Update ms.topic

windows/configuration/provisioning-packages/diagnose-provisioning-packages.md

@@ -1,7 +1,7 @@
 ---
 title: Diagnose Provisioning Packages
 description: Diagnose general failures in provisioning.
-ms.topic: article
+ms.topic: troubleshooting
 ms.date: 01/18/2023
 ---
 

windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md

@@ -1,7 +1,7 @@
 ---
 title: Configuration service providers for IT pros
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Provision PCs with common settings
 description: Create a provisioning package to apply common settings to a PC running Windows 10.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provision-pcs-with-apps.md

@@ -1,7 +1,7 @@
 ---
 title: Provision PCs with apps
 description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-apply-package.md

@@ -1,7 +1,7 @@
 ---
 title: Apply a provisioning package
 description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-command-line.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Configuration Designer command-line interface
 description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-create-package.md

@@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package
 description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-how-it-works.md

@@ -1,7 +1,7 @@
 ---
 title: How provisioning works in Windows 10/11
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-install-icd.md

@@ -1,7 +1,7 @@
 ---
 title: Install Windows Configuration Designer
 description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
-ms.topic: article
+ms.topic: how-to
 ms.reviewer: kevinsheehan
 ms.date: 12/31/2017
 ---

windows/configuration/provisioning-packages/provisioning-multivariant.md

@@ -1,7 +1,7 @@
 ---
 title: Create a provisioning package with multivariant settings
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-packages.md

@@ -2,7 +2,7 @@
 title: Provisioning packages overview
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.reviewer: kevinsheehan
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-powershell.md

@@ -1,7 +1,7 @@
 ---
 title: PowerShell cmdlets for provisioning Windows 10/11
 description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
-ms.topic: article
+ms.topic: conceptual
 
 ms.date: 12/31/2017
 ---

windows/configuration/provisioning-packages/provisioning-script-to-install-app.md

@@ -1,7 +1,7 @@
 ---
 title: Use a script to install a desktop app in provisioning packages
 description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-ms.topic: article
+ms.topic: how-to
 ms.date: 12/31/2017
 ---
 

windows/configuration/provisioning-packages/provisioning-uninstall-package.md

@@ -1,7 +1,7 @@
 ---
 title: Uninstall a provisioning package - reverted settings
 description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 12/31/2017
 ---
 

windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md

@@ -6,7 +6,7 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.date: 03/26/2024
-ms.topic: article
+ms.topic: conceptual
 appliesto:
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>
 - ✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>

windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md

@@ -3,7 +3,7 @@ title: Testing and Debugging AppId Tagging Policies
 description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---
 
 # Testing and Debugging AppId Tagging Policies
@@ -11,28 +11,28 @@ ms.topic: article
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. 
+After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event.
 
 ## Verifying Tags on Running Processes
 
-After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed. 
+After verifying the policy has been deployed, the next step is to verify that the application processes you expect to pass the AppId Tagging policy have your tag set. Note that processes running at the time of policy deployment will need to be restarted since Windows Defender Application Control (WDAC) can only tag processes created after the policy has been deployed.
 
-1. Download and Install the Windows Debugger 
+1. Download and Install the Windows Debugger
 
-	[Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes. 
+    [Microsoft's WinDbg Preview application](https://www.microsoft.com/store/productId/9PGJGD53TN86) can be downloaded from the Store and used to verify tags on running processes.
 
 2. Get the Process ID (PID) of the process under validation
 
-	Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step. 
+    Using Task Manager, or an equivalent process monitoring tool, locate the PID of the process you wish to inspect. In the example below, we've located the PID for the running process for Microsoft Edge to be 2260. The PID will be used in the next step.
 
-	![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)
+    ![Using Task Manager to locate the process ID - PID.](../images/appid-pid-task-mgr.png)
 
 3. Use WinDbg to inspect the process
 
-	After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process. 
+    After opening WinDbg. select File followed by `Attach to Process`, and select the process with the PID identified in the step prior. Finally, select `Attach` to connect to the process.
 
-	![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)
+    ![Attach to the process using WinDbg.](../images/appid-pid-windbg.png)
 
-	Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
+    Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
 
-	![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
+    ![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)

windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md

@@ -3,7 +3,7 @@ title: Deploying Windows Defender Application Control AppId tagging policies
 description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Deploying Windows Defender Application Control AppId tagging policies

windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md

@@ -3,7 +3,7 @@ title: Create your Windows Defender Application Control AppId Tagging Policies
 description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
 ms.localizationpriority: medium
 ms.date: 04/29/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Creating your WDAC AppId Tagging Policies
@@ -17,12 +17,12 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 1. Create a new base policy using the templates:
 
-	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. 
+	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
 
 	![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
-	
+
 	> [!NOTE]
-	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. 
+	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
 	For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
 
 2. 	Set the following rule-options using the Wizard toggles:
@@ -31,13 +31,13 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 3. Create custom rules:
 
-	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules: 
+	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
 
-	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security. 
+	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
-	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards. 
+	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
 	- File attribute rules: Create a rule based off a file's immutable properties like the original filename, file description, product name or internal name.
 	- Package app name rules: Create a rule based off the package family name of an appx/msix.
-	- Hash rules: Create a rule based off the PE Authenticode hash of a file. 
+	- Hash rules: Create a rule based off the PE Authenticode hash of a file.
 
 	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
 
@@ -48,9 +48,9 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
 	```
-	The policyID GUID is returned by the PowerShell command if successful. 
+	The policyID GUID is returned by the PowerShell command if successful.
 
-## Create the policy using PowerShell 
+## Create the policy using PowerShell
 
 Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
 
@@ -72,20 +72,20 @@ Using this method, you create an AppId Tagging policy directly using the WDAC Po
 	Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
 	```
 
-	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need. 
+	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
-	
+
 4. Set the name and ID on the policy, which is helpful for future debugging:
 
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
 	```
-	The policyID GUID is returned by the PowerShell command if successful. 
+	The policyID GUID is returned by the PowerShell command if successful.
 
 ## Deploy for Local Testing
 
 After creating your AppId Tagging policy in the above steps, you can deploy the policy to your local machine for testing before broadly deploying the policy to your endpoints:
 
-1. Depending on your deployment method, convert the xml to binary: 
+1. Depending on your deployment method, convert the xml to binary:
 
 	```powershell
 	Convertfrom-CIPolicy .\policy.xml ".\{PolicyIDGUID}.cip"

windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md

@@ -3,7 +3,7 @@ title: Designing, creating, managing and troubleshooting Windows Defender Applic
 description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
 ms.localizationpriority: medium
 ms.date: 04/27/2022
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # WDAC Application ID (AppId) Tagging guide
@@ -13,17 +13,17 @@ ms.topic: article
 
 ## AppId Tagging Feature Overview
 
-The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't. 
+The Application ID (AppId) Tagging Policy feature, while based off Windows Defender Application Control (WDAC), does not control whether applications will run. AppId Tagging policies can be used to mark the processes of the running application with a customizable tag defined in the policy. Application processes that pass the AppId policy will receive the tag while failing applications won't.
 
 ## AppId Tagging Feature Availability
 
-The WDAC AppId Tagging feature is available on the following versions of the Windows platform: 
+The WDAC AppId Tagging feature is available on the following versions of the Windows platform:
 
-Client: 
+Client:
 - Windows 10 20H1, 20H2 and 21H1 versions only
 - Windows 11
 
-Server: 
+Server:
 - Windows Server 2022
 
 ## In this section

windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md

@@ -3,7 +3,7 @@ title: Use audit events to create WDAC policy rules
 description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
 ms.localizationpriority: medium
 ms.date: 05/03/2018
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Use audit events to create WDAC policy rules

windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md

@@ -3,7 +3,7 @@ title: Deploy WDAC policies via Group Policy
 description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
 ms.localizationpriority: medium
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Deploy Windows Defender Application Control policies by using Group Policy

windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md

@@ -3,7 +3,7 @@ title: Deploy Windows Defender Application Control (WDAC) policies using script
 description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
 ms.manager: jsuther
 ms.date: 01/23/2023
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md

@@ -3,7 +3,7 @@ title: Remove Windows Defender Application Control policies
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
 ms.localizationpriority: medium
 ms.date: 11/04/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Remove Windows Defender Application Control (WDAC) policies

windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md

@@ -3,7 +3,7 @@ title: Enforce Windows Defender Application Control (WDAC) policies
 description: Learn how to switch a WDAC policy from audit to enforced mode.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md

@@ -3,7 +3,7 @@ title: Merge Windows Defender Application Control policies (WDAC)
 description: Learn how to merge WDAC policies as part of your policy lifecycle management.
 ms.manager: jsuther
 ms.date: 04/22/2021
-ms.topic: article
+ms.topic: how-to
 ms.localizationpriority: medium
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md

@@ -3,7 +3,7 @@ title: Allow COM object registration in a WDAC policy
 description: You can allow COM object registration in a Windows Defender Application Control policy.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Allow COM object registration in a Windows Defender Application Control policy
@@ -153,11 +153,11 @@ The table that follows describes the list of COM objects that are inherently tru
 | scrrun.dll | 0D43FE01-F093-11CF-8940-00A0C9054228 |
 | vbscript.dll | 3F4DACA4-160D-11D2-A8E9-00104B365C9F |
 | WEX.Logger.Log | 70B46225-C474-4852-BB81-48E0D36F9A5A |
-| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a | 
+| TE.Common.TestData | 1d68f3c0-b5f8-4abd-806a-7bc57cdce35a |
 | TE.Common.RuntimeParameters | 9f3d4048-6028-4c5b-a92d-01bc977af600 |
 | TE.Common.Verify | e72cbabf-8e48-4d27-b14e-1f347f6ec71a |
 | TE.Common.Interruption | 5850ba6f-ce72-46d4-a29b-0d3d9f08cc0b |
-| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 | 
+| msxml6.dll | 2933BF90-7B36-11d2-B20E-00C04F983E60 |
 | msxml6.dll | ED8C108E-4349-11D2-91A4-00C04F7969E8 |
 | mmcndmgr.dll | ADE6444B-C91F-4E37-92A4-5BB430A33340 |
 | puiobj.dll | B021FF57-A928-459C-9D6C-14DED0C9BED2 |

windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md

@@ -3,7 +3,7 @@ title: Policy creation for common WDAC usage scenarios
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control deployment in different scenarios: types of devices
@@ -15,7 +15,7 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes
 
 ## Types of devices
 
-|  Type of device                 | How WDAC relates to this type of device  | 
+|  Type of device                 | How WDAC relates to this type of device  |
 |------------------------------------|------------------------------------------------------|
 | **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | Windows Defender Application Control can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. |
 | **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request for more software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline Windows Defender Application Control policy can be established and enforced. Whenever the IT department approves more applications, it updates the WDAC policy and (for unsigned LOB applications) the catalog. |

windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md

@@ -3,7 +3,7 @@ title: Allow apps deployed with a WDAC managed installer
 description: Explains how to configure a custom Managed Installer.
 ms.localizationpriority: medium
 ms.date: 02/02/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Automatically allow apps deployed by a managed installer with Windows Defender Application Control
@@ -78,7 +78,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
     ```
 
 3. Manually edit your AppLocker policy and add the EXE and DLL rule collections with at least one rule for each. To ensure your policy can be safely applied on systems that may already have an active AppLocker policy, we recommend using a benign DENY rule to block a fake binary and set the rule collection's EnforcementMode to AuditOnly. Additionally, since many installation processes rely on services, you need to enable services tracking for each of those rule collections. The following example shows a partial AppLocker policy with the EXE and DLL rule collection configured as recommended.
-  
+
     ```xml
     <RuleCollection Type="Dll" EnforcementMode="AuditOnly" >
       <FilePathRule Id="86f235ad-3f7b-4121-bc95-ea8bde3a5db5" Name="Benign DENY Rule" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
@@ -147,7 +147,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
         </RuleCollectionExtensions>
       </RuleCollection>
       <RuleCollection Type="ManagedInstaller" EnforcementMode="AuditOnly">
-        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT® INTUNE™ from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+        <FilePublisherRule Id="55932f09-04b8-44ec-8e2d-3fc736500c56" Name="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE version 1.39.200.2 or greater in MICROSOFT&reg; INTUNE&trade; from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
           <Conditions>
               <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE">
                 <BinaryVersionRange LowSection="1.39.200.2" HighSection="*" />
@@ -183,7 +183,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
     ```console
     appidtel.exe start [-mionly]
     ```
-  
+
     Specify "-mionly" if you don't plan to use the Intelligent Security Graph (ISG).
 
 > [!NOTE]

windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md

@@ -3,7 +3,7 @@ title: Create WDAC Deny Policy
 description: Explains how to create WDAC deny policies
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Guidance on Creating WDAC Deny Policies

windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md

@@ -3,7 +3,7 @@ title: Create a WDAC policy using a reference computer
 description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
 ms.localizationpriority: medium
 ms.date: 08/08/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Create a WDAC policy using a reference computer

windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md

@@ -3,7 +3,7 @@ title: Use multiple Windows Defender Application Control Policies
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
 ms.localizationpriority: medium
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Use multiple Windows Defender Application Control Policies

windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md

@@ -3,7 +3,7 @@ title: Manage packaged apps with WDAC
 description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
 ms.localizationpriority: medium
 ms.date: 03/01/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control

windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md

@@ -6,7 +6,7 @@ ms.collection:
 - tier3
 - must-keep
 ms.date: 01/24/2024
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Microsoft recommended driver block rules

windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md

@@ -3,7 +3,7 @@ title: Plan for WDAC policy management
 description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Plan for Windows Defender Application Control lifecycle policy management
@@ -25,7 +25,7 @@ Most Windows Defender Application Control policies will evolve over time and pro
 4. Repeat steps 2-3 until the remaining block events meet expectations.
 5. [Generate the enforced mode version](/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies) of the policy. In enforced mode, files that the policy doesn't allow are prevented from running and corresponding block events are generated.
 6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
-7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.  
+7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.
 
 ![Recommended WDAC policy deployment process.](../images/policyflow.png)
 

windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md

@@ -3,7 +3,7 @@ title: Understand WDAC script enforcement
 description: WDAC script enforcement
 ms.manager: jsuther
 ms.date: 05/26/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md

@@ -3,7 +3,7 @@ title: Understand Windows Defender Application Control (WDAC) policy rules and f
 description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understand Windows Defender Application Control (WDAC) policy rules and file rules

windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md

@@ -3,10 +3,10 @@ title: Understand Windows Defender Application Control policy design decisions
 description: Understand Windows Defender Application Control policy design decisions.
 ms.localizationpriority: medium
 ms.date: 02/08/2018
-ms.topic: article
+ms.topic: conceptual
 ---
 
-# Understand Windows Defender Application Control policy design decisions 
+# Understand Windows Defender Application Control policy design decisions
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
@@ -56,8 +56,8 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 | Possible answers | Design considerations |
 | - | - |
 | All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | 
+| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. |
- 
+
 ### Are there specific groups in your organization that need customized application control policies?
 
 Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.

windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md

@@ -3,7 +3,7 @@ title: Understanding Windows Defender Application Control (WDAC) secure settings
 description: Learn about secure settings in Windows Defender Application Control.
 ms.localizationpriority: medium
 ms.date: 04/05/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understanding WDAC Policy Settings

windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md

@@ -3,10 +3,10 @@ title: Use a Windows Defender Application Control policy to control specific plu
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
 ms.localizationpriority: medium
 ms.date: 11/02/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
-# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
+# Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).

windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md

@@ -1,9 +1,9 @@
 ---
 title: Authorize reputable apps with the Intelligent Security Graph (ISG)
-description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
+description: Automatically authorize applications that Microsoft's ISG recognizes as having known good reputation.
 ms.localizationpriority: medium
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Authorize reputable apps with the Intelligent Security Graph (ISG)
@@ -42,29 +42,29 @@ Setting up the ISG is easy using any management solution you wish. Configuring t
 To allow apps and binaries based on the Microsoft Intelligent Security Graph, the **Enabled:Intelligent Security Graph authorization** option must be specified in the WDAC policy. This step can be done with the Set-RuleOption cmdlet. You should also set the **Enabled:Invalidate EAs on Reboot** option so that ISG results are verified again after each reboot. The ISG option isn't recommended for devices that don't have regular access to the internet. The following example shows both options set.
 
 ```xml
-<Rules> 
+<Rules>
-    <Rule> 
+    <Rule>
-      <Option>Enabled:Unsigned System Integrity Policy</Option> 
+      <Option>Enabled:Unsigned System Integrity Policy</Option>
-    </Rule> 
+    </Rule>
-    <Rule> 
+    <Rule>
-      <Option>Enabled:Advanced Boot Options Menu</Option> 
+      <Option>Enabled:Advanced Boot Options Menu</Option>
-    </Rule> 
+    </Rule>
-    <Rule> 
+    <Rule>
-      <Option>Required:Enforce Store Applications</Option> 
+      <Option>Required:Enforce Store Applications</Option>
-    </Rule> 
+    </Rule>
     <Rule>
       <Option>Enabled:UMCI</Option>
     </Rule>
     <Rule>
-      <Option>Enabled:Managed Installer</Option> 
+      <Option>Enabled:Managed Installer</Option>
     </Rule>
-    <Rule> 
+    <Rule>
-      <Option>Enabled:Intelligent Security Graph Authorization</Option> 
+      <Option>Enabled:Intelligent Security Graph Authorization</Option>
-    </Rule> 
+    </Rule>
-    <Rule> 
+    <Rule>
-      <Option>Enabled:Invalidate EAs on Reboot</Option> 
+      <Option>Enabled:Invalidate EAs on Reboot</Option>
-    </Rule> 
+    </Rule>
-</Rules> 
+</Rules>
 ```
 
 ### Enable the necessary services to allow WDAC to use the ISG correctly on the client
@@ -91,7 +91,7 @@ Since the ISG only allows binaries that are "known good", there are cases where
 
 Packaged apps aren't supported with the ISG and will need to be separately authorized in your WDAC policy. Since packaged apps have a strong app identity and must be signed, it's straightforward to [authorize packaged apps](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) with your WDAC policy.
 
-The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.  
+The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.
 
 > [!NOTE]
 > A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).

windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md

@@ -3,7 +3,7 @@ title: Windows Defender Application Control and .NET
 description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
 ms.localizationpriority: medium
 ms.date: 11/22/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control (WDAC) and .NET
@@ -41,7 +41,7 @@ Additionally, customers can precompile for deployment only to prevent an allowed
 To enable Dynamic Code Security, add the following option to the `<Rules>` section of your WDAC policy:
 
 ```xml
-<Rule> 
+<Rule>
-    <Option>Enabled:Dynamic Code Security</Option> 
+    <Option>Enabled:Dynamic Code Security</Option>
 </Rule>
 ```

windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md

@@ -3,7 +3,7 @@ title: Understanding Application Control event tags
 description: Learn what different Windows Defender Application Control event tags signify.
 ms.localizationpriority: medium
 ms.date: 05/09/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Understanding Application Control event tags

windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md

@@ -3,7 +3,7 @@ title: Inbox WDAC policies
 description: This article describes the inbox WDAC policies that may be active on a device.
 ms.manager: jsuther
 ms.date: 03/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---
 

windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md

@@ -3,7 +3,7 @@ title: WDAC Admin Tips & Known Issues
 description: WDAC Known Issues
 ms.manager: jsuther
 ms.date: 04/15/2024
-ms.topic: article
+ms.topic: troubleshooting
 ms.localizationpriority: medium
 ---
 
@@ -84,7 +84,7 @@ msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E
 As a workaround, download the MSI file and run it locally:
 
 ```console
-msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi  
+msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
 ```
 
 ### Slow boot and performance with custom policies
@@ -93,7 +93,7 @@ WDAC evaluates all processes that run, including inbox Windows processes. You ca
 
 #### AppId Tagging policy considerations
 
-AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes). 
+AppId Tagging policies that aren't built upon the WDAC base templates or don't allow the Windows in-box signers might cause a significant increase in boot times (~2 minutes).
 
 If you can't allowlist the Windows signers or build off the WDAC base templates, add the following rule to your policies to improve the performance:
 

windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md

@@ -3,10 +3,10 @@ title: Query Application Control events with Advanced Hunting
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
 ms.localizationpriority: medium
 ms.date: 03/01/2022
-ms.topic: article
+ms.topic: troubleshooting
 ---
 
-# Querying Application Control events centrally using Advanced hunting  
+# Querying Application Control events centrally using Advanced hunting
 
 A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode.
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems.
@@ -65,7 +65,7 @@ The query results can be used for several important functions related to managin
 Query Example #2: Query to determine audit blocks in the past seven days
 
 ```
-DeviceEvents 
+DeviceEvents
 | where ActionType startswith "AppControlExecutableAudited"
 | where Timestamp > ago(7d)
 |project DeviceId,                               // the device ID where the audit block happened

windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md

@@ -3,7 +3,7 @@ title: WDAC and AppLocker Overview
 description: Compare Windows application control technologies.
 ms.localizationpriority: medium
 ms.date: 01/03/2024
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Defender Application Control and AppLocker Overview

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox architecture
 description: Windows Sandbox architecture
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/26/2024
 ---
 

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox configuration
 description: Windows Sandbox configuration
-ms.topic: article
+ms.topic: how-to
 ms.date: 03/26/2024
 ---
 

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md

@@ -1,7 +1,7 @@
 ---
 title: Windows Sandbox
 description: Windows Sandbox overview
-ms.topic: article
+ms.topic: conceptual
 ms.date: 03/26/2024
 ---
 

windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md

@@ -3,7 +3,7 @@ title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
 ms.localizationpriority: medium
 ms.date: 07/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # What is Microsoft Baseline Security Analyzer and its uses?

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md

@@ -2,7 +2,7 @@
 title: Account protection in Windows Security
 description: Use the Account protection section to manage security for your account and sign in to Microsoft.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md

@@ -2,7 +2,7 @@
 title: App & browser control in Windows Security
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # App and browser control

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md

@@ -2,7 +2,7 @@
 title: Customize Windows Security contact information in Windows Security
 description: Provide information to your employees on how to contact your IT department when a security issue occurs
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Customize the Windows Security settings for your organization

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md

@@ -2,7 +2,7 @@
 title: Device & performance health in Windows Security
 description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
 ms.date: 07/31/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md

@@ -2,7 +2,7 @@
 title: Device security in Windows Security
 description: Use the Device security section to manage security built into your device, including Virtualization-based security.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Device security

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md

@@ -2,7 +2,7 @@
 title: Family options in Windows Security
 description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md

@@ -2,7 +2,7 @@
 title: Firewall and network protection in Windows Security
 description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Firewall and network protection

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md

@@ -2,7 +2,7 @@
 title: Hide notifications from Windows Security
 description: Prevent Windows Security notifications from appearing on user endpoints
 ms.date: 07/31/2023
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Hide Windows Security notifications

windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md

@@ -2,7 +2,7 @@
 title: Virus and threat protection in Windows Security
 description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Virus and threat protection

windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md

@@ -2,7 +2,7 @@
 title: Windows Security
 description: Windows Security brings together common Windows security features into one place.
 ms.date: 08/11/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Security

windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md

@@ -6,7 +6,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/31/2017
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Mitigate threats by using Windows 10 security features