From c7650732e8652a74e98bc0656137e2156decafdc Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Thu, 1 Oct 2020 10:30:10 -0700
Subject: [PATCH 1/2] Minor fixes to WDAC vs AppLocker

Clarify wording in WDAC system requirements, remove 'legacy' reference, and add back AppLocker recommendation for not enforcing DLLs and drivers
---
 .../wdac-and-applocker-overview.md                           | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index f076b612e7..9bde7a0cc3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -44,7 +44,7 @@ Note that prior to Windows 10, version 1709, Windows Defender Application Contro
 
 ### WDAC System Requirements
 
-WDAC policies can only be created on devices running Windows 10 build 1903+ on any SKU, pre-1903 Windows 10 Enterprise, or Windows Server 2016 and above.
+WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above.
 
 WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
@@ -65,12 +65,13 @@ AppLocker policies can be deployed using Group Policy or MDM.
 
 ## Choose when to use WDAC or AppLocker
 
-Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements.
+Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements.
 
 In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when:
 
 - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS.
 - You need to apply different policies for different users or groups on shared computers.
+- You do not want to enforce application control on application files such as DLLs or drivers.
 
 AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps.
 As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions.

From 97663ee37bbe6264fe7f79253e68ee5379ec00a6 Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Thu, 1 Oct 2020 10:35:14 -0700
Subject: [PATCH 2/2] Add link to WDAC feature availability

---
 .../wdac-and-applocker-overview.md                              | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
index 9bde7a0cc3..9fe4c819a1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -48,6 +48,8 @@ WDAC policies can be created on any client edition of Windows 10 build 1903+ or
 
 WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10.
 
+For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md).
+
 ## AppLocker
 
 AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.