diff --git a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
index 7efc313edb..53a0f7861e 100644
--- a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md
@@ -1,7 +1,7 @@
 ---
 title: Diagnose Provisioning Packages
 description: Diagnose general failures in provisioning.
-ms.topic: article
+ms.topic: troubleshooting
 ms.date: 01/18/2023
 ---
 
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index e88f25ff70..a535175bf7 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,7 +1,7 @@
 ---
 title: Configuration service providers for IT pros
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 7d869e903f..97dec0c215 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,7 +1,7 @@
 ---
 title: Provision PCs with common settings
 description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index 99f20c85aa..fd7134875e 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -1,7 +1,7 @@
 ---
 title: Provision PCs with apps
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index d4e5be28f7..2f8bb266e1 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,7 +1,7 @@
 ---
 title: Apply a provisioning package
 description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 9ebacde2fb..686b79ac68 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Configuration Designer command-line interface
 description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index d09f0ee4b9..0824710f19 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package
 description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index dc714cbc36..24c02a6557 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,7 +1,7 @@
 ---
 title: How provisioning works in Windows 10/11
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index bfb515538f..9b572cde75 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,7 +1,7 @@
 ---
 title: Install Windows Configuration Designer
 description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
-ms.topic: article
+ms.topic: how-to
 ms.reviewer: kevinsheehan
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 64da06a98c..6ecb125be7 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package with multivariant settings
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 13e86abb25..050fc24beb 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -2,7 +2,7 @@
 title: Provisioning packages overview
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.reviewer: kevinsheehan
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 4c938d7786..e5e7ea6019 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,7 +1,7 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11
 description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
-ms.topic: article
+ms.topic: conceptual
 
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index 199616a94e..c9aff98df4 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,7 +1,7 @@
 ---
 title: Use a script to install a desktop app in provisioning packages
 description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 9a75ffc29b..6615407051 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,7 +1,7 @@
 ---
 title: Uninstall a provisioning package - reverted settings
 description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index 05fed4e21e..239ddd052c 100644
--- a/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -6,7 +6,7 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/26/2024
-ms.topic: article
+ms.topic: conceptual
 appliesto:
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
index b8552a63ca..1507fc348c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
 description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---
 
 # Testing and Debugging AppId Tagging Policies
@@ -11,28 +11,28 @@ ms.topic: article
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. 
+After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
 
 ## Verifying Tags on Running Processes
 
-After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed. 
+After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed.
 
-1. Download and Install the Windows Debugger 
+1. Download and Install the Windows Debugger
 
-	[Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes. 
+    [Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes.
 
 2. Get the Process ID (PID) of the process under validation
 
-	Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step. 
+    Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step.
 
-	![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)
+    ![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)
 
 3. Use WinDbg to inspect the process
 
-	After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process. 
+    After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process.
 
-	![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)
+    ![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)
 
-	Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
+    Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
 
-	![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
+    ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
index e8af7434cc..7f0824cace 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Deploying Windows Defender Application Control AppId tagging policies
 description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Deploying Windows Defender Application Control AppId tagging policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
index a677075cdb..4b7e1e6b2f 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
@@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
 description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Creating your WDAC AppId Tagging Policies
@@ -17,12 +17,12 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 1. Create a new base policy using the templates:
 
-	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. 
+	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
 
 	![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
-	
+
 	> [!NOTE]
-	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. 
+	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
 	For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
 
 2. 	Set the following rule-options using the Wizard toggles:
@@ -31,13 +31,13 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 3. Create custom rules:
 
-	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules: 
+	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
 
-	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security. 
-	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards. 
+	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
+	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
 	- File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name.
 	- Package app name rules: Create a rule based off the package family name of an appx/msix.
-	- Hash rules: Create a rule based off the PE Authenticode hash of a file. 
+	- Hash rules: Create a rule based off the PE Authenticode hash of a file.
 
 	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
 
@@ -48,9 +48,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
 	```
-	The policyID GUID is returned by the PowerShell command if successful. 
+	The policyID GUID is returned by the PowerShell command if successful.
 
-## Create the policy using PowerShell 
+## Create the policy using PowerShell
 
 Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
 
@@ -72,20 +72,20 @@ Using this method, you create an AppId Tagging policy directly using the WDAC Po
 	Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
 	```
 
-	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need. 
-	
+	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
+
 4. Set the name and ID on the policy, which is helpful for future debugging:
 
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
 	```
-	The policyID GUID is returned by the PowerShell command if successful. 
+	The policyID GUID is returned by the PowerShell command if successful.
 
 ## Deploy for Local Testing
 
 After creating your AppId Tagging policy in the above steps, you can deploy the policy to your local machine for testing before broadly deploying the policy to your endpoints:
 
-1. Depending on your deployment method, convert the xml to binary: 
+1. Depending on your deployment method, convert the xml to binary:
 
 	```powershell
 	Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip"
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
index 2d94e08d99..c7ba6859ae 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
@@ -3,7 +3,7 @@ title: Designing, creating, managing and troubleshooting Windows Defender Applic
 description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
 ms.localizationpriority: medium
 ms.date: 04/27/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # WDAC Application ID (AppId) Tagging guide
@@ -13,17 +13,17 @@ ms.topic: article
 
 ## AppId Tagging Feature Overview
 
-The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't. 
+The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't.
 
 ## AppId Tagging Feature Availability
 
-The WDAC AppId Tagging feature is available on the following versions of the Windows platform: 
+The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
 
-Client: 
+Client:
 - Windows 10 20H1, 20H2 and 21H1 versions only
 - Windows 11
 
-Server: 
+Server:
 - Windows Server 2022
 
 ## In this section
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
index 98ac6cf37d..fa463a999a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
@@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules
 description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
 ms.localizationpriority: medium
 ms.date: 05/03/2018
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Use audit events to create WDAC policy rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
index aed9b36b5b..78a686dada 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
@@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy
 description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
 ms.localizationpriority: medium
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Deploy Windows Defender Application Control policies by using Group Policy
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index a96124b086..6910b03b04 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -3,7 +3,7 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script
 description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
 ms.manager: jsuther
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
index 5c4d60cfa8..2685a6db1d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
@@ -3,7 +3,7 @@ title: Remove Windows Defender Application Control policies
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
 ms.localizationpriority: medium
 ms.date: 11/04/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Remove Windows Defender Application Control (WDAC) policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
index 9000c01d85..07bc66c51a 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
@@ -3,7 +3,7 @@ title: Enforce Windows Defender Application Control (WDAC) policies
 description: Learn how to switch a WDAC policy from audit to enforced mode.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
index 20bf91ea2a..d1b96ca2d6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
@@ -3,7 +3,7 @@ title: Merge Windows Defender Application Control policies (WDAC)
 description: Learn how to merge WDAC policies as part of your policy lifecycle management.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
index ad1b478b40..fc9395851d 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
@@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy
 description: You can allow COM object registration in a Windows Defender Application Control policy.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Allow COM object registration in a Windows Defender Application Control policy
@@ -153,11 +153,11 @@ The table that follows describes the list of COM objects that are inherently tru
 | scrrun.dll | 0D43FE01-F093-11CF-8940-00A0C9054228 |
 | vbscript.dll | 3F4DACA4-160D-11D2-A8E9-00104B365C9F |
 | WEX.Logger.Log | 70B46225-C474-4852-BB81-48E0D36F9A5A |
-| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a | 
+| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a |
 | TE.Common.RuntimeParameters | 9f3d4048-6028-4c5b-a92d-01bc977af600 |
 | TE.Common.Verify | e72cbabf-8e48-4d27-b14e-1f347f6ec71a |
 | TE.Common.Interruption | 5850ba6f-ce72-46d4-a29b-0d3d9f08cc0b |
-| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 | 
+| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 |
 | msxml6.dll | ED8C108E-4349-11D2-91A4-00C04F7969E8 |
 | mmcndmgr.dll | ADE6444B-C91F-4E37-92A4-5BB430A33340 |
 | puiobj.dll | B021FF57-A928-459C-9D6C-14DED0C9BED2 |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
index 2d96cac781..7f203efaf7 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
@@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control deployment in different scenarios: types of devices
@@ -15,7 +15,7 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes
 
 ## Types of devices
 
-|  Type of device                 | How WDAC relates to this type of device  | 
+|  Type of device                 | How WDAC relates to this type of device  |
 |------------------------------------|------------------------------------------------------|
 | **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Application Control can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. |
 | **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request for more software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline Windows Defender Application Control policy can be established and enforced. Whenever the IT department approves more applications, it updates the WDAC policy and (for unsigned LOB applications) the catalog. |
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
index 6154ff435d..ff3b5d8fa8 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer
 description: Explains how to configure a custom Managed Installer.
 ms.localizationpriority: medium
 ms.date: 02/02/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Automatically allow apps deployed by a managed installer with Windows Defender Application Control
@@ -78,7 +78,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
     ```
 
 3. Manually edit your AppLocker policy and add the EXE and DLL rule collections with at least one rule for each. To ensure your policy can be safely applied on systems that may already have an active AppLocker policy, we recommend using a benign DENY rule to block a fake binary and set the rule collection's EnforcementMode to AuditOnly. Additionally, since many installation processes rely on services, you need to enable services tracking for each of those rule collections. The following example shows a partial AppLocker policy with the EXE and DLL rule collection configured as recommended.
-  
+
     ```xml
     <RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
       <FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Benign DENY Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
@@ -147,7 +147,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
         </RuleCollectionExtensions>
       </RuleCollection>
       <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
-        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT&reg; INTUNE&trade; from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
           <Conditions>
               <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
                 <BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
@@ -183,7 +183,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
     ```console
     appidtel.exe start [-mionly]
     ```
-  
+
     Specify "-mionly" if you don't plan to use the Intelligent Security Graph (ISG).
 
 > [!NOTE]
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
index 3dcec18e4f..3e76a698d2 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
@@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
 description: Explains how to create WDAC deny policies
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Guidance on Creating WDAC Deny Policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
index 77a4402365..4b7a2f317b 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
@@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer
 description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
 ms.localizationpriority: medium
 ms.date: 08/08/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Create a WDAC policy using a reference computer
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
index 38c5700dab..621718eb69 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
@@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
 ms.localizationpriority: medium
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Use multiple Windows Defender Application Control Policies
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
index db1a336471..d136e3824b 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
@@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC
 description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
 ms.localizationpriority: medium
 ms.date: 03/01/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
index 5b5d018a69..c99e4f6e9e 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@@ -6,7 +6,7 @@ ms.collection:
 - tier3
 - must-keep
 ms.date: 01/24/2024
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Microsoft recommended driver block rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
index c1eee0110d..caebc2c6c3 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
@@ -3,7 +3,7 @@ title: Plan for WDAC policy management
 description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Plan for Windows Defender Application Control lifecycle policy management
@@ -25,7 +25,7 @@ Most Windows Defender Application Control policies will evolve over time and pro
 4. Repeat steps 2-3 until the remaining block events meet expectations.
 5. [Generate the enforced mode version](/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies) of the policy. In enforced mode, files that the policy doesn't allow are prevented from running and corresponding block events are generated.
 6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
-7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.  
+7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
 
 ![Recommended WDAC policy deployment process.](../images/policyflow.png)
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
index 4a1aaf70e2..8ebfc6ca57 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
@@ -3,7 +3,7 @@ title: Understand WDAC script enforcement
 description: WDAC script enforcement
 ms.manager: jsuther
 ms.date: 05/26/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
index ea4260f8c1..ce2f7e2e2f 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
@@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control (WDAC) policy rules and f
 description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understand Windows Defender Application Control (WDAC) policy rules and file rules
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
index 026cd262be..abaeda5f34 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
@@ -3,10 +3,10 @@ title: Understand Windows Defender Application Control policy design decisions
 description: Understand Windows Defender Application Control policy design decisions.
 ms.localizationpriority: medium
 ms.date: 02/08/2018
-ms.topic: article
+ms.topic: conceptual
 ---
 
-# Understand Windows Defender Application Control policy design decisions 
+# Understand Windows Defender Application Control policy design decisions
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
@@ -56,8 +56,8 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 | Possible answers | Design considerations |
 | - | - |
 | All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | 
- 
+| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
+
 ### Are there specific groups in your organization that need customized application control policies?
 
 Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
index 0c615d15e5..6f2f154463 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
@@ -3,7 +3,7 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
 description: Learn about secure settings in Windows Defender Application Control.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understanding WDAC Policy Settings
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 7fa7fe71a2..d46c2de5a6 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -3,10 +3,10 @@ title: Use a Windows Defender Application Control policy to control specific plu
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
 ms.localizationpriority: medium
 ms.date: 11/02/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
-# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
+# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
index ee718c6bff..02cd2f93cd 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
@@ -1,9 +1,9 @@
 ---
 title: Authorize reputable apps with the Intelligent Security Graph (ISG)
-description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
+description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Authorize reputable apps with the Intelligent Security Graph (ISG)
@@ -42,29 +42,29 @@ Setting up the ISG is easy using any management solution you wish. Configuring t
 To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also set the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option isn't recommended for devices that don't have regular access to the internet. The following example shows both options set.
 
 ```xml
-<Rules> 
-    <Rule> 
-      <Option>Enabled:Unsigned System Integrity Policy</Option> 
-    </Rule> 
-    <Rule> 
-      <Option>Enabled:Advanced Boot Options Menu</Option> 
-    </Rule> 
-    <Rule> 
-      <Option>Required:Enforce Store Applications</Option> 
-    </Rule> 
+<Rules>
+    <Rule>
+      <Option>Enabled:Unsigned System Integrity Policy</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Advanced Boot Options Menu</Option>
+    </Rule>
+    <Rule>
+      <Option>Required:Enforce Store Applications</Option>
+    </Rule>
     <Rule>
       <Option>Enabled:UMCI</Option>
     </Rule>
     <Rule>
-      <Option>Enabled:Managed Installer</Option> 
+      <Option>Enabled:Managed Installer</Option>
     </Rule>
-    <Rule> 
-      <Option>Enabled:Intelligent Security Graph Authorization</Option> 
-    </Rule> 
-    <Rule> 
-      <Option>Enabled:Invalidate EAs on Reboot</Option> 
-    </Rule> 
-</Rules> 
+    <Rule>
+      <Option>Enabled:Intelligent Security Graph Authorization</Option>
+    </Rule>
+    <Rule>
+      <Option>Enabled:Invalidate EAs on Reboot</Option>
+    </Rule>
+</Rules>
 ```
 
 ### Enable the necessary services to allow WDAC to use the ISG correctly on the client
@@ -91,7 +91,7 @@ Since the ISG only allows binaries that are "known good", there are cases where
 
 Packaged apps aren't supported with the ISG and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it's straightforward to [authorize packaged apps](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) with your WDAC policy.
 
-The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.  
+The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
 
 > [!NOTE]
 > A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
index b0ec0ebfe9..f99639f8fd 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
@@ -3,7 +3,7 @@ title: Windows Defender Application Control and .NET
 description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control (WDAC) and .NET
@@ -41,7 +41,7 @@ Additionally, customers can precompile for deployment only to prevent an allowed
 To enable Dynamic Code Security, add the following option to the `<Rules>` section of your WDAC policy:
 
 ```xml
-<Rule> 
-    <Option>Enabled:Dynamic Code Security</Option> 
+<Rule>
+    <Option>Enabled:Dynamic Code Security</Option>
 </Rule>
 ```
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
index 7fb31cd8a4..298b965229 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
@@ -3,7 +3,7 @@ title: Understanding Application Control event tags
 description: Learn what different Windows Defender Application Control event tags signify.
 ms.localizationpriority: medium
 ms.date: 05/09/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understanding Application Control event tags
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
index 9edd163212..c8432d0129 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
@@ -3,7 +3,7 @@ title: Inbox WDAC policies
 description: This article describes the inbox WDAC policies that may be active on a device.
 ms.manager: jsuther
 ms.date: 03/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
index 2522308d55..f33e99121c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
@@ -3,7 +3,7 @@ title: WDAC Admin Tips & Known Issues
 description: WDAC Known Issues
 ms.manager: jsuther
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: troubleshooting
 ms.localizationpriority: medium
 ---
 
@@ -84,7 +84,7 @@ msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E
 As a workaround, download the MSI file and run it locally:
 
 ```console
-msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi  
+msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
 ```
 
 ### Slow boot and performance with custom policies
@@ -93,7 +93,7 @@ WDAC evaluates all processes that run, including inbox Windows processes. You ca
 
 #### AppId Tagging policy considerations
 
-AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes). 
+AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
 
 If you can't allowlist the Windows signers or build off the WDAC base templates, add the following rule to your policies to improve the performance:
 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
index f6671dc740..c17adb2b1c 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -3,10 +3,10 @@ title: Query Application Control events with Advanced Hunting
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
 ms.localizationpriority: medium
 ms.date: 03/01/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---
 
-# Querying Application Control events centrally using Advanced hunting  
+# Querying Application Control events centrally using Advanced hunting
 
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode.
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems.
@@ -65,7 +65,7 @@ The query results can be used for several important functions related to managin
 Query Example #2: Query to determine audit blocks in the past seven days
 
 ```
-DeviceEvents 
+DeviceEvents
 | where ActionType startswith "AppControlExecutableAudited"
 | where Timestamp > ago(7d)
 |project DeviceId,                               // the device ID where the audit block happened
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
index 5e998b8788..81042f2926 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
 description: Compare Windows application control technologies.
 ms.localizationpriority: medium
 ms.date: 01/03/2024
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control and AppLocker Overview
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
index 399efd6820..0da205053a 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox architecture
 description: Windows Sandbox architecture
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/26/2024
 ---
 
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 50526dc308..6420d0019f 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox configuration
 description: Windows Sandbox configuration
-ms.topic: article
+ms.topic: how-to
 ms.date: 03/26/2024
 ---
 
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
index 1a0695eb98..adf405569f 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox
 description: Windows Sandbox overview
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/26/2024
 ---
 
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
index 8faa272dca..e68c6df87a 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
@@ -3,7 +3,7 @@ title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
 ms.localizationpriority: medium
 ms.date: 07/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
index 6f077f8f37..2dba2d4677 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
@@ -2,7 +2,7 @@
 title: Account protection in Windows Security
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
index 6ede491eeb..375aeb3fa0 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
@@ -2,7 +2,7 @@
 title: App & browser control in Windows Security
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # App and browser control
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
index 70c71bc872..4bf296c839 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -2,7 +2,7 @@
 title: Customize Windows Security contact information in Windows Security
 description: Provide information to your employees on how to contact your IT department when a security issue occurs
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Customize the Windows Security settings for your organization
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
index b34941e7bb..a15b5f11b6 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
@@ -2,7 +2,7 @@
 title: Device & performance health in Windows Security
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
 ms.date: 07/31/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
index 0c75434023..e47d41fc91 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
@@ -2,7 +2,7 @@
 title: Device security in Windows Security
 description: Use the Device security section to manage security built into your device, including Virtualization-based security.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Device security
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
index 7ba7b42e75..50f38d64dd 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
@@ -2,7 +2,7 @@
 title: Family options in Windows Security
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
index 3ac877ec3f..0070445c0d 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -2,7 +2,7 @@
 title: Firewall and network protection in Windows Security
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Firewall and network protection
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
index 6e0c20b83c..5e330d95a0 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
@@ -2,7 +2,7 @@
 title: Hide notifications from Windows Security
 description: Prevent Windows Security notifications from appearing on user endpoints
 ms.date: 07/31/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Hide Windows Security notifications
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
index cc0979c845..f48a985759 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -2,7 +2,7 @@
 title: Virus and threat protection in Windows Security
 description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Virus and threat protection
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
index a316bca4b5..2feb4cecb2 100644
--- a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
@@ -2,7 +2,7 @@
 title: Windows Security
 description: Windows Security brings together common Windows security features into one place.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Security
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 61a3073fa1..564b83b498 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -6,7 +6,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Mitigate threats by using Windows 10 security features