From eadad34b16f30d1a888db1a8b073a4e6c46f8cce Mon Sep 17 00:00:00 2001
From: valemieux <98555474+valemieux@users.noreply.github.com>
Date: Mon, 12 Sep 2022 22:14:44 -0700
Subject: [PATCH] Update citool-commands.md

---
 .../citool-commands.md                        | 97 +++----------------
 1 file changed, 12 insertions(+), 85 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
index 86d7700fd0..94c0be2807 100644
--- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
+++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
@@ -10,9 +10,10 @@ ms.date: 08/07/2022
 ms.custom: template-how-to
 ---
 
-# Manage WDAC Policies with CI Tool
+# Manage Windows Defender Application Control (WDAC) Policies with CI Tool
 
-Generates Policy Commands, Token Commands, and Miscellaneous Commands for user mode code and drivers.
+CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens.
+This article will describe how to use CI Tool to update and manage policies.  CI Tool is now included in box as part of Windows and can be interacted with in the command line.
 
 ## Policy Commands
 
@@ -46,101 +47,27 @@ Generates Policy Commands, Token Commands, and Miscellaneous Commands for user m
 1. Deploy a WDAC policy onto the system
 
 ```powershell
-PS C:\windows\system32> .\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip -up
-
-C:\Windows\System32>.\CITool.exe -update-policy \windows\system32\BF61FE40-8929-4FDF-9EC2-F7A767717F0B.cip
-Usage: CiTool COMMAND [Command-Options] [-json]
-Commands:
------------------------------ Policy Commands ---------------------------------
-  --update-policy /Path/To/Policy/File
-      Add or update a policy on the current system
-      aliases: -up
-  --remove-policy PolicyGUID
-      Remove a policy indicated by PolicyGUID from the system
-      aliases: -rp
-  --list-policies
-      Dump information about all policies on the system, whether they be active or not
-      aliases: -lp
------------------------------ Token Commands ---------------------------------
-  --add-token Path/To/Token/File [--token-id ID]
-      Deploy a token onto the current system, with an optional specific ID
-          If [ID] is specified, a pre-existing token with [ID] should not exist.
-      aliases:-at
-  --remove-token ID
-      Remove a Token indicated by ID from the system.
-      aliases: -rt
-  --list-tokens
-      Dump information about all tokens on the system
-      aliases: -lt
------------------------------ Misc Commands ---------------------------------
-  --device-id
-      Dump the Code Integrity Device Id
-      aliases: -id
-  --refresh
-      Attempt to Refresh CI Policies
-      aliases: -r
-  --help
-      Display this message
-      aliases: -h
------------------------------ Global Flags---------------------------------
-  -json
-     Format output as json and suppress input
+PS C:\Users\[USER] CITool --update-policy "\Windows\Temp\{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}.cip"
+Operation Successful
+Press Enter to Continue 
 ```
 
-2. Refresh the WDAC policies in the \Windows\System32\CodeIntegrity\CiPolicies\Active folder
+2. Refresh the WDAC policies
 ```powershell
-PS C:\Users\[USER] cd \Windows\system32\CodeIntegrity\CiPolicies\Active
-PS C:\Windows\System32\CodeIntegrity\CiPolicies\Active>.\CITool --refresh
+PS C:\Users\[USER] CITool --refresh
 Operation Successful
 ```
 
 3. Remove a specific WDAC policy by its policy ID
 ```powershell
-PS C:\Users\[USER] cd \windows\system32
-PS C:\Windows\System32>.\CITool.exe --remove-policy {BF61FE40-8929-4FDF-9EC2-F7A767717F0B}
-Usage: CiTool.exe COMMAND [Command-Options] [-json]
-Commands:
------------------------------ Policy Commands ---------------------------------
-  --update-policy /Path/To/Policy/File
-      Add or update a policy on the current system
-      aliases: -up
-  --remove-policy PolicyGUID
-      Remove a policy indicated by PolicyGUID from the system
-      aliases: -rp
-  --list-policies
-      Dump information about all policies on the system, whether they be active or not
-      aliases: -lp
------------------------------ Token Commands ---------------------------------
-  --add-token Path/To/Token/File [--token-id ID]
-      Deploy a token onto the current system, with an optional specific ID
-          If [ID] is specified, a pre-existing token with [ID] should not exist.
-      aliases:-at
-  --remove-token ID
-      Remove a Token indicated by ID from the system.
-      aliases: -rt
-  --list-tokens
-      Dump information about all tokens on the system
-      aliases: -lt
------------------------------ Misc Commands ---------------------------------
-  --device-id
-      Dump the Code Integrity Device Id
-      aliases: -id
-  --refresh
-      Attempt to Refresh CI Policies
-      aliases: -r
-  --help
-      Display this message
-      aliases: -h
------------------------------ Global Flags---------------------------------
-  -json
-     Format output as json and suppress input
-Press Enter to Exit
+PS C:\Users\[USER] CiTool --remove-policy "{BF61FE40-8929-4FDF-9EC2-F7A767717F0B}"
+Operation Successful
+Press Enter to Continue
 ```
 
 4. Display the help menu
 ```powershell
-PS C:\Users\[USER] cd \windows\system32
-PS C:\windows\system32> .\CITool.exe -h
+PS C:\Users\[USER] CITool -h
 
 ----------------------------- Policy Commands ---------------------------------
   --update-policy /Path/To/Policy/File