-ms.localizationpriority: medium
-ms.topic: conceptual
-ms.date: 05/24/2022
----
-
-# Windows Defender Application Control Wizard
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-The Windows Defender Application Control policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge Application Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical.
-
-## Downloading the application
-
-Download the tool from the official [Windows Defender Application Control Policy Wizard website](https://webapp-wdac-wizard.azurewebsites.net/) as an MSIX packaged application. The tool's source code is available as part of Microsoft's Open Source Software offerings on GitHub at the [Windows Defender Application Control (WDAC) Policy Wizard repository](https://github.com/MicrosoftDocs/WDAC-Toolkit).
-
-### Supported clients
-
-As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements:
-
-- Windows 10, version 1909 or later
-- For pre-1909 builds, the Enterprise SKU of Windows is installed
-
-If neither requirement is satisfied, it throws an error as the cmdlets aren't available.
-
-## Resources to learn more
-
-| Article | Description |
-| - | - |
-| [Creating a new base policy](wdac-wizard-create-base-policy.md) | This article describes how to create a new base policy using one of the supplied policy templates. |
-| [Creating a new supplemental policy](wdac-wizard-create-supplemental-policy.md) | This article describes the steps necessary to create a supplemental policy, from one of the supplied templates, for an existing base policy. |
-| [Editing a base or supplemental policy](wdac-wizard-editing-policy.md) | This article demonstrates how to modify an existing policy and the tool's editing capabilities. |
-| [Merging policies](wdac-wizard-merging-policies.md) | This article describes how to merge policies into a single application control policy. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md
deleted file mode 100644
index 264f3589f8..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Windows Defender Application Control feature availability
-description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability.
-ms.localizationpriority: medium
-ms.date: 12/21/2023
-ms.topic: overview
----
-
-# Windows Defender Application Control and AppLocker feature availability
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Review the following table to learn more.
-
-| Capability  | Windows Defender Application Control | AppLocker   |
-|-------------|------|-------------|
-| Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later.  | Available on Windows 8 or later.   |
-| Edition availability     | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul>|
-| Management solutions   | <ul><li>[Intune](deployment/deploy-wdac-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](deployment/deploy-wdac-policies-using-group-policy.md) </li><li>[Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
-| Per-user and Per-user group rules | Not available (policies are device-wide).  | Available on Windows 8+.  |
-| Kernel mode policies  | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
-| [Rule option 11 - Disabled:Script Enforcement](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement)  | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. **Disabled:Script Enforcement** isn't supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and shouldn't be used on those platforms. Doing so results in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. |
-| [Per-app rules](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
-| [Managed Installer (MI)](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
-| [Reputation-Based intelligence](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph)     | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
-| [Multiple policy support](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022.  | Not available.  |
-| [Path-based rules](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default.  | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
-| [COM object allowlisting](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy) | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
-| [Packaged app rules](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Available on Windows 8+. |
-| Enforceable file types | <ul><li>Driver files: .sys</li><li>Executable files: .exe and .com</li><li>DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>| <ul><li>Executable files: .exe and .com</li><li>[Optional] DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .bat, .cmd, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>|
-| [Application ID (AppId) Tagging](/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide) | Available on Windows 10, version 20H1 and later, and Windows 11. | Not available. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md
deleted file mode 100644
index a100e1a2c0..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md
+++ /dev/null
@@ -1,161 +0,0 @@
----
-title: Understanding Application Control event IDs
-description: Learn what different Windows Defender Application Control event IDs signify.
-ms.localizationpriority: medium
-ms.date: 03/24/2023
-ms.topic: reference
----
-
-# Understanding Application Control events
-
-## WDAC Events Overview
-
-WDAC logs events when a policy is loaded, when a file is blocked, or when a file would be blocked if in audit mode. These block events include information that identifies the policy and gives more details about the block. WDAC doesn't generate events when a binary is allowed. However, you can turn on allow audit events for files authorized by a managed installer or the Intelligent Security Graph (ISG) as described later in this article.
-
-### Core WDAC event logs
-
-WDAC events are generated under two locations in the Windows Event Viewer:
-
-- **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational** includes events about Application Control policy activation and the control of executables, dlls, and drivers.
-- **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** includes events about the control of MSI installers, scripts, and COM objects.
-
-Most app and script failures that occur when WDAC is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding Application Control event tags](event-tag-explanations.md).
-
-> [!NOTE]
-> **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** events are not included on Windows Server Core edition.
-
-## WDAC block events for executables, dlls, and drivers
-
-These events are found in the **CodeIntegrity - Operational** event log.
-
-| Event ID | Explanation |
-|--------|-----------|
-| 3004 | This event isn't common and may occur with or without an Application Control policy present. It typically indicates a kernel driver tried to load with an invalid signature. For example, the file may not be WHQL-signed on a system where WHQL is required. <br><br> This event is also seen for kernel- or user-mode code that the developer opted-in to [/INTEGRITYCHECK](/cpp/build/reference/integritycheck-require-signature-check) but isn't signed correctly. |
-| 3033 | This event may occur with or without an Application Control policy present and should occur alongside a 3077 event if caused by WDAC policy. It often means the file's signature is revoked or a signature with the Lifetime Signing EKU has expired. Presence of the Lifetime Signing EKU is the only case where WDAC blocks files due to an expired signature. Try using option `20 Enabled:Revoked Expired As Unsigned` in your policy along with a rule (for example, hash) that doesn't rely on the revoked or expired cert. <br><br> This event also occurs if code compiled with [Code Integrity Guard (CIG)](/microsoft-365/security/defender-endpoint/exploit-protection-reference#code-integrity-guard) tries to load other code that doesn't meet the CIG requirements. |
-| 3034 | This event isn't common. It's the audit mode equivalent of event 3033. |
-| 3076 | This event is the main Application Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. |
-| 3077 | This event is the main Application Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. |
-| 3089 | This event contains signature information for files that were blocked or audit blocked by Application Control. One of these events is created for each signature of a file. Each event shows the total number of signatures found and an index value to identify the current signature. Unsigned files generate a single one of these events with TotalSignatureCount of 0. These events are correlated with 3004, 3033, 3034, 3076 and 3077 events. You can match the events using the `Correlation ActivityID` found in the **System** portion of the event. |
-
-## WDAC block events for packaged apps, MSI installers, scripts, and COM objects
-
-These events are found in the **AppLocker - MSI and Script** event log.
-
-| Event ID | Explanation |
-|--------|-----------|
-| 8028 | This event indicates that a script host, such as PowerShell, queried Application Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the WDAC policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with Application Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. |
-| 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your WDAC policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). |
-| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](../design/allow-com-object-registration-in-wdac-policy.md). |
-| 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the WDAC policy. |
-| 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files generate a single 8038 event with TotalSignatureCount 0. These events are correlated with 8028 and 8029 events and can be matched using the `Correlation ActivityID` found in the **System** portion of the event. |
-| 8039 | This event indicates that a packaged app (MSIX/AppX) was allowed to install or run because the WDAC policy is in audit mode. But, it would have been blocked if the policy was enforced. |
-| 8040 | This event indicates that a packaged app was prevented from installing or running due to the WDAC policy. |
-
-## WDAC policy activation events
-
-These events are found in the **CodeIntegrity - Operational** event log.
-
-| Event ID | Explanation |
-|--------|-----------|
-| 3095 | The Application Control policy can't be refreshed and must be rebooted instead. |
-| 3096 | The Application Control policy wasn't refreshed since it's already up-to-date. This event's Details includes useful information about the policy, such as its policy options. |
-| 3097 | The Application Control policy can't be refreshed. |
-| 3099 | Indicates that a policy has been loaded. This event's Details includes useful information about the Application Control policy, such as its policy options. |
-| 3100 | The application control policy was refreshed but was unsuccessfully activated. Retry. |
-| 3101 | Application Control policy refresh started for *N* policies. |
-| 3102 | Application Control policy refresh finished for *N* policies. |
-| 3103 | The system is ignoring the Application Control policy refresh. For example, an inbox Windows policy that doesn't meet the conditions for activation. |
-| 3105 | The system is attempting to refresh the Application Control policy with the specified ID. |
-
-## Diagnostic events for Intelligent Security Graph (ISG) and Managed Installer (MI)
-
-> [!NOTE]
-> When Managed Installer is enabled, customers using LogAnalytics should be aware that Managed Installer may fire many 3091 events.  Customers may need to filter out these events to avoid high LogAnalytics costs.
-
-The following events provide helpful diagnostic information when a WDAC policy includes the ISG or MI option. These events can help you debug why something was allowed/denied based on managed installer or ISG. Events 3090, 3091, and 3092 don't necessarily indicate a problem but should be reviewed in context with other events like 3076 or 3077.
-
-Unless otherwise noted, these events are found in either the **CodeIntegrity - Operational** event log or the **CodeIntegrity - Verbose** event log depending on your version of Windows.
-
-| Event ID | Explanation |
-|--------|---------|
-| 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. |
-| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the Application Control policy is in audit mode. |
-| 3092 | This event is the enforcement mode equivalent of 3091. |
-| 8002 | This event is found in the **AppLocker - EXE and DLL** event log. When a process launches that matches a managed installer rule, this event is raised with PolicyName = MANAGEDINSTALLER found in the event Details. Events with PolicyName = EXE or DLL aren't related to WDAC. |
-
-Events 3090, 3091, and 3092 are reported per active policy on the system, so you may see multiple events for the same file.
-
-### ISG and MI diagnostic event details
-
-The following information is found in the details for 3090, 3091, and 3092 events.
-
-| Name | Explanation |
-|------|------|
-| ManagedInstallerEnabled | Indicates whether the specified policy enables managed installer trust |
-| PassesManagedInstaller | Indicates whether the file originated from a MI |
-| SmartlockerEnabled | Indicates whether the specified policy enables ISG trust |
-| PassesSmartlocker | Indicates whether the file had positive reputation according to the ISG |
-| AuditEnabled | True if the Application Control policy is in audit mode, otherwise it is in enforce mode |
-| PolicyName | The name of the Application Control policy to which the event applies |
-
-### Enabling ISG and MI diagnostic events
-
-To enable 3090 allow events, create a TestFlags regkey with a value of 0x300 as shown in the following PowerShell command. Then restart your computer.
-
-```powershell
-reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300
-```
-
-Events 3091 and 3092 are inactive on some versions of Windows and are turned on by the preceding command.
-
-## Appendix
-
-A list of other relevant event IDs and their corresponding description.
-
-| Event ID | Description |
-|-------|------|
-| 3001 | An unsigned driver was attempted to load on the system. |
-| 3002 | Code Integrity couldn't verify the boot image as the page hash couldn't be found. |
-| 3004 | Code Integrity couldn't verify the file as the page hash couldn't be found. |
-| 3010 | The catalog containing the signature for the file under validation is invalid. |
-| 3011 | Code Integrity finished loading the signature catalog. |
-| 3012 | Code Integrity started loading the signature catalog. |
-| 3023 | The driver file under validation didn't meet the requirements to pass the application control policy. |
-| 3024 | Windows application control was unable to refresh the boot catalog file. |
-| 3026 | Microsoft or the certificate issuing authority revoked the certificate that signed the catalog. |
-| 3032 | The file under validation is revoked or the file has a signature that is revoked.
-| 3033 | The file under validation didn't meet the requirements to pass the application control policy. |
-| 3034 | The file under validation wouldn't meet the requirements to pass the Application Control policy if it was enforced. The file was allowed since the policy is in audit mode. |
-| 3036 | Microsoft or the certificate issuing authority revoked the certificate that signed the file being validated. |
-| 3064 | If the Application Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the application control policy. The DLL was allowed since the policy is in audit mode. |
-| 3065 | If the Application Control policy was enforced, a user mode DLL under validation wouldn't meet the requirements to pass the application control policy. |
-| 3074 | Page hash failure while hypervisor-protected code integrity was enabled. |
-| 3075 | This event measures the performance of the Application Control policy check during file validation. |
-| 3076 | This event is the main Application Control block event for audit mode policies. It indicates that the file would have been blocked if the policy was enforced. |
-| 3077 | This event is the main Application Control block event for enforced policies. It indicates that the file didn't pass your policy and was blocked. |
-| 3079 | The file under validation didn't meet the requirements to pass the application control policy. |
-| 3080 | If the Application Control policy was in enforced mode, the file under validation wouldn't have met the requirements to pass the application control policy. |
-| 3081 | The file under validation didn't meet the requirements to pass the application control policy. |
-| 3082 | If the Application Control policy was enforced, the policy would have blocked this non-WHQL driver. |
-| 3084 | Code Integrity is enforcing WHQL driver signing requirements on this boot session. |
-| 3085 | Code Integrity isn't enforcing WHQL driver signing requirements on this boot session. |
-| 3086 | The file under validation doesn't meet the signing requirements for an isolated user mode (IUM) process. |
-| 3089 | This event contains signature information for files that were blocked or audit blocked by Application Control. One 3089 event is created for each signature of a file. |
-| 3090 | *Optional* This event indicates that a file was allowed to run based purely on ISG or managed installer. |
-| 3091 | This event indicates that a file didn't have ISG or managed installer authorization and the Application Control policy is in audit mode. |
-| 3092 | This event is the enforcement mode equivalent of 3091. |
-| 3095 | The Application Control policy can't be refreshed and must be rebooted instead. |
-| 3096 | The Application Control policy wasn't refreshed since it's already up-to-date. |
-| 3097 | The Application Control policy can't be refreshed. |
-| 3099 | Indicates that a policy has been loaded. This event also includes information about the options set by the Application Control policy.  |
-| 3100 | The application control policy was refreshed but was unsuccessfully activated. Retry. |
-| 3101 | The system started refreshing the Application Control policy. |
-| 3102 | The system finished refreshing the Application Control policy. |
-| 3103 | The system is ignoring the Application Control policy refresh. |
-| 3104 | The file under validation doesn't meet the signing requirements for a PPL (protected process light) process. |
-| 3105 | The system is attempting to refresh the Application Control policy. |
-| 3108 | Windows mode change event was successful. |
-| 3110 | Windows mode change event was unsuccessful. |
-| 3111 | The file under validation didn't meet the hypervisor-protected code integrity (HVCI) policy. |
-| 3112 | Windows has revoked the certificate that signed the file being validated. |
-| 3114 | Dynamic Code Security opted the .NET app or DLL into Application Control policy validation. The file under validation didn't pass your policy and was blocked. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
deleted file mode 100644
index f33e99121c..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: WDAC Admin Tips & Known Issues
-description: WDAC Known Issues
-ms.manager: jsuther
-ms.date: 04/15/2024
-ms.topic: troubleshooting
-ms.localizationpriority: medium
----
-
-# WDAC Admin Tips & Known Issues
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This article covers tips and tricks for admins and known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production.
-
-## WDAC policy file locations
-
-**Multiple policy format WDAC policies** are found in the following locations depending on whether the policy is signed or not, and the method of policy deployment that was used.
-
-- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
-- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
-
-The *\{PolicyId GUID\}* value is unique by policy and defined in the policy XML with the &lt;PolicyId&gt; element.
-
-For **single policy format WDAC policies**, in addition to the two preceding locations, also look for a file called SiPolicy.p7b in the following locations:
-
-- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\SiPolicy.p7b
-- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\SiPolicy.p7b
-
-> [!NOTE]
-> A multiple policy format WDAC policy using the single policy format GUID `{A244370E-44C9-4C06-B551-F6016E563076}` may exist under any of the policy file locations.
-
-## File Rule Precedence Order
-
-When the WDAC engine evaluates files against the active set of policies on the device, rules are applied in the following order. Once a file encounters a match, WDAC stops further processing.
-
-1. Explicit deny rules - a file is blocked if any explicit deny rule exists for it, even if other rules are created to try to allow it. Deny rules can use any [rule level](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-file-rule-levels). Use the most specific rule level practical when creating deny rules to avoid blocking more than you intend.
-
-2. Explicit allow rules - if any explicit allow rule exists for the file, the file runs.
-
-3. WDAC then checks for the [Managed Installer extended attribute (EA)](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer) or the [Intelligent Security Graph (ISG) EA](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph) on the file. If either EA exists and the policy enables the corresponding option, then the file is allowed.
-
-4. Lastly, WDAC makes a cloud call to the ISG to get reputation about the file, if the policy enables the ISG option.
-
-5. Any file not allowed by an explicit rule or based on ISG or MI is blocked implicitly.
-
-## Known issues
-
-### Boot stop failure (blue screen) occurs if more than 32 policies are active
-
-Until you apply the Windows security update released on or after April 9, 2024, your device is limited to 32 active policies. If the maximum number of policies is exceeded, the device bluescreens referencing ci.dll with a bug check value of 0x0000003b. Consider this maximum policy count limit when planning your WDAC policies. Any [Windows inbox policies](/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies) that are active on the device also count towards this limit. To remove the maximum policy limit, install the Windows security update released on, or after, April 9, 2024 and then restart the device. Otherwise, reduce the number of policies on the device to remain below 32 policies.
-
-**Note:** The policy limit was not removed on Windows 11 21H2, and will remain limited to 32 policies.
-
-### Audit mode policies can change the behavior for some apps or cause app crashes
-
-Although WDAC audit mode is designed to avoid impact to apps, some features are always on/always enforced with any WDAC policy that turns on user mode code integrity (UMCI) with the option **0 Enabled:UMCI**. Here's a list of known system changes in audit mode:
-
-- Some script hosts might block code or run code with fewer privileges even in audit mode. See [Script enforcement with WDAC](/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement) for information about individual script host behaviors.
-- Option **19 Enabled:Dynamic Code Security** is always enforced if any UMCI policy includes that option. See [WDAC and .NET](/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet#wdac-and-net-hardening).
-
-### .NET native images may generate false positive block events
-
-In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
-
-### Signatures using elliptical curve cryptography (ECC) aren't supported
-
-WDAC signer-based rules only work with RSA cryptography. ECC algorithms, such as ECDSA, aren't supported. If WDAC blocks a file based on ECC signatures, the corresponding 3089 signature information events show VerificationError = 23. You can authorize the files instead by hash or file attribute rules, or using other signer rules if the file is also signed with signatures using RSA.
-
-### MSI installers are treated as user writeable on Windows 10 when allowed by FilePath rule
-
-MSI installer files are always detected as user writeable on Windows 10, and on Windows Server 2022 and earlier. If you need to allow MSI files using FilePath rules, you must set option **18 Disabled:Runtime FilePath Rule Protection** in your WDAC policy.
-
-### MSI Installations launched directly from the internet are blocked by WDAC
-
-Installing .msi files directly from the internet to a computer protected by WDAC fails.
-For example, this command fails:
-
-```console
-msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
-```
-
-As a workaround, download the MSI file and run it locally:
-
-```console
-msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
-```
-
-### Slow boot and performance with custom policies
-
-WDAC evaluates all processes that run, including inbox Windows processes. You can cause slower boot times, degraded performance, and possibly boot issues if your policies don't build upon the WDAC templates or don't trust the Windows signers. For these reasons, you should use the [WDAC base templates](../design/example-wdac-base-policies.md) whenever possible to create your policies.
-
-#### AppId Tagging policy considerations
-
-AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
-
-If you can't allowlist the Windows signers or build off the WDAC base templates, add the following rule to your policies to improve the performance:
-
-:::image type="content" source="../images/known-issue-appid-dll-rule.png" alt-text="Allow all dlls in the policy.":::
-
-:::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy.":::
-
-Since AppId Tagging policies evaluate but can't tag dll files, this rule short circuits dll evaluation and improve evaluation performance.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
deleted file mode 100644
index 71c48fb256..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-title: Managing and troubleshooting Windows Defender Application Control policies
-description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
-ms.localizationpriority: medium
-ms.date: 03/30/2023
-ms.topic: how-to
----
-
-# Windows Defender Application Control operational guide
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
-
-You now understand how to design and deploy your Windows Defender Application Control (WDAC) policies. This guide explains how to understand the effects your policies have and how to troubleshoot when they aren't behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
-
-## In this section
-
-| Article | Description |
-| - | - |
-| [Debugging and troubleshooting](/windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting) | This article explains how to debug app and script failures with WDAC. |
-| [Understanding Application Control event IDs](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) | This article explains the meaning of different WDAC event IDs. |
-| [Understanding Application Control event tags](/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations) | This article explains the meaning of different WDAC event tags. |
-| [Query WDAC events with Advanced hunting](/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting) | This article covers how to view WDAC events centrally from all systems that are connected to Microsoft Defender for Endpoint. |
-| [Admin Tips & Known Issues](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues) | This article describes some WDAC Admin Tips & Known Issues. |
-| [Managed installer and ISG technical reference and troubleshooting guide](/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer) | This article provides technical details and debugging steps for managed installer and ISG. |
-| [CITool.exe technical reference](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) | This article explains how to use CITool.exe. |
-| [Inbox WDAC policies](/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies) | This article describes the WDAC policies that ship with Windows and when they're active. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
deleted file mode 100644
index 81042f2926..0000000000
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: WDAC and AppLocker Overview
-description: Compare Windows application control technologies.
-ms.localizationpriority: medium
-ms.date: 01/03/2024
-ms.topic: conceptual
----
-
-# Windows Defender Application Control and AppLocker Overview
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md).
-
-Windows 10 and Windows 11 include two technologies that can be used for application control, depending on your organization's specific scenarios and requirements: Windows Defender Application Control (WDAC) and AppLocker.
-
-## Windows Defender Application Control
-
-WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows clients. It was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria), defined by the Microsoft Security Response Center (MSRC).
-
-WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on:
-
-- Attributes of the codesigning certificate(s) used to sign an app and its binaries
-- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
-- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-wdac-with-intelligent-security-graph.md)
-- The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md))
-- The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
-- The process that launched the app or binary
-
-> [!NOTE]
-> WDAC was originally released as part of Device Guard and called configurable code integrity. Device Guard and configurable code integrity are no longer used except to find where to deploy WDAC policy via Group Policy.
-
-### WDAC System Requirements
-
-WDAC policies can be created and applied on any client edition of Windows 10 or Windows 11, or on Windows Server 2016 and higher. WDAC policies can be deployed via a Mobile Device Management (MDM) solution, for example, Intune; a management interface such as Configuration Manager; or a script host such as PowerShell. Group Policy can also be used to deploy WDAC policies, but is limited to single-policy format policies that work on Windows Server 2016 and 2019.
-
-For more information on which individual WDAC features are available on specific WDAC builds, see [WDAC feature availability](feature-availability.md).
-
-## AppLocker
-
-AppLocker was introduced with Windows 7, and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end-users from running unapproved software on their computers but doesn't meet the servicing criteria for being a security feature.
-
-AppLocker policies can apply to all users on a computer, or to individual users and groups. AppLocker rules can be defined based on:
-
-- Attributes of the codesigning certificate(s) used to sign an app and its binaries.
-- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file.
-- The path from which the app or file is launched.
-
-AppLocker is also used by some features of WDAC, including [managed installer](/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer) and the [Intelligent Security Graph](/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph).
-
-### AppLocker System Requirements
-
-AppLocker policies can only be configured on and applied to devices that are running on the supported versions and editions of the Windows operating system. For more info, see [Requirements to Use AppLocker](applocker/requirements-to-use-applocker.md).
-AppLocker policies can be deployed using Group Policy or MDM.
-
-## Choose when to use WDAC or AppLocker
-
-Generally, customers who are able to implement application control using WDAC, rather than AppLocker, should do so. WDAC is undergoing continual improvements, and is getting added support from Microsoft management platforms. Although AppLocker continues to receive security fixes, it isn't getting new feature improvements.
-
-However, in some cases, AppLocker might be the more appropriate technology for your organization. AppLocker is best when:
-
-- You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
-- You need to apply different policies for different users or groups on shared computers.
-- You don't want to enforce application control on application files such as DLLs or drivers.
-
-AppLocker can also be deployed as a complement to WDAC to add user or group-specific rules for shared device scenarios, where it's important to prevent some users from running specific apps. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.
diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
index b686fb205c..22b8f3245f 100644
--- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -54,7 +54,9 @@ Use the **Virtualization Based Technology** > **Hypervisor Enforced Code Integri
 1. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
 1. Double-click **Turn on Virtualization Based Security**.
 1. Select **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled without UEFI lock**. Only select **Enabled with UEFI lock** if you want to prevent memory integrity from being disabled remotely or by policy update. Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
+
    ![Enable memory integrity using Group Policy.](images/enable-hvci-gp.png)
+
 1. Select **Ok** to close the editor.
 
 To apply the new policy on a domain-joined computer, either restart or run `gpupdate /force` in an elevated Command Prompt.
@@ -73,7 +75,7 @@ Set the following registry keys to enable memory integrity. These keys provide s
 
 Recommended settings (to enable memory integrity without UEFI Lock):
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
@@ -85,55 +87,55 @@ If you want to customize the preceding recommended settings, use the following r
 
 **To enable VBS only (no memory integrity)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS and require Secure boot only (value 1)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS with Secure Boot and DMA protection (value 3)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
 ```
 
 **To enable VBS without UEFI lock (value 0)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
 ```
 
 **To enable VBS with UEFI lock (value 1)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
 **To enable memory integrity**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
 ```
 
 **To enable memory integrity without UEFI lock (value 0)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
 ```
 
 **To enable memory integrity with UEFI lock (value 1)**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
 ```
 
 **To enable VBS (and memory integrity) in mandatory mode**
 
-```console
+```cmd
 reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Mandatory" /t REG_DWORD /d 1 /f
 ```
 
@@ -143,25 +145,25 @@ The **Mandatory** setting prevents the OS loader from continuing to boot in case
 > Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot.
 
 **To gray out the memory integrity UI and display the message "This setting is managed by your administrator"**
-```console
+```cmd
 reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f
 ```
 
 **To let memory integrity UI behave normally (Not grayed out)**
-```console
+```cmd
 reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f
 ```
 
-### Enable memory integrity using Windows Defender Application Control (WDAC)
+### Enable memory integrity using App Control for Business
 
-You can use WDAC policy to turn on memory integrity using any of the following techniques:
+You can use App Control policy to turn on memory integrity using any of the following techniques:
 
-1. Use the [WDAC Wizard](https://aka.ms/wdacwizard) to create or edit your WDAC policy and select the option **Hypervisor-protected Code Integrity** on the **Policy Rules** page of the Wizard.
+1. Use the [App Control Wizard](https://aka.ms/wdacwizard) to create or edit your App Control policy and select the option **Hypervisor-protected Code Integrity** on the **Policy Rules** page of the Wizard.
 2. Use the [Set-HVCIOptions](/powershell/module/configci/set-hvcioptions) PowerShell cmdlet.
-3. Edit your WDAC policy XML and modify the value set for the `<HVCIOptions>` element.
+3. Edit your App Control policy XML and modify the value set for the `<HVCIOptions>` element.
 
 > [!NOTE]
-> If your WDAC policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode.
+> If your App Control policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode.
 
 ### Validate enabled VBS and memory integrity features
 
@@ -269,7 +271,7 @@ Another method to determine the available and enabled VBS features is to run msi
     2. Then, boot to Windows RE on the affected computer, see [Windows RE Technical Reference](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference).
     3. After logging in to Windows RE, set the memory integrity registry key to off:
 
-        ```console
+        ```cmd
         reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
         ```
 
diff --git a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
index 153871eba2..af01702227 100644
--- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
@@ -30,7 +30,7 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM)
 1. Select **Start** > type and then select **Edit group policy**.
 1. Select **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn On Virtualization Based Security** > **Secure Launch Configuration**.
 
-    ![Secure Launch Configuration.](images/secure-launch-group-policy.png)
+   :::image type="content" alt-text="Secure Launch Configuration." source="images/secure-launch-group-policy.png" lightbox="images/secure-launch-group-policy.png":::
 
 ### Windows Security
 
@@ -52,10 +52,10 @@ Select **Start** > **Settings** > **Update & Security** > **Windows Security** >
 
 To verify that Secure Launch is running, use System Information (MSInfo32). Select **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.
 
-![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png)
+:::image type="content" alt-text="Verifying Secure Launch is running in the Windows Security settings." source="images/secure-launch-msinfo.png" lightbox="images/secure-launch-msinfo.png":::
 
 > [!NOTE]
-> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../identity-protection/credential-guard/index.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
+> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md), [Credential Guard](../identity-protection/credential-guard/index.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
 
 > [!NOTE]
 > For more information around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).
diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md
index ae731d1f10..ff2f368320 100644
--- a/windows/security/hardware-security/tpm/tpm-recommendations.md
+++ b/windows/security/hardware-security/tpm/tpm-recommendations.md
@@ -87,7 +87,7 @@ The following table defines which Windows features require TPM support.
 | Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. |
 | BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/index.md#device-encryption) including TPM 2.0 support |
 | Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. |
-| Windows Defender Application Control (Device Guard) | No | Yes | Yes |
+| App Control for Business | No | Yes | Yes |
 | System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required. |
 | Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. Paired with System Guard, TPM 2.0 provides enhanced security for Credential Guard. Windows 11 requires TPM 2.0 by default to facilitate easier enablement of this enhanced security for customers. |
 | Device Health Attestation | Yes | Yes | Yes | TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm, which is being deprecated. |
diff --git a/windows/security/includes/sections/application.md b/windows/security/includes/sections/application.md
index 8b6b510ef4..75e29b9470 100644
--- a/windows/security/includes/sections/application.md
+++ b/windows/security/includes/sections/application.md
@@ -9,8 +9,8 @@ ms.topic: include
 
 | Feature name | Description |
 |:---|:---|
-| **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in Windows Defender Application Control (WDAC) to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. |
-| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.<br><br>Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. |
+| **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in App Control for Business to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. |
+| **[App Control for Business](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.<br><br>Windows 10 and above include App Control for Business and AppLocker. App Control is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to App Control for the stronger protection. |
 | **[AppLocker](/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview)** |  |
 | **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. |
 | **[Microsoft vulnerable driver blocklist](/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.<br><br>Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt-in to enforce the policy from the Windows Security app. |
diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md
index 7a85af0543..905fb63998 100644
--- a/windows/security/includes/sections/security-foundations.md
+++ b/windows/security/includes/sections/security-foundations.md
@@ -25,5 +25,5 @@ ms.topic: include
 | Feature name | Description |
 |:---|:---|
 | **Software Bill of Materials (SBOM)** | SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers. |
-| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | Windows Defender Application Control (WDAC) enables customers to define policies for controlling what is allowed to run on their devices. WDAC policies can be remotely applied to devices using an MDM solution like Microsoft Intune. <br><br>To simplify WDAC enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing WDAC policies and apps. <br><br>Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets.  |
+| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | App Control for Business enables customers to define policies for controlling what is allowed to run on their devices. App Control policies can be remotely applied to devices using an MDM solution like Microsoft Intune. <br><br>To simplify App Control enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing App Control policies and apps. <br><br>Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets.  |
 | **[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system.  |
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 9553388f93..9738ace595 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -101,7 +101,7 @@ landingContent:
     linkLists:
       - linkListType: overview
         links:
-          - text: Windows Defender Application Control (WDAC)
+          - text: App Control for Business
             url: /windows/security/application-security/application-control/windows-defender-application-control/
           - text: User Account Control (UAC)
             url: /windows/security/application-security/application-control/user-account-control
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
index d49761fd5d..808550018a 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
@@ -21,7 +21,7 @@ The following list provides examples of common events that cause a device to ent
 - Docking or undocking a portable computer
 - Changes to the NTFS partition table on the disk
 - Changes to the boot manager
-- PXE booting, unless BitLocker uses the *Network Unlock* feature
+- Using PXE boot
 - Turning off, disabling, deactivating, or clearing the TPM
 - TPM self-test failure
 - Upgrading the motherboard to a new one with a new TPM
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index c652900182..05f61ccf78 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -3,7 +3,7 @@ title: Get support for security baselines
 description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 07/10/2024
+ms.date: 10/01/2024
 ---
 
 # Get Support
@@ -47,6 +47,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
 
 | Name | Build | Baseline release date | Security tools |
 |--|--|--|--|
+| Windows 11 | [24H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-24h2-security-baseline/ba-p/4252801) <br> | October 2024<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 11 | [23H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618) <br> | October 2023<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update) | October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
index a1a1d93059..ced5288d21 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -2,7 +2,7 @@
 title: Microsoft Security Compliance Toolkit Guide
 description: This article describes how to use Security Compliance Toolkit in your organization.
 ms.topic: conceptual
-ms.date: 07/10/2024
+ms.date: 10/01/2024
 ---
 
 # Microsoft Security Compliance Toolkit - How to use
@@ -16,6 +16,7 @@ The SCT enables administrators to effectively manage their enterprise's Group Po
 The Security Compliance Toolkit consists of:
 
 - Windows 11 security baseline
+  - Windows 11, version 24H2
   - Windows 11, version 23H2
   - Windows 11, version 22H2
   - Windows 11, version 21H2
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
index 4729ae6e10..3daf29314e 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@@ -46,11 +46,11 @@ In either of these scenarios, once the rules are added, they must be deleted to
 > [!NOTE]
 > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from non-Microsoft software should be determined by trusted app developers, the user, or the admin on behalf of the user.
 
-### WDAC tagging policies
+### App Control tagging policies
 
-Windows Firewall supports the use of Windows Defender Application Control (WDAC) Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration:
+Windows Firewall supports the use of App Control for Business Application ID (AppID) tags in firewall rules. With this capability, Windows Firewall rules can be scoped to an application or a group of applications by referencing process tags, without using absolute path or sacrificing security. There are two steps for this configuration:
 
-1. Deploy *WDAC AppId tagging policies*: a Windows Defender Application Control policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [WDAC AppId tagging guide](../../../application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications.
+1. Deploy *App Control AppId tagging policies*: an App Control for Business policy must be deployed, which specifies individual applications or groups of applications to apply a *PolicyAppId tag* to the process token(s). Then, the admin can define firewall rules that are scoped to all processes tagged with the matching *PolicyAppId*. For more information, see the [App Control AppId tagging guide](../../../application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md) to create, deploy, and test an AppID policy to tag applications.
 1. Configure firewall rules using *PolicyAppId tags* using one of the two methods:
     - Using the [PolicyAppId node of the Firewall CSP](/windows/client-management/mdm/firewall-csp#mdmstorefirewallrulesfirewallrulenamepolicyappid) with an MDM solution like Microsoft Intune. If you use Microsoft Intune, you can deploy the rules from Microsoft Intune Admin center, under the path **Endpoint security** > **Firewall** > **Create policy** > **Windows 10, Windows 11, and Windows Server** > **Windows Firewall Rules**. When creating the rules, provide the *AppId tag* in the **Policy App ID** setting
     - Create local firewall rules with PowerShell: use the [`New-NetFirewallRule`](/powershell/module/netsecurity/new-netfirewallrule) cmdlet and specify the `-PolicyAppId` parameter. You can specify one tag at a time while creating firewall rules. Multiple User Ids are supported
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 5dd0c7c3f0..68fce9d079 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -19,7 +19,7 @@ See the following articles to learn more about the different areas of Windows th
 - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders)
 - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
 - [Microsoft Defender Application Guard](../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)
-- [Microsoft Defender Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+- [Microsoft Defender Device Guard](../application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md)
 - [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/)
 - [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
 - [Virtualization-Based Protection of Code Integrity](../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 564b83b498..5b5fb3e06e 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -386,7 +386,7 @@ Examples:
     Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL
     ```
 
-- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections.
+- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying App Control for Business policies](../application-security/application-control/app-control-for-business/deployment/appcontrol-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections.
 
 - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example:
 
diff --git a/windows/whats-new/TOC.yml b/windows/whats-new/TOC.yml
index 408873ec0b..f7564e0af6 100644
--- a/windows/whats-new/TOC.yml
+++ b/windows/whats-new/TOC.yml
@@ -13,6 +13,8 @@
       href: windows-11-prepare.md
     - name: Windows 11 enterprise feature control
       href: temporary-enterprise-feature-control.md
+    - name: What's new in Windows 11, version 24H2
+      href: whats-new-windows-11-version-24h2.md      
     - name: What's new in Windows 11, version 23H2
       href: whats-new-windows-11-version-23h2.md
     - name: What's new in Windows 11, version 22H2
@@ -24,11 +26,13 @@
       href: extended-security-updates.md
     - name: What's new in Windows 10, version 22H2
       href: whats-new-windows-10-version-22H2.md
-- name: Windows 10 Enterprise LTSC
+- name: Windows Enterprise LTSC
   expanded: false
   items:
-  - name: Windows 10 Enterprise LTSC overview
+  - name: Windows Enterprise LTSC overview
     href: ltsc/overview.md
+  - name: What's new in Windows 11 Enterprise LTSC 2024
+    href: ltsc/whats-new-windows-11-2024.md      
   - name: What's new in Windows 10 Enterprise LTSC 2021
     href: ltsc/whats-new-windows-10-2021.md
   - name: What's new in Windows 10 Enterprise LTSC 2019
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 00fab61fd6..7c53798b03 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
 description: Resources and details for deprecated features in the Windows client.
-ms.date: 08/12/2024
+ms.date: 08/14/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -38,7 +38,7 @@ Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility iss
 
 ## WordPad
 
-WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal:
+WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal:
 
 - wordpad.exe
 - wordpadfilter.dll
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index e1ee7cbf06..a12c5b5eb4 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 09/11/2024
+ms.date: 10/01/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -57,7 +57,7 @@ The features in this article are no longer being actively developed, and might b
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|
 | Test Base <!--8790681--> | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 |
 | Windows Mixed Reality <!--8412877--> | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in Windows 11, version 24H2. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality), and Steam VR Beta. Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11, version 23H2. After November 2026, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates.</br> </br>This deprecation doesn't affect HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
-| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. </br></br> **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: *Application Guard Extension - Chrome* and *Application Guard Extension - Firefox*. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). <!--8932292-->| December 2023 |
+| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). To learn more about Edge for Business security capabilities, see [Microsoft Edge security for your business](/deployedge/ms-edge-security-for-business). </br></br> **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: *Application Guard Extension - Chrome* and *Application Guard Extension - Firefox*. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). <!--8932292-->| December 2023 |
 | Legacy console mode <!-- 8577271 -->| The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
 | Windows speech recognition <!--8396142-->| [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is  deprecated and is no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 |
 | Microsoft Defender Application Guard for Office <!--8396036-->| [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated and will no longer be updated. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac).  | November 2023 |
@@ -68,7 +68,7 @@ The features in this article are no longer being actively developed, and might b
 | Remote Mailslots <!--8454244-->| Remote Mailslots are deprecated. The Remote Mailslot protocol is a dated, simple, unreliable, insecure IPC method first introduced in MS DOS. This protocol was first disabled by default in [Windows 11 Insider Preview Build ](https://blogs.windows.com/windows-insider/2023/03/08/announcing-windows-11-insider-preview-build-25314/). For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots) and [[MS-MAIL]: Remote Mailslot Protocol](/openspecs/windows_protocols/ms-mail/8ea19aa4-6e5a-4aed-b628-0b5cd75a1ab9).| November 2023 |
 | Timeline for Microsoft Entra accounts <!--8396095--> | Cross-device syncing of Microsoft Entra user activity history will stop starting in January 2024. Microsoft will stop storing this data in the cloud, aligning with [the previous change for Microsoft accounts (MSA)](https://blogs.windows.com/windows-insider/2021/04/14/announcing-windows-10-insider-preview-build-21359) in 2021. The timeline user experience was retired in Windows 11, although it remains in Windows 10. The timeline user experience and all your local activity history still remains on Windows 10 devices. Users can access web history using their browser and access recent files through OneDrive and Office. | October 2023 |
 | VBScript <!--7954828--> | VBScript is deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 |
-| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. </br></br> **[Update - March 2024]**: WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | September 1, 2023 |
+| WordPad <!--8254696-->| WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. </br></br> **[Update - March 2024]**: WordPad will be removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | September 1, 2023 |
 | AllJoyn |  Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity).  | August 17, 2023 |
 | TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023|
 | Cortana in Windows <!--7987543--> | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 |
diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml
index f19e236cd4..9d6a27a7f2 100644
--- a/windows/whats-new/index.yml
+++ b/windows/whats-new/index.yml
@@ -41,6 +41,8 @@ landingContent:
     linkLists:
       - linkListType: whats-new
         links:
+          - text: What's new in Windows 11, version 24H2
+            url: whats-new-windows-11-version-24h2.md        
           - text: What's new in Windows 11, version 23H2
             url: whats-new-windows-11-version-23h2.md
           - text: What's new in Windows 11, version 22H2
@@ -55,12 +57,14 @@ landingContent:
           - text: What's new in Windows 10, version 22H2
             url: whats-new-windows-10-version-22h2.md
 
-  - title: Windows 10 Enterprise LTSC
+  - title: Windows Enterprise LTSC
     linkLists:
       - linkListType: whats-new
         links:
-          - text: Windows 10 Enterprise LTSC overview
+          - text: Windows Enterprise LTSC overview
             url: ltsc/overview.md
+          - text: What's new in Windows 11 Enterprise LTSC 2024
+            url: ltsc/whats-new-windows-11-2024.md                
           - text: What's new in Windows 10 Enterprise LTSC 2021
             url: ltsc/whats-new-windows-10-2021.md
           - text: What's new in Windows 10 Enterprise LTSC 2019
@@ -69,6 +73,7 @@ landingContent:
             url: ltsc/whats-new-windows-10-2016.md
           - text: What's new in Windows 10 Enterprise LTSC 2015
             url: ltsc/whats-new-windows-10-2015.md
+      
 
   - title: Deprecated features
     linkLists:
diff --git a/windows/whats-new/ltsc/overview.md b/windows/whats-new/ltsc/overview.md
index 5fb5127bcf..1ac5c31aeb 100644
--- a/windows/whats-new/ltsc/overview.md
+++ b/windows/whats-new/ltsc/overview.md
@@ -1,6 +1,6 @@
 ---
-title: Windows 10 Enterprise LTSC overview
-description: An overview of the Windows 10 long-term servicing channel (LTSC).
+title: Windows Enterprise LTSC overview
+description: An overview of the Windows long-term servicing channel (LTSC).
 ms.service: windows-client
 author: mestew
 ms.author: mstewart
@@ -8,15 +8,17 @@ manager: aaroncz
 ms.localizationpriority: low
 ms.topic: overview
 ms.subservice: itpro-fundamentals
-ms.date: 07/09/2024
+ms.date: 10/01/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 Enterprise LTSC</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 Enterprise LTSC</a>
 ---
 
-# Windows 10 Enterprise LTSC
+# Windows Enterprise LTSC
 
-This article provides general information about the Windows 10 Enterprise long-term servicing channel (LTSC). For more information about the features in each available version of the Windows 10 LTSC, see the following articles:
+This article provides general information about the Windows Enterprise long-term servicing channel (LTSC). For more information about the features in each available version of the Windows LTSC, see the following articles:
 
+- [What's New in Windows 11 Enterprise LTSC 2024](whats-new-windows-11-2024.md)
 - [What's New in Windows 10 Enterprise LTSC 2021](whats-new-windows-10-2021.md)
 - [What's New in Windows 10 Enterprise LTSC 2019](whats-new-windows-10-2019.md)
 - [What's New in Windows 10 Enterprise LTSC 2016](whats-new-windows-10-2016.md)
@@ -24,10 +26,11 @@ This article provides general information about the Windows 10 Enterprise long-t
 
 ## The long-term servicing channel (LTSC)
 
-The following table summarizes equivalent feature update versions of Windows 10 LTSC and general availability channel (GA channel) releases:
+The following table summarizes equivalent feature update versions of Windows LTSC and general availability channel (GA channel) releases:
 
 | LTSC release | Equivalent GA channel release | Availability date |
 | --- | --- | --- |
+| Windows 11 Enterprise LTSC 2024  | Windows 11, Version 24H2 | 10/01/2024 |
 | Windows 10 Enterprise LTSC 2021  | Windows 10, Version 21H2 | 11/16/2021 |
 | Windows 10 Enterprise LTSC 2019  | Windows 10, Version 1809 | 11/13/2018 |
 | Windows 10 Enterprise LTSC 2016  | Windows 10, Version 1607 | 8/2/2016 |
@@ -36,10 +39,10 @@ The following table summarizes equivalent feature update versions of Windows 10
 > [!NOTE]
 > The long-term servicing channel was previously called the long-term servicing branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
 
-With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page.
+With the LTSC servicing model, you can delay receiving *feature* updates and instead only receive monthly *quality* updates on devices. Features from Windows 10 and 11 that could be updated with new functionality, including Microsoft Edge and in-box Windows apps, are also not included. Feature updates are offered in new LTSC releases every several years instead of every few months. You can choose to install them as in-place upgrades, or even skip releases, what's best for your business requirements. Microsoft is committed to providing bug fixes and security patches for each LTSC release during the extended LTSC servicing lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or search the [product lifecycle information](/lifecycle/products/) page.
 
 > [!IMPORTANT]
-> The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
+> The long-term servicing channel isn't intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows provides a deployment option for special-purpose devices and environments. These devices typically do a single important task and don't need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC doesn't change for the lifetime of the release, over time there might be some external tools that don't continue to provide legacy support. For more information, see [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
 
 For more information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
 
@@ -47,4 +50,4 @@ For more information about Windows 10 servicing, see [Overview of Windows as a s
 
 - [What's new in Windows](../index.yml): See what's new in other versions of Windows.
 
-- [Windows 10 release information](/windows/release-health/release-information): Windows 10 current versions by servicing option.
+- [Windows release information](/windows/release-health/release-information): Current versions of Windows by servicing option.
diff --git a/windows/whats-new/ltsc/whats-new-windows-11-2024.md b/windows/whats-new/ltsc/whats-new-windows-11-2024.md
new file mode 100644
index 0000000000..3fbb4a3529
--- /dev/null
+++ b/windows/whats-new/ltsc/whats-new-windows-11-2024.md
@@ -0,0 +1,174 @@
+---
+title: What's new in Windows 11 Enterprise long-term servicing channel (LTSC) 2024
+manager: aaroncz
+ms.author: mstewart
+description: New and updated IT Pro content about new features in Windows 11 Enterprise long-term servicing channel (LTSC) 2024.
+ms.service: windows-client
+author: mestew
+ms.localizationpriority: high
+ms.topic: reference
+ms.subservice: itpro-fundamentals
+ms.date: 10/01/2024
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/" target="_blank">Windows 11 Enterprise LTSC 2024</a>
+---
+
+# What's new in Windows 11 Enterprise LTSC 2024
+
+This article lists some of the new and updated features and content that is of interest to IT Pros for Windows 11 Enterprise long-term servicing channel (LTSC) 2024, compared to Windows 10 Enterprise LTSC 2021. For a brief description of the LTSC servicing channel and associated support, see [Windows Enterprise LTSC](overview.md). <!--8891336-->
+
+
+Windows 11 Enterprise LTSC 2024 builds on Windows 10 Enterprise LTSC 2021, adding premium features such as advanced protection against modern security threats and comprehensive device management, app management, and control capabilities. 
+
+The Windows 11 Enterprise LTSC 2024 release includes the cumulative enhancements provided in Windows 11 versions 21H2, 22H2, 23H2, and 24H2. Details about these enhancements are provided below.
+
+## Lifecycle
+
+Windows 11 Enterprise LTSC 2024 was first available on October 1, 2024. Features in Windows 11 Enterprise LTSC 2024 are similar to Windows 11, version 24H2.The LTSC release is [intended for special use devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181). Support for LTSC by apps and tools, such as in-box apps and Microsoft Store, that are designed for the general availability channel release of Windows might be limited.
+
+> [!IMPORTANT]
+> Windows 11 Enterprise LTSC 2024 has a 5 year lifecycle. ([IoT Enterprise LTSC](/windows/iot/iot-enterprise/whats-new/windows-iot-enterprise-ltsc) continues to have a [10 year lifecycle](/lifecycle/products/windows-11-iot-enterprise-ltsc-2024)). Windows 11 Enterprise LTSC 2024 follows the [Fixed Lifecycle Policy](/lifecycle/policies/fixed).
+
+<!--For more information about the lifecycle for this release, see [The next Windows 10 long-term servicing channel (LTSC) release](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-next-windows-10-long-term-servicing-channel-ltsc-release/ba-p/2147232). -->
+
+
+
+## Accessibility
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Windows accessibility** </br> [22H2][22H2] | Improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator.</br> For more information, see:</br>&nbsp;&nbsp;• [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/)</br>&nbsp;&nbsp;• [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554)</br>&nbsp;&nbsp;• [Accessibility information for IT professionals](/windows/configuration/windows-10-accessibility-for-itpros). |
+| **Braille displays**  </br> [23H2][23H2] <!--7579823-->        | Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience. We also added support for new braille displays and new braille input and output languages in Narrator. For more information, see [Accessibility information for IT professionals](/windows/configuration/windows-accessibility-for-ITPros). |
+| **Narrator improvements**  </br> [23H2][23H2] <!--kb5019509--> | Scripting functionality was added to Narrator. Narrator includes more natural voices. For more information, see [Complete guide to Narrator](https://support.microsoft.com/topic/e4397a0d-ef4f-b386-d8ae-c172f109bdb1).<!--8138352, 8138357--> |
+| **Bluetooth &#174; LE audio support for assistive devices** </br> [24H2][24H2] | Windows has taken a significant step forward in accessibility by supporting the use of assistive hearing devices equipped with the latest Bluetooth &#174; Low Energy Audio technology. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647). |
+|  **Remote Desktop Connection improvements** </br> [24H2][24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. Remote Desktop Connection supports zoom options of 350, 400, 450, and 500%. |
+
+
+## Applications
+
+
+| Feature </br> [Release]| Description |
+| --- | --- |
+| **Internet Explorer** | Internet Explorer (IE) is no longer available in Windows 11 Enterprise LTSC 2024. However, you can use IE Mode if a website needs Internet Explorer. For more information, see [Internet Explorer (IE) Mode](/deployedge/edge-ie-mode) |
+| **Microsoft Edge** </br> [21H2][21H2] | The Microsoft Edge browser is the default browser. For information about configuring Microsoft Edge on Windows, see [Configure Microsoft Edge policy settings on Windows devices](/deployedge/configure-microsoft-edge). |
+| **File Explorer** </br> [23H2][23H2]/[24H2][24H2] <!--kb5019509--> | **Tabs**: </br> File Explorer includes tabs to help you organize your File Explorer sessions. </br> **Context menu**: </br> Support for creating 7-zip and TAR archives.  </br> **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard </br>Labels were added to the context menu icons for actions like copy, paste, delete, and rename.|
+| **Registry Editor** </br> Search </br> [24H2][24H2] | The Registry Editor supports limiting a search to the currently selected key and its descendants |
+| **Remote Desktop** </br> Connection improvements </br> [24H2][24H2] | The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**, provides zoom options of 350, 400, 450, and 500%, and improves the connection bar design |
+| **Sudo for Windows** </br> [24H2][24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). |
+
+## Developer
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Arm64EC (Emulation Compatible)** | Code built as Arm64EC is interoperable with x64 code running under emulation within the same process. The Arm64EC code in the process runs with native performance, while any x64 code runs using emulation that comes built-in with Windows 11. For more information, see [Arm64EC - Build and port apps for native performance on Arm](/windows/arm/arm64ec)|
+| **Power Grid Forecast** </br> [24H2][24H2] | The [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast) was introduced. App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data varies by region. |
+| **Energy saver notification callback** </br> [24H2][24H2] | Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids) |
+| **Effective Power Mode** </br> [24H2][24H2] | Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode. |
+
+## Management
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Microsoft Intune** </br> [21H2][21H2] | Microsoft Intune is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more. </br></br>  If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects. |
+| **Control Windows Update notifications** </br> [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).|
+| **Organization name in update notifications** </br> [22H2][22H2] |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). |
+| **Start menu layout** </br> [22H2][22H2] | New Configuration Service Providers (CSPs) for customizing the start menu layout. These CSPs allow you to hide the app list and disable context menus. For more information, see [Supported configuration service provider (CSP) policies for Windows 11 Start menu](/windows/configuration/supported-csp-start-menu-layout-windows#existing-windows-csp-policies-that-windows-11-supports). |
+| **Restricted User Experience** </br> [23H2][23H2] <!--6444738--> | Restricted User Experience (formerly Multi-App Kiosk Mode) supports the creation of a controlled user experience while maintaining the familiar look and feel of the Windows 11 desktop. Ideal for shared devices that require access to more than one app, admins can configure a curated experience to limit distractions and potential tampering points while focusing the experience around the device's dedicated purpose. |
+| **Declared configuration protocol** </br> [23H2][23H2] <!--7771694 --> | Declared configuration protocol is a new protocol for device configuration management based on a desired state model and uses OMA-DM SyncML protocol. It allows the server to provide the device with a collection of settings for a specific scenario, and the device to handle the configuration request and maintain its state. For more information, see [What is the declared configuration protocol](/windows/client-management/declared-configuration).|
+| **Control File Explorer Home Recommended section** </br> [23H2][23H2] <!--8092554, DisableGraphRecentItems, WIP.23475, WIP.23403-->|  Configure the Recommended section added to File Explorer Home for users signed into Windows with a Microsoft Entra ID account. For more information, see [DisableGraphRecentItems](/windows/client-management/mdm/policy-csp-fileexplorer#disablegraphrecentitems).</br> To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off files from Office.com in Quick Access View`.|
+| **Taskbar Button Policies**  </br> [23H2][23H2] <!--07525381, 8092554, WIP.25252--> | Policies to customize taskbar buttons were added to provide you with more control over the taskbar search experience across your organization. For more information, see [Supported taskbar CSPs](/windows/configuration/supported-csp-taskbar-windows).|
+| **Control Start Menu Recommended section**  </br> [23H2][23H2] <!--8092554, WIP.23475-->| Configure the Recommended section of the Start Menu, which displays personalized website recommendations. For more information, see [HideRecoPersonalizedSites](/windows/client-management/mdm/policy-csp-start). </br>To configure using Local Group Policy Editor, see `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove Personalized Website Recommendations from the Recommended section in the Start Menu`.|
+| **Sudo for Windows** </br> [24H2][24H2] | Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. For more information, see [Sudo for Windows](/windows/sudo/). |
+
+## Networking
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Wi-Fi 7 consumer access points** </br> [24H2][24H2] | Support for Wi-Fi 7 consumer access points offers unprecedented speed, reliability, and efficiency for wireless devices.  For more information, see the Wi-Fi 7 announcements from [Wi-Fi Alliance](https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7) and the [Windows Insider](https://blogs.windows.com/windows-insider/2024/02/22/announcing-windows-11-insider-preview-build-26063-canary-channel/). |
+| **Windows location improvements** </br> [24H2][24H2] | New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location. You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**. A new prompt appears the first time an app attempts to access your location or Wi-Fi information. Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change. |
+
+## Security
+
+The security and privacy features in Windows 11 are similar to Windows 10. Security for your devices starts with the hardware, and includes OS security, application security, and user & identity security. There are features available in the Windows OS to help in these areas. For a more comprehensive view, including Zero Trust, see [Windows security](/windows/security/).
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Windows Security app** </br> [21H2][21H2] | Windows Security app is an easy-to-use interface, and combines commonly used security features. For example, your get access to virus & threat protection, firewall & network protection, account protection, and more. For more information, see [the Windows Security app](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center). |
+| **Security baselines** </br> [21H2][21H2] | Security baselines include security settings that are already configured, and ready to be deployed to your devices. If you don't know where to start, or it's too time consuming to go through all the settings, then you should look at Security Baselines. For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines). |
+| **Microsoft Defender Antivirus** </br> [21H2][21H2] | Microsoft Defender Antivirus helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint. For more information, see:</br>&nbsp;&nbsp;• [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)</br>&nbsp;&nbsp;• [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)</br>&nbsp;&nbsp;• [Enforce compliance for Microsoft Defender for Endpoint](/mem/intune/protect/advanced-threat-protection) |
+| **Application Security** </br> [21H2][21H2] | The Application Security features help prevent unwanted or malicious code from running, isolate untrusted websites & untrusted Office files, protect against phishing or malware websites, and more. For more information, see  [Windows application security](/windows/security/apps). |
+| **Microsoft Pluton** </br> [22H2][22H2] | Pluton, designed by Microsoft and built by silicon partners,  is a secure crypto-processor built into the CPU. Pluton provides security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is harder to be removed even if an attacker installed malware or has complete physical possession. For more information, see [Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor). |
+| **Enhanced Phishing Protection** </br> [22H2][22H2] | Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft passwords against phishing and unsafe usage. Enhanced Phishing Protection works alongside Windows security protections to help protect sign-in passwords. For more information, see:</br>&nbsp;&nbsp;• [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)</br>&nbsp;&nbsp;• [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog. |
+| **Smart App Control** </br> [22H2][22H2] | Smart App Control adds significant protection from malware, including new and emerging threats, by blocking apps that are malicious or untrusted. Smart App Control helps block unwanted apps that affect performance, display unexpected ads, offer extra software you didn't want, and other things you don't expect. For more information, see [Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control#wdac-and-smart-app-control). |
+| **Credential Guard** </br> [22H2][22H2] | Credential Guard, enabled by default, uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like pass the hash and pass the ticket. For more information, see [Configure Credential Guard](/windows/security/identity-protection/credential-guard/configure).|
+| **Malicious and vulnerable driver blocking** </br> [22H2][22H2] | The vulnerable driver blocklist is automatically enabled on devices when Smart App Control is enabled and for clean installs of Windows. For more information, see [recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules#microsoft-vulnerable-driver-blocklist).|
+| **Security hardening and threat protection** </br> [22H2][22H2] | Enhanced support with Local Security Authority (LSA) to prevent code injection that could compromise credentials. For more information, see [Configuring Additional LSA Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json). |
+| **Personal Data Encryption (PDE)** </br> [22H2][22H2] | [Personal Data Encryption (PDE)](/windows/security/operating-system-security/data-protection/personal-data-encryption/) is a security feature that provides file-based data encryption capabilities to Windows. PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user. |
+| **Passkeys in Windows** </br> [23H2][23H2] <!--8138341--> | Windows provides a native experience for passkey management. You can use the Settings app to view and manage passkeys saved for apps or websites. For more information, see [Support for passkeys in Windows](/windows/security/identity-protection/passkeys). |
+| **Windows passwordless experience** </br> [23H2][23H2] <!--8138336--> | Windows passwordless experience is a security policy that promotes a user experience without passwords on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices. </br>When the policy is enabled, certain Windows authentication scenarios don't offer users the option to use a password, helping organizations and preparing users to gradually move away from passwords. For more information, see [Windows passwordless experience](/windows/security/identity-protection/passwordless-experience/). |
+| **Web sign-in for Windows** </br> [23H2][23H2] <!--8344016--> | You can enable a web-based sign-in experience on [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) joined devices, unlocking new sign-in options, and capabilities. For more information, see [Web sign-in for Windows](/windows/security/identity-protection/web-sign-in). |
+| **Federated sign-in** </br> [23H2][23H2] <!--7593916, 7593946--> | Federated sign-in is a great way to simplify the sign-in process for your users: instead of having to remember a username and password defined in [Microsoft Entra](https://www.microsoft.com/security/business/microsoft-entra?ef_id=_k_910ee369e9a812f6048b86296a6a402c_k_&OCID=AIDcmmdamuj0pc_SEM__k_910ee369e9a812f6048b86296a6a402c_k_&msclkid=910ee369e9a812f6048b86296a6a402c) ID, they can sign-in using their existing credentials from the federated identity provider. For more information, see [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in). |
+| **Windows Hello for Business authentication improvement** </br> [23H2][23H2] <!--7771685--> | Peripheral face and fingerprint sensors can be used for Windows Hello for Business authentication on devices where Enhanced Sign-in Security (Secure Biometrics) enabled at the factory. For more information, see [Common questions about Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-faq). |
+| **App Control for Business** </br> [24H2][24H2]<!--8223790--> | Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol).|
+| **Local Security Authority (LSA) protection enablement** </br> [24H2][24H2]| An audit occurs for incompatibilities with [LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, [LSA protection logs](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load) whether programs are blocked from loading into LSA. |
+| **Rust in the Windows kernel** </br> [24H2][24H2] | There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel. |
+| **SHA-3 support** </br> [24H2][24H2] | Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms is the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library. | 
+| **Windows Local Admin Password Solution (LAPS)** </br> [24H2][24H2] | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Microsoft Entra joined or Windows Server Active Directory-joined devices. Windows LAPS is the successor for the now deprecated legacy Microsoft LAPS product. For more information, see [What is Windows LAPS?](/windows-server/identity/laps/laps-overview)|
+| **Windows&nbsp;LAPS** </br> Automatic account management </br> [24H2][24H2] | [Windows Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. Admins can configure Windows LAPS to:</br>&nbsp;&nbsp;• Automatically create the managed local account</br>&nbsp;&nbsp;• Configure name of account</br>&nbsp;&nbsp;• Enable or disable the account</br>&nbsp;&nbsp;• Randomize the name of the account |
+| **Windows&nbsp;LAPS** </br> Policy improvements </br> [24H2][24H2]| &nbsp;&nbsp;• Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy </br> &nbsp;&nbsp;• Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase </br> &nbsp;&nbsp;• Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the number <kbd>0</kbd> and the letter <kbd>O</kbd> aren't used in the password since the characters can be confused. </br>&nbsp;&nbsp;• Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation. |
+| **Windows&nbsp;LAPS** </br> Image rollback detection </br> [24H2][24H2] | Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). |
+| **Windows protected print mode** </br> [24H2][24H2] | Windows protected print mode (WPP) enables a modern print stack which is designed to work exclusively with [Mopria certified printers](https://mopria.org/certified-products). For more information, see [What is Windows protected print mode (WPP)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645) and [Windows Insider WPP announcement](https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-11-insider-preview-build-26016-canary-channel/). |
+| **SMB signing requirement changes** </br> [24H2][24H2] | [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704). |
+| **SMB client encryption** </br> [24H2][24H2] | SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037). |
+| **SMB signing and encryption auditing** </br> [24H2][24H2] | Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. |
+| **SMB alternative client and server ports** </br> [24H2][24H2] | The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Starting in [Windows Server Insider build 26040](https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858), the SMB server now supports listening on an alternative network port for SMB over QUIC. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509). |
+| **SMB NTLM blocking exception list** </br> [24H2][24H2] |The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS. For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206). |
+| **SMB dialect management** </br> [24H2][24H2] | The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol. For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368).| 
+| **SMB over QUIC client access control** </br> [24H2][24H2] | [SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature. Administrators now have more options for SMB over QUIC such as: </br>&nbsp;&nbsp;• [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience. </br>&nbsp;&nbsp;• [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell </br>&nbsp;&nbsp;• [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC </br></br> For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control). |
+| **SMB firewall rule changes** </br> [24H2][24H2] | The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139. </br></br> This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors. For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic). |
+
+## Servicing
+
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+| **Windows Updates and Delivery optimization** </br> [21H2][21H2] | Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more. For more information, see:</br>&nbsp;&nbsp;• [Delivery Optimization for Windows updates](/windows/deployment/update/waas-delivery-optimization)</br>&nbsp;&nbsp;• [Installation & updates](https://support.microsoft.com/topic/2f9c1819-310d-48a7-ac12-25191269903c#PickTab=Windows_11)</br>&nbsp;&nbsp;• [Manage updates in Windows](https://support.microsoft.com/topic/643e9ea7-3cf6-7da6-a25c-95d4f7f099fe)|
+| **Control Windows Update notifications** </br> [22H2][22H2] | You can now block user notifications for Windows Updates during active hours. This setting is especially useful for organizations that want to prevent Windows Update notifications from occurring during business hours. For more information, see [Control restart notifications](/windows/deployment/update/waas-restart#control-restart-notifications).|
+| **Organization name in update notifications** |The organization name now appears in the Windows Update notifications when Windows clients are associated with a Microsoft Entra ID tenant. For more information, see [Display organization name in Windows Update notifications](/windows/deployment/update/waas-wu-settings#bkmk_display-name). |
+| **Checkpoint cumulative updates** </br> [24H2][24H2] | Windows quality updates are provided as cumulative updates throughout the life cycle of a Windows release. Checkpoint cumulative updates introduce periodic baselines that reduce the size of future cumulative updates making the distribution of monthly quality updates more efficient. For more information, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552). |
+
+## User Experience
+
+| Feature </br> [Release] | Description |
+| --- | --- |
+|  **High Efficiency Video Coding (HEVC) support**  </br> [22H2] | HEVC is designed to take advantage of hardware capabilities on some newer devices to support 4K and Ultra HD content. For devices that don't have hardware support for HEVC videos, software support is provided, but the playback experience might vary based on the video resolution and your devices performance. |
+| **Task Manager**  </br> [22H2][22H2]/[23H2][23H2] | A new command bar was added to each page to give access to common actions. Task Manager matches the system wide theme configured in Windows Settings. Added an efficiency mode that allows you to limit the resource usage of a process. </br> <!--kb5019509--> Process filtering, theme settings, and the ability to opt out of efficiency mode notification were added to Task Manager. |
+| **Taskbar overflow menu**  </br> [23H2][23H2] | The taskbar offers an entry point to a menu that shows all of your overflowed apps in one spot.<!--kb5019509--> |
+| **Taskbar Optimize for touch**  </br> [23H2][23H2] | Taskbar touch optimization is available for devices that can be used as a tablet. Once enabled, the user can switch between a collapsed taskbar, saving screen space, and an expanded taskbar, optimized for touch. The taskbar changes to this optimized version when you disconnect or fold back the keyboard on a 2-in-1 device. To enable or disable this feature on a tablet capable device, go to Settings > Personalization > Taskbar > Taskbar behaviors. See also [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913)  |
+| **Windows Ink as input** </br> [23H2][23H2] | Windows Ink allows users to handwrite directly onto most editable fields <!--8092554, WIP.23481-->|
+| **Uninstall Win32 app** </br> [23H2][23H2] | Selecting Uninstall for a Win32 app from the right-click menu uses the Installed Apps page in Settings rather than Programs and Features in Control Panel.<!--[February 28, 2023 - KB5022913](https://support.microsoft.com/topic/3e38c0d9-924d-4f3f-b0b6-3bd49b2657b9) --> For more information, see [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310)  |
+| **Dev Drive** </br> [23H2][23H2] | Dev Drive is a new form of storage volume available to improve performance for key developer workloads. For more information, see [Set up a Dev Drive on Windows 11](/windows/dev-drive/) and [September 2023 - KB5030310](https://support.microsoft.com/kb/5030310). |
+
+
+## Features Removed
+
+Each version of Windows client adds new features and functionality. Occasionally, [features and functionality are removed](/windows/whats-new/removed-features), often because a newer option was added. For a list of features no longer in active development that might be removed in a future release, see [deprecated features](/windows/whats-new/deprecated-features). The following features are removed in Windows 11 Enterprise LTSC 2024: 
+
+| Feature | Description |
+|---------|-------------|
+| **WordPad** </br> [24H2][24H2]| WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. <!--8254696, 8494641--> |
+| **Alljoyn** </br> [24H2][24H2] | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired.<!--8396030--> |
+
+## Related links
+
+- [Windows Enterprise LTSC overview](overview.md)
+- [Windows 11 requirements](/windows/whats-new/windows-11-requirements)
+- [Plan for Windows 11](/windows/whats-new/windows-11-plan)
+- [Prepare for Windows 11](/windows/whats-new/windows-11-prepare)
+- [Release information](/windows/release-health/windows11-release-information)
+
+
+[21H2]: ..\windows-11-overview.md
+[22H2]: ..\whats-new-windows-11-version-22H2.md
+[23H2]: ..\whats-new-windows-11-version-23h2.md 
+[24H2]: ..\whats-new-windows-11-version-24H2.md
diff --git a/windows/whats-new/removed-features.md b/windows/whats-new/removed-features.md
index d7f6ed956b..7d8297fb4a 100644
--- a/windows/whats-new/removed-features.md
+++ b/windows/whats-new/removed-features.md
@@ -8,7 +8,7 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: reference
 ms.subservice: itpro-fundamentals
-ms.date: 03/11/2024
+ms.date: 08/23/2024
 ms.collection: 
   - highpri
   - tier1
@@ -38,6 +38,8 @@ The following features and functionalities have been removed from the installed
 
 |Feature    |  Details and mitigation  | Support removed |
 | ----------- | --------------------- | ------ |
+| WordPad <!--8254696, 8494641--> |  WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt.  If you're a developer and need information about the affected binaries, see [Resources for deprecated features](deprecated-features-resources.md#wordpad). | October 1, 2024 |
+| Alljoyn <!--8396030-->| Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures. AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | October 1, 2024 |
 | Update Compliance | Update Compliance, a cloud-based service for the Windows client, is retired. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal.<!--7748874--> | March 31, 2023 |
 | Store uploader tool <!--7297297-->| Support has been removed for the store uploader tool. This tool is included in the Windows SDK only. The endpoint for the tool has been removed from service and the files will be removed from the SDK in the next release. | November 2022 |
 | Internet Explorer 11 | The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10. You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). | June 15, 2022 |
diff --git a/windows/whats-new/whats-new-windows-11-version-24h2.md b/windows/whats-new/whats-new-windows-11-version-24h2.md
new file mode 100644
index 0000000000..5c492a24d8
--- /dev/null
+++ b/windows/whats-new/whats-new-windows-11-version-24h2.md
@@ -0,0 +1,246 @@
+---
+title: What's new in Windows 11, version 24H2 for IT pros
+description: Learn more about what's new in Windows 11 version 24H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
+manager: aaroncz
+ms.service: windows-client
+ms.author: mstewart
+author: mestew
+ms.localizationpriority: medium
+ms.topic: reference
+ms.collection:
+  - highpri
+  - tier2
+ms.subservice: itpro-fundamentals
+ms.date: 07/09/2024
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 24H2</a>
+---
+
+# What's new in Windows 11, version 24H2
+<!--8631988-->
+Windows 11, version 24H2 is a feature update for Windows 11. It includes all features and fixes in previous cumulative updates to Windows 11, version 23H2. This article lists the new and updated features IT Pros should know. 
+
+>**Looking for consumer information?** See [Windows 11 2024 update](https://support.microsoft.com/topic/93c5c27c-f96e-43c2-a08e-5812d92f220d#windowsupdate=26100).
+
+Windows 11, version 24H2 follows the [Windows 11 servicing timeline](/lifecycle/faq/windows#windows-11):
+
+- **Windows 11 Pro**: Serviced for 24 months from the release date.
+- **Windows 11 Enterprise**: Serviced for 36 months from the release date.
+
+<!--<isEnablementPackage> Devices updating from Windows 11, version 23H2 use an enablement package. Most the files for the 24H2 update already exist on Windows 11, version 23H2 devices that have a recent monthly security update installed. Many of the new features are already enabled on Windows 11, version 23H2 clients. However, some features are just in an inactive and dormant state because they are under [temporary enterprise feature control](temporary-enterprise-feature-control.md). These new features remain dormant until they're turned on through the enablement package, a small, quick-to-install switch that activates all of the Windows 11, version 24H2 features. -->
+
+Devices must be running Windows 11, version 23H2 or 22H2 with the May 2024 nonsecurity preview update, or a later update, installed in order to update to version 24H2. Windows 11, version 24H2 is a full OS swap so it isn't available as an enablement package. Windows 10 devices can be upgraded to to Windows 11, version 24H2 using the same familiar processes, policies, and management solutions you used to originally deploy Windows 10.
+
+Windows 11, version 24H2 is available through Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Volume Licensing Service Center (VLSC). For more information, see [How to get the Windows 11, version 24H2 update](https://aka.ms/how-to-get-24H2). Review the [Windows 11, version 24H2 Windows IT Pro blog post](https://aka.ms/new-in-24H2) to discover information about available deployment resources such as the [Windows Assessment  and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install).
+
+
+To learn more about the status of the update rollout, known issues, and new information, see [Windows release health](/windows/release-health/).
+
+## Features no longer under temporary enterprise control
+
+[Temporary enterprise feature control](temporary-enterprise-feature-control.md) temporarily turns off certain features that were introduced during monthly cumulative updates for managed Windows 11 devices. For the purposes of temporary enterprise control, a system is considered managed if it's configured to get updates from Windows Update for Business or [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). Clients that get updates from Microsoft Configuration Manager and Microsoft Intune are considered managed since their updates ultimately come from WSUS or Windows Updates for Business.
+
+There aren't any features under temporary enterprise control between Windows 11, version 23H2 and Windows 11, version 24H2. For a list of features that were under temporary enterprise control between Windows 11, version 22H2 and Windows 11, version 23H2, see, [Windows 11 features behind temporary enterprise feature control](temporary-enterprise-feature-control.md).
+<!--
+| Feature | KB article where the feature was introduced | 
+|---|---|
+| PLACEHOLDER | [February 28, 2023 - KB5022913](https://support.microsoft.com/kb/5022913)  | 
+-->
+
+
+## Checkpoint cumulative updates
+<!--8769182--> 
+Microsoft is introducing checkpoint cumulative updates, a new servicing model that enables devices running Windows 11, version 24H2 or later to save time, bandwidth and hard drive space when getting features and security enhancements via the latest cumulative update. Previously, the cumulative updates contained all changes to the binaries since the last release to manufacturing (RTM) version. The size of the cumulative updates could grow large over time since RTM was used as the baseline for each update.
+
+With checkpoint cumulative updates, the update file level differentials are based on a previous cumulative update instead of the RTM release. Cumulative updates that serve as a checkpoint will be released periodically. Using a checkpoint rather than RTM means the subsequent update packages are smaller, which makes downloads and installations faster. Using a checkpoint also means that in order for a device to install the latest cumulative update, the installation of a prerequisite cumulative update might be required. For more information about checkpoint cumulative updates, see [https://aka.ms/CheckpointCumulativeUpdates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552).
+
+## Features exclusive to Copilot+ PCs in 24H2
+
+Copilot+ PCs are a new class of Windows 11 AI PCs that are powered by a neural processing unit (NPU) that can perform more than 40 trillion operations per second (TOPS). The following features are exclusive to [Copilot+ PCs](https://www.microsoft.com/windows/copilot-plus-pcs) in Windows 11, version 24H2: 
+
+- Live Captions allow you to translate audio and video content into English subtitles from 44 languages. For more information, see [Use live captions to better understand audio](https://support.microsoft.com/topic/b52da59c-14b8-4031-aeeb-f6a47e6055df).
+- Windows Studio Effects is the collective name of AI-powered video call and audio effects that are available on Copilot+ PCs and select Windows 11 devices with compatible NPUs. Windows Studio Effects automatically improves lighting and cancels noises during video calls. For more information, see [Windows Studio Effects](https://support.microsoft.com/topic/273c1fa8-2b3f-41b1-a587-7cc7a24b62d8).
+- Cocreator in Paint allows you to create amazing artwork with the help of AI. Enter a text prompt, start drawing in Paint, and Cocreator generates artwork based on what you're drawing. For more information, see [Cocreator in Paint](https://support.microsoft.com/topic/53857513-e36c-472d-8d4a-adbcd14b2e54)
+- Auto Super Resolution (Auto SR) is the first AI-powered super resolution solution built into an operating system, making games automatically play smoother with higher resolution details. For more information, see [Automatic Super Resolution](https://support.microsoft.com/topic/5d6d95fa-cc02-4673-b62c-2c50f06385aa).
+- Image Creator and Restyle Image in the Microsoft Photos app lets you reimagine your photos or create new images with the assistance of AI. For more information, see [Microsoft Photos Restyle Image and Image Creator](https://support.microsoft.com/topic/6c352e99-d954-49c9-84cd-b7cacd018868).
+
+## Features added to Windows 11 since version 23H2
+
+New features and enhancements were introduced to Windows 11, version 23H2 periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an optional nonsecurity preview release and gradually rolled out to clients. These new features are released later as part of a monthly security update release. For more information about continuous innovation, see [Update release cycle for Windows clients](/windows/deployment/update/release-cycle#continuous-innovation-for-windows-11).
+
+Some of the features were released within the past year's continuous innovation updates and carry forward into the 24H2 annual feature update include:
+
+### Server Message Block (SMB) protocol changes
+
+#### SMB signing and encryption
+
+The following changes were made for SMB signing and encryption:
+
+- **SMB signing requirement changes**: In Windows 11, version 24H2 on the Home, Pro, Education, and Enterprise editions, [SMB signing is now required](/windows-server/storage/file-server/smb-signing) by default for all connections. SMB signing ensures every message contains a signature generated using session key and cipher suite. The client puts a hash of the entire message into the signature field of the SMB header. If anyone changes the message itself later on the wire, the hash won't match and SMB knows that someone tampered with the data. It also confirms to sender and receiver that they are who they say they are, breaking relay attacks. For more information about SMB signing being required by default, see [https://aka.ms/SMBSigningOBD](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-signing-required-by-default-in-windows-insider/ba-p/3831704).
+
+- **SMB client encryption**: SMB now supports [requiring encryption](/windows-server/storage/file-server/configure-smb-client-require-encryption) on all outbound SMB client connections. Encryption of all outbound SMB client connections enforces the highest level of network security and brings management parity to SMB signing, which allows both client and server requirements. With this new option, administrators can mandate that all destination servers use SMB 3 and encryption, and if missing those capabilities, the client won't connect. For more information about this change, see [https://aka.ms/SmbClientEncrypt](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-client-encryption-mandate-now-supported-in-windows-insider/ba-p/3964037).
+
+- **SMB signing and encryption auditing**: Administrators can now [enable auditing](/windows-server/storage/file-server/smb-signing-overview#smb-signing-and-encryption-auditing) of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn't support SMB encryption or signing. The SMB signing and encryption auditing settings can be modified in Group Policy or through PowerShell. 
+
+#### SMB alternative client and server ports
+
+The SMB client now supports connecting to an SMB server over TCP, QUIC, or RDMA using [alternative network ports](/windows-server/storage/file-server/smb-ports) to the hardcoded defaults. However, you can only connect to alternative ports if the SMB server is configured to support listening on that port. Starting in [Windows Server Insider build 26040](https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858), the SMB server now supports listening on an alternative network port for SMB over QUIC. Windows Server doesn't support configuring alternative SMB server TCP ports, but some third parties do. For more information about this change, see [https://aka.ms/SMBAlternativePorts](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-alternative-ports-now-supported-in-windows-insider/ba-p/3974509).
+
+
+#### SMB NTLM blocking exception list
+
+The SMB client now supports [blocking NTLM](/windows-server/storage/file-server/smb-ntlm-blocking) for remote outbound connections. With this new option, administrators can intentionally block Windows from offering NTLM via SMB and specify exceptions for NTLM usage. An attacker who tricks a user or application into sending NTLM challenge responses to a malicious server will no longer receive any NTLM data and can't brute force, crack, or pass hashes. This change adds a new level of protection for enterprises without a requirement to entirely disable NTLM usage in the OS.
+
+For more information about this change, see [https://aka.ms/SmbNtlmBlock](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206).
+
+#### SMB dialect management
+
+The SMB server now supports controlling which [SMB 2 and 3 dialects](/windows-server/storage/file-server/manage-smb-dialects) it negotiates. With this new option, an administrator can remove specific SMB protocols from use in the organization, blocking older, less secure, and less capable Windows devices and third parties from connecting. For example, admins can specify to only use SMB 3.1.1, the most secure dialect of the protocol.
+
+For more information about this change, see [https://aka.ms/SmbDialectManage](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368).
+
+
+#### SMB over QUIC
+
+[SMB over QUIC](/windows-server/storage/file-server/smb-over-quic), which introduced an alternative to TCP and RDMA, supplies secure connectivity to edge file servers over untrusted networks like the Internet. QUIC has significant advantages, the largest being mandatory certificate-based encryption instead of relying on passwords. SMB over QUIC [client access control](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control) improves the existing SMB over QUIC feature.
+
+Administrators now have more options for SMB over QUIC such as: 
+
+- [Specifying which clients](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#grant-individual-clients) can access SMB over QUIC servers. This gives organizations more protection but doesn't change the Windows authentication used to make the SMB connection or the end user experience.
+- [Disabling SMB over QUIC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control#disable-smb-over-quic) for client with Group Policy and PowerShell
+- [Auditing client connection events](/windows-server/storage/file-server/smb-over-quic#smb-over-quic-client-auditing) for SMB over QUIC
+
+For more information about these changes, see [https://aka.ms/SmbOverQUICCAC](/windows-server/storage/file-server/configure-smb-over-quic-client-access-control).
+
+#### SMB firewall rule changes
+
+The Windows Firewall [default behavior has changed](/windows-server/storage/file-server/smb-secure-traffic#updated-firewall-rules-preview). Previously, creating an SMB share automatically configured the firewall to enable the rules in the **File and Printer Sharing** group for the given firewall profiles. Now, Windows automatically configures the new **File and Printer Sharing (Restrictive)** group, which no longer contains inbound NetBIOS ports 137-139.
+
+This change enforces a higher degree of default of network security and brings SMB firewall rules closer to the Windows Server **File Server** role behavior, which only opens the minimum ports needed to connect and manage sharing. Administrators can still configure the **File and Printer Sharing** group if necessary as well as modify this new firewall group, these are just default behaviors.
+
+For more information about this change, see [https://aka.ms/SMBfirewall](https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-firewall-rule-changes-in-windows-insider/ba-p/3974496). For more information about SMB network security, see [Secure SMB Traffic in Windows Server](/windows-server/storage/file-server/smb-secure-traffic).
+
+### Local Security Authority (LSA) protection enablement on upgrade
+
+[LSA protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) helps protect against theft of secrets and credentials used for logon by preventing unauthorized code from running in the LSA process and by preventing dumping of process memory. An audit occurs for incompatibilities with LSA protection for a period of time, starting with this upgrade. If incompatibilities aren't detected, LSA protection is automatically enabled. You can check and change the enablement state of LSA protection in the Windows Security application under the **Device Security** > **Core Isolation** page. In the event log, LSA protection records whether programs are blocked from loading into LSA. If you would like to check if something was blocked, review the [logging](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection#identify-plug-ins-and-drivers-that-lsassexe-fails-to-load).
+
+ 
+### Remote Mailslot protocol disabled by default
+
+[Remote Mailslot protocol](/openspecs/windows_protocols/ms-mail/47ac910f-1dec-4791-8486-9b3e8fd542da) was [deprecated](deprecated-features.md#deprecated-features) in November 2023 and is now disabled by default starting in Windows 11, version 24H2. For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots).
+
+### Local Administrator Password Solution (LAPS) improvements
+
+[LAPS](/windows-server/identity/laps/laps-overview) has a new automatic account management feature. IT admins can configure Windows LAPS to:
+- Automatically create the managed local account
+- Configure name of account
+- Enable or disable the account
+- Randomize the name of the account
+
+LAPS has the following policy improvements:
+
+- Added passphrase settings for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy
+   - Use [PassphraseLength](/windows/client-management/mdm/laps-csp#policiespassphraselength) to control the number of words in a new passphrase
+- Added an improved readability setting for the [PasswordComplexity](/windows/client-management/mdm/laps-csp#policiespasswordcomplexity) policy, which generates passwords without using characters that are easily confused with another character. For example, the zero and the letter O aren't used in the password since the characters can be confused.
+- Added the `Reset the password, logoff the managed account, and terminate any remaining processes` setting to the [PostAuthenticationActions](/windows/client-management/mdm/laps-csp#policiespostauthenticationactions) policy. The event logging messages that are emitted during post-authentication-action execution were also expanded, to give insights into exactly what was done during the operation.
+
+Image rollback detection was introduced for LAPS. LAPS can detect when a device was rolled back to a previous image. When a device is rolled back, the password in Active Directory might not match the password on the device that was rolled back. This new feature adds an Active Directory attribute, `msLAPS-CurrentPasswordVersion`, to the [Windows LAPS schema](/windows-server/identity/laps/laps-technical-reference#mslaps-currentpasswordversion). This attribute contains a random GUID that Windows LAPS writes every time a new password is persisted in Active Directory, followed by saving a local copy. During every processing cycle, the GUID stored in `msLAPS-CurrentPasswordVersion` is queried and compared to the locally persisted copy. If the GUIDs are different, the password is immediately rotated. To enable this feature, you need to run the latest version of the [Update-LapsADSchema PowerShell cmdlet](/powershell/module/laps/update-lapsadschema). 
+
+### Rust in the Windows kernel
+
+There's a new implementation of [GDI region](/windows/win32/gdi/regions) in `win32kbase_rs.sys`. Since Rust offers advantages in reliability and security over traditional programs written in C/C++, you'll continue to see more use of it in the kernel.
+
+### Personal Data Encryption (PDE) for folders
+
+PDE for folders is a security feature where the contents of the known Windows folders (Documents, Desktop and Pictures) are protected using a user authenticated encryption mechanism. Windows Hello is the user authentication used to provide the keys for encrypting user data in the folders. PDE for folders can be [enabled from a policy in Intune](/mem/intune/protect/endpoint-security-disk-encryption-policy). IT admins can select all of the folders, or a subset, then apply the policy to a group of users in their organization.
+PDE for Folders settings is available on Intune under **Endpoint Security** > **Disk encryption**.
+
+For more information about PDE, see [PDE overview](/windows/security/operating-system-security/data-protection/personal-data-encryption)
+
+
+### Windows protected print mode
+
+Windows protected print mode enables devices to print using only the Windows modern print stack, which is designed for [Morpia certified printers](https://mopria.org/certified-products). With Morpia certified printers, there's no longer a need to rely on third-party software installers. To enable Windows protected print mode:
+- Go to **Settings** > **Bluetooth & Devices** > **Printers & scanners**, then choose **Setup** under **Windows protected print mode**
+- Enable the **Configure Windows protected print** policy in Group Policy under **Computer Configuration** > **Administrative Templates** > **Printers**
+
+### SHA-3 support
+
+Support for the SHA-3 family of hash functions and SHA-3 derived functions (SHAKE, cSHAKE, KMAC) was added. The SHA-3 family of algorithms are the latest standardized hash functions by the National Institute of Standards and Technology (NIST). Support for these functions is enabled through the Windows [CNG](/windows/win32/seccng/cng-portal) library.
+
+- **Supported SHA-3 hash functions**: SHA3-256, SHA3-384, SHA3-512 (SHA3-224 isn't supported)
+
+- **Supported SHA-3 HMAC algorithms**: HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512
+
+- **Supported SHA-3 derived algorithms**: extendable-output functions (XOF) (SHAKE128, SHAKE256), customizable XOFs (cSHAKE128, cSHAKE256), and KMAC (KMAC128, KMAC256, KMACXOF128, KMACXOF256).
+
+### App Control for Business
+<!--8223790-->
+Customers can now use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital property from malicious code. With App Control for Business, IT teams can configure what runs in a business environment through Microsoft Intune or other MDMs in the admin console, including setting up Intune as a managed installer. For more information, see [Application Control for Windows](/windows/security/application-security/application-control/app-control-for-business/appcontrol).
+
+### Wi-Fi 7 support
+<!--8850300-->
+Support  for Wi-Fi 7 was added for consumer access points. Wi-Fi 7, also known as IEEE 802.11be Extremely High Throughput (EHT) is the latest Wi-Fi technology that offers unprecedented speed, reliability, and efficiency for your wireless devices. For more information about Wi-Fi 7, see the [Wi-Fi Alliance announcement](https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-7).
+
+### Bluetooth &#174; LE audio support for assistive devices
+
+Customers who use these assistive hearing devices are now able to directly pair, stream audio, take calls, and control audio presets when they use an LE Audio-compatible PC. Users who have Bluetooth LE Audio capable assistive hearing devices can determine if their PC is LE Audio-compatible, set up, and manage their devices via **Settings** > **Accessibility** > **Hearing devices**. For more information, see [Using hearing devices with your Windows 11 PC](https://support.microsoft.com/topic/fcb566e7-13c3-491a-ad5b-8219b098d647).  
+
+### Windows location improvements
+
+New controls were added to help manage which apps have access to the list of Wi-Fi networks around you, which could be used to determine your location.
+- You can view and modify which apps can access the list of Wi-Fi networks from **Settings** > **Privacy & security** > **Location**.
+- A new prompt appears the first time an app attempts to access your location or Wi-Fi information.
+   - The prompt also notifies when an app unexpectedly requests access to location services so that you can deny it.
+   - If you grant permission, apps that use location or Wi-Fi information now appear in **Recent activity** on the **Location** settings page, and the location icon is displayed in the taskbar while the app is in-use.
+   - To hide these prompts when location has been turned off, turn off **Notify when apps request location** on the **Location** settings page.
+- Developers can use the [Changes to API behavior for Wi-Fi access and location](/windows/win32/nativewifi/wi-fi-access-location-changes) article to learn about API surfaces impacted by this change.
+
+### Sudo for Windows
+
+Sudo for Windows is a new way for users to run elevated commands (as an administrator) directly from an unelevated console session. The sudo command can be configured to run in three different modes:
+
+- **In a new window**: The elevated command runs in a new window. This mode is similar to the behavior of the `runas /user:admin` command.
+- **With input disabled**: Runs the elevated process in the current window, but with the input handle closed. This means that the elevated process won't be able to receive input from the current console window.
+- **Inline**: Runs the elevated process in the current window and the process is able to receive input from the current console session. This mode is most similar to the sudo experience on other platforms.
+
+It's recommended that you review the security considerations for each mode here before [enabling the sudo command](/windows/sudo/#how-to-enable-sudo-for-windows) on your machine. For more information, see [Sudo for Windows](/windows/sudo/).
+
+### Enable optional updates
+<!--7991583-->
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy. For more information about optional content, see [Enable optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates).
+
+### Remote Desktop Connection improvements
+
+Remote Desktop Connection has the following improvements:
+- The Remote Desktop Connection setup window (mstsc.exe) follows the text scaling settings under **Settings** > **Accessibility** > **Text size**. 
+- Remote Desktop Connection supports zoom options of 350, 400, 450, and 500%
+- Improvements to the connection bar design
+
+
+### Additional features
+<!--notable UX items for IT pros from other updates-->
+
+- **File Explorer**: The following changes were made to File Explorer context menu:
+  - Support for creating 7-zip and TAR archives
+  - **Compress to** > **Additional options** allows you to compress individual files with gzip, BZip2, xz, or Zstandard 
+  - Labels were added to the context menu icons for actions like copy, paste, delete, and rename
+- **OOBE improvement**: when you need to connect to a network and there's no Wi-Fi drivers, you're given an *Install drivers* option to install drivers that are already downloaded
+- **Registry Editor**: The Registry Editor supports limiting a search to the currently selected key and its descendants
+- **Task Manager**: The Task Manager settings page has [Mica material](/windows/apps/design/style/mica) and a redesigned icon 
+
+
+### Developer APIs
+
+The following developer APIs were added or updated:
+
+- Introduced the [Power Grid Forecast API](/uwp/api/windows.devices.power.powergridforecast). App developers can minimize environmental impact by shifting background workloads to times when renewable energy is available to the local grid. Forecast data isn't available globally and quality of data may vary by region.
+- Added an energy saver notification callback setting GUID to represent the new energy saver experience. Apps can subscribe to the energy saver status by passing the appropriate GUID to the PowerSettingRegisterNotification API and can implement different behaviors to optimize energy or performance depending on the current energy saver status. For more information, see [Power Setting GUIDs](/windows/win32/power/power-setting-guids)
+- Extended the [Effective Power Mode API](/windows/win32/api/powersetting/ne-powersetting-effective_power_mode) to interpret the new energy saver levels when determining the returned effective power mode.
+
+## Features removed in Windows 11, version 24H2
+
+The following [deprecated features](deprecated-features.md) are [removed](removed-features.md) in Windows 11, version 24H2:
+
+- **WordPad**: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. <!--8254696, 8494641-->
+- **Alljoyn**: Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) is retired.<!--8396030-->