From ec9a88a0a568529121b2be66ff5c32abd81c305b Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Fri, 15 Jan 2021 20:04:54 -0800
Subject: [PATCH] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index ab42d2eb12..042ec80a0c 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -159,6 +159,28 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli
 
 5. Reboot the device.
 
+### Why doesn't the container not fully load when Device Control Policies are enabled?
+The whitelisting of these items are required to be allowed in the GPO to ensure AppGuard works properly. 
+
+Policy: Allow installation of devices that match any of these device IDs 
+•	SCSI\DiskMsft____Virtual_Disk____ 
+•	{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba 
+•	VMS_VSF 
+•	root\Vpcivsp 
+•	root\VMBus 
+•	vms_mp 
+•	VMS_VSP 
+•	ROOT\VKRNLINTVSP 
+•	ROOT\VID 
+•	root\storvsp 
+•	vms_vsmp 
+•	VMS_PP 
+
+Policy: Allow installation of devices using drivers that match these device setup classes 
+•	{71a27cdd-812a-11d0-bec7-08002be2092f}
+
+
+
 ## See also
 
-[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
\ No newline at end of file
+[Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)