Merge pull request #2485 from MicrosoftDocs/6431-fix

GitHub Issue 6431 fix

windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md

@@ -28,7 +28,7 @@ See [System requirements for Windows Defender Application Guard](https://docs.mi
 ## Prepare for Windows Defender Application Guard 
 Before you can install and use Windows Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
 
-**Standalone mode**
+### Standalone mode
 
 Applies to:
 - Windows 10 Enterprise edition, version 1709 or higher
@@ -36,7 +36,7 @@ Applies to:
 
 Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode,   you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-wd-app-guard.md) testing scenario.
 
-**Enterprise-managed mode** 
+## Enterprise-managed mode
 
 Applies to:
 - Windows 10 Enterprise edition, version 1709 or higher
@@ -47,9 +47,11 @@ The following diagram shows the flow between the host PC and the isolated contai
 ![Flowchart for movement between Microsoft Edge and Application Guard](images/application-guard-container-v-host.png)
 
 ## Install Application Guard
-Application Guard functionality is turned off by default. However, you can quickly install it on your employee’s devices through the Control Panel, PowerShell, or your mobile device management (MDM) solution.
 
-**To install by using the Control Panel**
+Application Guard functionality is turned off by default. However, you can quickly install it on your employee's devices through the Control Panel, PowerShell, or your mobile device management (MDM) solution.
+
+### To install by using the Control Panel
+
 1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**.
 
     ![Windows Features, turning on Windows Defender Application Guard](images/turn-windows-features-on.png)
@@ -58,12 +60,11 @@ Application Guard functionality is turned off by default. However, you can quick
 
    Application Guard and its underlying dependencies are all installed.
 
-**To install by using PowerShell**
+### To install by using PowerShell
 
 >[!NOTE]
 >Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
 
-
 1. Click the **Search** or **Cortana** icon in the Windows 10 taskbar and type **PowerShell**.
    
 2. Right-click **Windows PowerShell**, and then click **Run as administrator**.
@@ -79,3 +80,46 @@ Application Guard functionality is turned off by default. However, you can quick
 
    Application Guard and its underlying dependencies are all installed.
 
+### To install by using Intune
+
+> [!IMPORTANT]
+> Make sure your organization's devices meet [requirements](reqs-wd-app-guard.md) and are [enrolled in Intune](https://docs.microsoft.com/mem/intune/enrollment/device-enrollment).
+
+:::image type="complex" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Endpoint protection profile":::
+
+:::image-end:::
+
+1. Go to [https://endpoint.microsoft.com](https://endpoint.microsoft.com) and sign in.
+
+2. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
+
+   a. In the **Platform** list, select **Windows 10 and later**. 
+   
+   b. In the **Profile** list, select **Endpoint protection**. 
+   
+   c. Choose **Create**.
+
+4. Specify the following settings for the profile:
+
+   - **Name** and **Description**
+
+   - In the **Select a category to configure settings** section, choose **Microsoft Defender Application Guard**.
+
+   - In the **Application Guard** list, choose **Enabled for Edge**.
+
+   - Choose your preferences for **Clipboard behavior**, **External content**, and the remaining settings.
+
+5. Choose **OK**, and then choose **OK** again.
+
+6. Review your settings, and then choose **Create**.
+
+7. Choose **Assignments**, and then do the following:
+
+   a. On the **Include** tab, in the **Assign to** list, choose an option.
+
+   b. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
+
+   c. Click **Save**.
+
+After the profile is created, any devices to which the policy should apply will have Windows Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.
+

windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md

@@ -8,7 +8,6 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 03/15/2019
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -28,9 +27,9 @@ We've come up with a list of scenarios that you can use to test hardware-based i
 
 You can see how an employee would use standalone mode with Application Guard.
 
-**To test Application Guard in Standalone mode**
+### To test Application Guard in Standalone mode
 
-1.	[Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard).
+1.    [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard).
 
 2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu.
 
@@ -84,11 +83,11 @@ Before you can use Application Guard in enterprise mode, you must install Window
 
 6. Start Microsoft Edge and type <em>www.microsoft.com</em>.
     
-    After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you’ve marked as trusted and shows the site directly on the host PC instead of in Application Guard.
+    After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you've marked as trusted and shows the site directly on the host PC instead of in Application Guard.
 
     ![Trusted website running on Microsoft Edge](images/appguard-turned-on-with-trusted-site.png)
 
-7. In the same Microsoft Edge browser, type any URL that isn’t part of your trusted or neutral site lists.
+7. In the same Microsoft Edge browser, type any URL that isn't part of your trusted or neutral site lists.
  
    After you submit the URL, Application Guard determines the URL is untrusted and redirects the request to the hardware-isolated environment.
 
@@ -109,7 +108,7 @@ Application Guard provides the following default behavior for your employees:
 You have the option to change each of these settings to work with your enterprise from within Group Policy.
 
 **Applies to:**
-- Windows 10 Enterpise edition, version 1709 or higher
+- Windows 10 Enterprise edition, version 1709 or higher
 - Windows 10 Professional edition, version 1803
 
 #### Copy and paste options
@@ -169,10 +168,10 @@ You have the option to change each of these settings to work with your enterpris
     The previously added site should still appear in your **Favorites** list.
 
     >[!NOTE]
-    >If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren’t shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10.<br><br>If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br><br>**To reset the container, follow these steps:**<br/>1. Open a command-line program and navigate to Windows/System32.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
+    >If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10.<br><br>If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br><br>**To reset the container, follow these steps:**<br/>1. Open a command-line program and navigate to Windows/System32.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
     
 **Applies to:**
-- Windows 10 Enterpise edition, version 1803
+- Windows 10 Enterprise edition, version 1803
 - Windows 10 Professional edition, version 1803
 
 #### Download options
@@ -202,7 +201,7 @@ You have the option to change each of these settings to work with your enterpris
 4. Assess the visual experience and battery performance. 
 
 **Applies to:**
-- Windows 10 Enterpise edition, version 1809
+- Windows 10 Enterprise edition, version 1809
 - Windows 10 Professional edition, version 1809
 
 #### File trust options