Formerly Device Guard, User Mode Code Integrity (UMCI) has been renamed to Windows Defender Application Control (WDAC) to simplify understanding. It is integrated into Windows 10 and defined by policy configuration files. Microsoft states that WDAC should be used together with AppLocker to control what applications and libraries are allowed to be executed. Currently, there are not many customers out there who have actually even tried to enforce code integrity policies, as they are even harder to control and maintain. The following article explains the biggest challenges with setting up WDAC: http://www.exploit-monday.com/2018/06/device-guard-and-application.html.
A complete guidance can be found at the following links. A project to set up WDAC for a complete environment can easily end up being a project that takes more than a year. It is recommended to take a look at other technical controls beforehand:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
https://posts.specterops.io/threat-detection-using-windows-defender-application-control-device-guard-in-audit-mode-602b48cd1c11
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
https://posts.specterops.io/threat-detection-using-windows-defender-application-control-device-guard-in-audit-mode-602b48cd1c11