Merged PR 10698: fixed hard-based isolation

fixed hard-based isolation
2025-05-15 06:47:21 +00:00 · 2018-08-17 21:21:30 +00:00 · 2018-08-17 21:21:30 +00:00 · fcd0ce4809
commit fcd0ce4809
parent 7ccc2ffb64 d415e63a64
12 changed files with 124 additions and 104 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -11,6 +11,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md",
 "redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows",
 "redirect_document_id": true
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -4,7 +4,9 @@

 ### [Overview](windows-defender-atp/overview.md)
 #### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
-##### [Hardware-based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
+##### [Hardware-based isolation](windows-defender-atp/overview-hardware-based-isolation.md)
+###### [Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)
+###### [System Guard](windows-defender-atp/how-hardware-based-containers-help-protect-windows.md)
 ##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
 ##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
 ##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -19,7 +19,7 @@ Windows Defender Advanced Threat Protection (ATP) is a unified platform for prev
 <td><center><a href="#edr"><img src="images/edr_icon.png"><br> <b>Endpoint detection and response</b></a></center></td>
 <td><center><a href="#ai"><img src="images/AR_icon.png"><br> <b>Auto investigation and remediation</b></a></center></td>
 <td><center><a href="#ss"><img src="images/SS_icon.png"><br><b>Secure score</b></a></center></td>
-<td><center><img src="images/AH_icon.png"><a href="#ah"><b>Advanced hunting</b></a></center></td>
+<td><center><img src="images/AH_icon.png"><a href="#ah"><br><b>Advanced hunting</b></a></center></td>
 </tr>
 <tr>
 <td colspan="6">
@ -37,22 +37,22 @@ Windows Defender Advanced Threat Protection (ATP) is a unified platform for prev
 **Attack surface reduction**<br>
 The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 

- [Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) 
- [Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)
- [Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)
- [Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
- [Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)
- [Attack surface reducation controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
+- [Hardware based isolation](/windows-defender-atp/overview-hardware-based-isolation.md) 
+- [Application control](/windows-defender-application-control/windows-defender-application-control.md)
+- [Exploit protection](/windows-defender-exploit-guard/windows-defender-exploit-guard.md)
+- [Network protection](/windows-defender-exploit-guard/network-protection-exploit-guard.md)
+- [Controlled folder access](/windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
+- [Network firewall](/windows-firewall/windows-firewall-with-advanced-security.md)
+- [Attack surface reducation controls](/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)

 <a name="ngp"></a>

 **Next generation protection**<br>
 To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.

- [Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) 
- [Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus) 
- [Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
+- [Antivirus](/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) 
+- [Machine learning](/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) 
+- [Automated sandbox service](/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)


 <a name="edr"></a>
@ -61,34 +61,34 @@ To further reinforce the security perimeter of your network, Windows Defender AT

 Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 

- [Alerts](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)
- [Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)
- [Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
- [API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)
- [Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)
- [Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)
- [Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)
- [Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)
+- [Alerts](/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+- [Historical endpoint data](/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+- [Realtime and historical threat hunting](/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
+- [API and SIEM integration](/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
+- [Response orchestration](/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+- [Forensic collection](/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+- [Threat intelligence](/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+- [Advanced detonation and analysis service](/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis.md)

 <a name="ai"></a>

 **Auto investigation and remediation**<br>
 In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 

- [Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
- [Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)
- [Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)
- [Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)
+- [Automated investigation and remediation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
+- [Threat remediation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#how-threats-are-remediated)
+- [Manage automated investigations](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#manage-automated-investigations)
+- [Analyze automated investigation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#analyze-automated-investigations)

 <a name="sp"></a>

 **Secure score**<br>

 Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Asset inventory](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)
- [Recommended improvement actions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)
- [Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)
- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection)
+- [Asset inventory](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [Recommended improvement actions](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [Secure score](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [Threat analytics](/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)

 <a name="hunt"></a>

@ -102,19 +102,19 @@ Create custom threat intelligence and use a powerful search and query tool to hu

 **Management and APIs**<br>
 Integrate Windows Defender Advanced Threat Protection into your existing workflows.
- [Onboarding](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection)
- [Configuration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection)
- [Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)
- [SIEM connectors](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection) 
- [Exposed APIs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection)
- [RBAC](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)
- [Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)
+- [Onboarding](/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
+- [Configuration](/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
+- [Operating system baseline compliance](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+- [SIEM connectors](/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) 
+- [Exposed APIs](/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+- [RBAC](/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
+- [Reporting and trends](/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)

 <a name="mtp"></a>

 **Microsoft threat protection** <br>
 Bring the power of Microsoft threat protection to your organization.
- [Conditional access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
+- [Conditional access](/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
 - [O365 ATP](/windows-defender-atp/threat-protection-integration.md)
 - [Azure ATP](/windows-defender-atp/threat-protection-integration.md)
 - [Azure Security Center](/windows-defender-atp/threat-protection-integration.md)
@ -125,6 +125,21 @@ Bring the power of Microsoft threat protection to your organization.



+![Windows Defender ATP components](images/wdatp-pillars2.png)
+
+Windows Defender ATP is a unified endpoint security platform using built-in, unified security technologies powered by the cloud. 
+
+
+
+
+Attack surface reduction | Next generation protection | Endpoint detection and response | Auto investigation | Security posture | Advanced hunting | Management and APIs | Microsoft threat protection
+:---|:---|:---|:---|:---|:---|:---|:---
+[Hardware based isolation](/windows-defender-application-guard/wd-app-guard-overview.md)<br><br> [Application control](/windows-defender-application-control/windows-defender-application-control.md)<br><br> [Exploit protection](/windows-defender-exploit-guard/windows-defender-exploit-guard.md)<br><br> [Network protection](/windows-defender-exploit-guard/network-protection-exploit-guard.md)<br> <br>[Controlled folder access](/windows-defender-exploit-guard/controlled-folders-exploit-guard.md)<br><br>[Network firewall](/windows-firewall/windows-firewall-with-advanced-security.md)<br><br>[Attack surface reducation controls](/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)| [Antivirus](/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)<br><br> [Machine learning](/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) [Automated sandbox service](/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)| [Alerts queue](/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)<br><br> [Historical endpoint data](/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)<br><br>[Realtime and historical threat hunting](/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)<br><br>[API and SIEM integration](/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)<br><br>[Response orchestration](/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)<br><br>[Forensic collection](/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)<br><br>[Threat intelligence](/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)<br><br>[Advanced detonation and analysis service](/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)<br><br>| [Automated investigation and remediation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)<br><br>[Threat remediation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#how-threats-are-remediated)<br><br>[Manage automated investigations](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#manage-automated-investigations)<br><br>[Analyze automated investigation](/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md#analyze-automated-investigations)|[Asset inventory](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)<br><br>[Recommended improvement actions](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)<br><br>[Secure score](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)<br><br>[Threat analytics](/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)| [Realtime and historical threat hunting](/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)<br><br>Scheduled queries <br><br> Scheduled queries (Github) <br><br> [Custom TI](/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) | [Onboarding](/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)<br><br> [Configuration](/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)<br><br> [Operating system baseline compliance](/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)<br><br>[SIEM connectors](/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)<br><br>[Exposed APIs](/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)<br><br>[RBAC](/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)<br><br>[Reportin and trends](/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)| [Conditional access](/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)<br><br>[O365 ATP](/windows-defender-atp/threat-protection-integration.md)<br><br>[Azure ATP](/windows-defender-atp/threat-protection-integration.md)<br><br>[Azure Security Center](/windows-defender-atp/threat-protection-integration.md)<br><br>[Skype for Business](/windows-defender-atp/threat-protection-integration.md)<br><br>[Microsoft Cloud App Security](/windows-defender-atp/threat-protection-integration.md)
+
+
+
+
+



--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@ -3,7 +3,9 @@

 ## [Overview](overview.md)
 ### [Attack surface reduction](overview-attack-surface-reduction.md)
-#### [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
+#### [Hardware-based isolation](overview-hardware-based-isolation.md)
+##### [Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
+##### [System Guard](how-hardware-based-containers-help-protect-windows.md)
 #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
 #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
 #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
--- a/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md
--- a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png
+++ b/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-boot-time-integrity.png
--- a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png
+++ b/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard-validate-system-integrity.png
--- a/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard.png
+++ b/windows/security/threat-protection/windows-defender-atp/images/windows-defender-system-guard.png
--- a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
@ -23,7 +23,7 @@ Attack surface reduction capabilities in Windows Defender ATP helps protect the

 | Capability | Description |
 |------------|-------------|
-| [Hardware-based isolation](../windows-defender-application-guard//wd-app-guard-overview.md) | protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious wbsites. |
+| [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious wbsites. |
 | [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. |
 | [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) | Applies exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV) |
 | [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) | Extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV. | 
--- a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md
@ -0,0 +1,26 @@
+---
+title: Hardware-based isolation (Windows 10)
+description: Learn about how hardware-based isolation in Windows 10 helps to combat malware.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+author: justinha
+ms.author: justinha
+ms.date: 08/16/2018
+---
+
+# Hardware-based isolation in Windows 10
+
+**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Hardware-based isolation helps protect system integrity in Windows 10 and is integreated with Windows Defender ATP. 
+
+| Feature | Description |
+|------------|-------------|
+| [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) | Isolates untrusted sites and protects your company while your employees browse the Internet. |
+| [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md) | Protects and maintains the integrity of the system  |
+
+
+
+
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
@ -16,51 +16,31 @@ ms.date: 08/08/2018



-# Enable Exploit protection
+# Enable exploit protection


 **Applies to:**

 - Windows Defender Advanced Threat Protection (Windows Defender ATP)

-
-
-
-
-
-
-
-
-
-
-
-
-
-
 Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.

-Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in Exploit protection. 
+Many of the features that were part of the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection. 

-It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
+## Enable and audit exploit protection

+You enable and configure each exploit protection mitigation separately. Some mitigations apply to the entire operating system, while others can be targeted towards specific apps. 

+The mitigations available in exploit protection are enabled or configured to their default values automatically in Windows 10. However, you can customize the configuration to suit your organization and then deploy that configuration across your network. 

-## Enable and audit Exploit protection
-
-You enable and configure each Exploit protection mitigation separately. Some mitigations apply to the entire operating system, while others can be targeted towards specific apps. 
-
-The mitigations available in Exploit protection are enabled or configured to their default values automatically in Windows 10. However, you can customize the configuration to suit your organization and then deploy that configuration across your network. 
-
-You can also set mitigations to audit mode. Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
-
-For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+You can also set mitigations to [audit mode](audit-windows-defender-exploit-guard.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.

 >[!WARNING] 
->Some security mitigation technologies may have compatibility issues with some applications. You should test Exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
+>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using audit mode before deploying in production.

-You can also convert an existing EMET configuration file (in XML format) and import it into Exploit protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using.
+You can also convert an existing EMET configuration file (in XML format) and import it into exploit protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using.

-See the following topics for instructions on configuring Exploit protection mitigations and importing, exporting, and converting configurations:
+See the following topics for instructions on configuring exploit protection mitigations and importing, exporting, and converting configurations:

 1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md)
 2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md).
@ -68,11 +48,10 @@ See the following topics for instructions on configuring Exploit protection miti

 ## Related topics

- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
 - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
- [Evaluate Exploit protection](evaluate-exploit-protection.md)
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+- [Evaluate exploit protection](evaluate-exploit-protection.md)
+- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)



--- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
@ -1,6 +1,6 @@
 ---
-title: See how Exploit protection works in a demo
-description: See how Exploit protection can prevent suspicious behaviors from occurring on specific apps.
+title: See how exploit protection works in a demo
+description: See how exploit protection can prevent suspicious behaviors from occurring on specific apps.
 keywords: Exploit protection, exploits, kernel, events, evaluate, demo, try, mitigiation
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -16,39 +16,27 @@ ms.date: 05/30/2018



-# Evaluate Exploit protection
+# Evaluate exploit protection

 **Applies to:**

 - Windows Defender Advanced Threat Protection (Windows Defender ATP)


-
-
-
-
-
-
-
-
-
-
-
-
 Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.

-Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in Exploit protection. 
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/en-us/security/jj653751) are included in exploit protection. 

-This topcs helps you evaluate Exploit protection. See the [Exploit protection topic](exploit-protection-exploit-guard.md) for more information on what Exploit protection does and how to configure it for real-world deployment.
+This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see [Exploit protection](exploit-protection-exploit-guard.md) .

 >[!NOTE]
 >This topic uses PowerShell cmdlets to make it easy to enable the feature and test it. 
->For instructions on how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see the main [Exploit protection topic](exploit-protection-exploit-guard.md) .
+>For instructions about how to use Group Policy and Mobile Device Management (MDM to deploy these settings across your network, see [Exploit protection](exploit-protection-exploit-guard.md).

 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.

-## Enable and validate an Exploit protection mitigation
+## Enable and validate an exploit protection mitigation

 For this demo you will enable the mitigation that prevents child processes from being created. You'll use Internet Explorer as the parent app.

@ -62,11 +50,11 @@ First, enable the mitigation using PowerShell, and then confirm that it has been
    Set-ProcessMitigation -Name iexplore.exe -Enable DisallowChildProcessCreation
    ```

-1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open Windows Security by clicking the shield icon in the task bar or searching the Start menu for **Defender**.

 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen.

-3.	Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.
+3. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.

 4. Find the **Do not allow child processes** setting and make sure that **Override System settings** is enabled and the switch is set to **On**.

@ -80,20 +68,20 @@ Now that you know the mitigation has been enabled, you can test to see if it wor

 Lastly, we can disable the mitigation so that Internet Explorer works properly again:

-1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open Windows Security by clicking the shield icon in the task bar or searching the Start menu for **Defender**.

 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then **Exploit protection settings** at the bottom of the screen.

-3.	Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.
+3. Go to the **Program settings** section, scroll down, click **iexplore.exe**, and then **Edit**.

 4. Find the **Do not allow child processes** setting and set the switch to **Off**. Click **Apply**

 5. Validate that Internet Explorer runs by running it from the run dialog box again. It should open as expected.


-## Review Exploit protection events in Windows Event Viewer
+## Review exploit protection events in Windows Event Viewer

-You can now review the events that Exploit protection sent to the Windows Event log to confirm what happened. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-attack-surface-reduction-events).
+You can now review the events that exploit protection sent to the Windows Event Viewer to confirm what happened. You can use the custom view below or [locate them manually](event-views-exploit-guard.md#list-of-attack-surface-reduction-events).

 1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.

@ -105,7 +93,7 @@ You can now review the events that Exploit protection sent to the Windows Event

 4. Click **OK**.

-5. This will create a custom view that filters to only show the following events related to Exploit protection, which are all listed in the [Exploit protection](exploit-protection-exploit-guard.md) topic.
+5. This will create a custom view that filters to only show the events related to exploit protection.

 6. The specific event to look for in this demo is event ID 4, which should have the following or similar information:

@ -114,21 +102,24 @@ You can now review the events that Exploit protection sent to the Windows Event

 ## Use audit mode to measure impact

-As with other Windows Defender EG features, you can enable Exploit protection in audit mode. You can enable audit mode for individual mitigations.
+You can enable exploit protection in audit mode. You can enable audit mode for individual mitigations.

 This lets you see a record of what *would* have happened if you had enabled the mitigation.

 You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.

-See the [**PowerShell reference** section in the Customize Exploit protection topic](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
+See the [**PowerShell reference** section in customize exploit protection](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.

-For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+For further details on how audit mode works, and when you might want to use it, see [audit Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md).



 ## Related topics
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
 - [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
- [Enable Exploit protection](enable-exploit-protection.md)
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+- [Enable exploit protection](enable-exploit-protection.md)
+- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
+- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
+- [Enable network protection](enable-network-protection.md)
+- [Enable controlled folder access](enable-controlled-folders-exploit-guard.md)
+- [Enable attack surface reduction](enable-attack-surface-reduction.md)
+