diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 2dbb97d08c..0897f1666a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -428,6 +428,7 @@ ms.date: 10/08/2020
 - [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
+- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
 - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
 - [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
 - [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 49be680162..a4847a452f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1676,6 +1676,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### ADMX_LocationProviderAdm policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1" id="admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin</a>
+  </dd>
+<dl>
+
 ### ADMX_Logon policies  
 
 <dl>
@@ -6065,6 +6073,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### Feeds policies
+<dl>
+  <dd>
+    <a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
 ### FileExplorer policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
new file mode 100644
index 0000000000..c1280d5f04
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -0,0 +1,112 @@
+---
+title: Policy CSP - ADMX_LocationProviderAdm
+description: Policy CSP - ADMX_LocationProviderAdm
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.date: 09/20/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_LocationProviderAdm
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_LocationProviderAdm policies  
+
+<dl>
+  <dd>
+    <a href="#admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-locationprovideradm-disablewindowslocationprovider_1"></a>**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting turns off the Windows Location Provider feature for this computer.  
+
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.  
+
+- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Turn off Windows Location Provider*
+-   GP name: *DisableWindowsLocationProvider_1*
+-   GP path: *Windows Components\Location and Sensors\Windows Location Provider*
+-   GP ADMX file name: *LocationProviderAdm.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+> [!NOTE]
+> These policies are currently only available as part of a Windows Insider release.
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index ff50ae9cb0..61abaceb22 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -37,9 +37,6 @@ manager: dansimp
   <dd>
     <a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
   </dd>
-  <dd>
-    <a href="#experience-allownewsandinterestsonthetaskbar">Experience/AllowNewsAndInterestsOnTheTaskbar</a>
-  </dd>
   <dd>
     <a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
   </dd>
@@ -105,28 +102,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -184,28 +187,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -252,28 +261,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -314,28 +329,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -384,28 +405,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -442,65 +469,6 @@ The following list shows the supported values:
 
 <hr/>
 
-
-<!--Policy-->
-<a href="" id="experience-allownewsandinterestsonthetaskbar"></a>**Experience/AllowNewsAndInterestsOnTheTaskbar**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Machine
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Specifies whether to allow "News and interests" on the Taskbar.
-
-<!--/Description-->
-<!--SupportedValues-->
-The values for this policy are 1 and 0. This policy defaults to 1.
-
-- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
-
-- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
 <!--Policy-->
 <a href="" id="experience-allowsaveasofofficefiles"></a><b>Experience/AllowSaveAsOfOfficeFiles</b>
 
@@ -531,28 +499,34 @@ This policy is deprecated.
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -589,28 +563,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -665,28 +645,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -735,28 +721,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -808,28 +800,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -880,28 +878,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -951,28 +955,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1021,28 +1031,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1093,28 +1109,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1159,28 +1181,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1217,28 +1245,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1286,28 +1320,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1356,28 +1396,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1426,28 +1472,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1512,36 +1564,40 @@ _**Turn syncing off by default but don’t disable**_
 <!--/Validation-->
 <!--/Policy-->
 
-<hr/>
-
 <!--Policy-->
 <a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**  
 
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
@@ -1615,28 +1671,34 @@ Validation procedure:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
 </tr>
 <tr>
     <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 <tr>
     <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
+    <td>Yes</td>
 </tr>
 </table>
 
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
new file mode 100644
index 0000000000..0f683d9be9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -0,0 +1,103 @@
+---
+title: Policy CSP - Feeds
+description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
+ms.author: v-nsatapathy
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nimishasatapathy
+ms.localizationpriority: medium
+ms.date: 09/17/2021
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Feeds
+
+
+<hr/>
+
+<!--Policies-->
+## Feeds policies  
+
+<dl>
+  <dd>
+    <a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>No</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Machine
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting specifies whether news and interests is allowed on the device.
+
+The values for this policy are 1 and 0. This policy defaults to 1.
+
+- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
+
+- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Enable news and interests on the taskbar*
+-   GP name: *FeedsEnabled*
+-   GP path: *Windows Components\News and interests*
+-   GP ADMX file name: *Feeds.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 9d8ff38c27..22e27a3a21 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -480,7 +480,7 @@ items:
             - name: ADMX_Explorer
               href: policy-csp-admx-explorer.md
             - name: ADMX_ExternalBoot
-              href: policy-csp-admx-externalboot.md  
+              href: policy-csp-admx-externalboot.md 
             - name: ADMX_FileRecovery
               href: policy-csp-admx-filerecovery.md
             - name: ADMX_FileRevocation
@@ -519,6 +519,8 @@ items:
               href: policy-csp-admx-leakdiagnostic.md  
             - name: ADMX_LinkLayerTopologyDiscovery
               href: policy-csp-admx-linklayertopologydiscovery.md
+            - name: ADMX_LocationProviderAdm
+              href: policy-csp-admx-locationprovideradm.md  
             - name: ADMX_Logon
               href: policy-csp-admx-logon.md
             - name: ADMX_MicrosoftDefenderAntivirus
@@ -713,6 +715,8 @@ items:
               href: policy-csp-experience.md
             - name: ExploitGuard
               href: policy-csp-exploitguard.md
+            - name: Feeds
+              href: policy-csp-feeds.md
             - name: FileExplorer
               href: policy-csp-fileexplorer.md
             - name: Games
diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md
index eb178f7528..ac67414ec6 100644
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@@ -7,9 +7,9 @@ audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.reviewer: 
+ms.reviewer: kaushika
 manager: laurawi
-ms.topic: article
+ms.topic: troubleshooting
 ms.custom: seo-marvel-apr2020
 ---
 
@@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020
 
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
+## 0x8024402F
 
-|                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
-|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
-|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
-|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
-|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
-|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
-| 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
-|                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
-|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
-|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
-|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
-|                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
-|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
-|                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
-|                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
-|                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
-|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
+
+## 0x80242006
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
+
+## 0x80070BC9
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
+
+## 0x80200053
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
+
+## 0x80072EFD or 0x80072EFE or 0x80D02002
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
+
+## 0X8007000D
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. |
+
+## 0x8024A10A
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. |
+
+## 0x80240020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. |
+
+## 0x80242014
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. |
+
+## 0x80246017
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content.  | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
+
+## 0x8024000B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
+
+## 0x8024000E
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. |
+
+## 0x8024D009
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
+
+## 0x80244007
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
+
+## 0x80070422
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.<br> |
+
+## 0x800f0821
+
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
+
+## 0x800f0825
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
+
+## 0x800F0920
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding.  Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
+
+## 0x800f081f
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
+
+## 0x800f0831
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair the component store with **Dism RestoreHealth** or manually repair with   the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.  |
+
+## 0x80070005
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
+
+## 0x80070570
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.|
+
+
+## 0x80070003
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. |
+
+
+## 0x80070020
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
+
+## 0x80073701
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
+
+## 0x8007371b
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
+
+## 0x80072EFE
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.<br> From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE* <br> Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure you’re using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
+
+## 0x80072F8F
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/). 
+
+## 0x80072EE2
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://ntservicepack.microsoft.com |
+
+## 0x80240022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
+
+## 0x8024401B
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error. <br> Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN. <br> Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
+
+
+## 0x80244022
+
+| Message | Description | Mitigation |
+|---------|-------------|------------|
+| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 28a4b42d08..f5b01ce6aa 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4777(F): The domain controller failed to validate the credentials for an account.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4776](event-4776.md) failure event is generated instead.
 
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index 8293e41487..f7278c0017 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4778(S): A session was reconnected to a Window Station.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4778.png" alt="Event 4778 illustration" width="449" height="491" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 29836498cc..3f34f106e4 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4779(S): A session was disconnected from a Window Station.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4779.png" alt="Event 4779 illustration" width="449" height="504" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 00faedae10..94b8733eab 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4780(S): The ACL was set on accounts which are members of administrators groups.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Every hour, the domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative or security-sensitive groups and which have AdminCount attribute = 1 against the ACL on the [AdminSDHolder](/previous-versions/technet-magazine/ee361593(v=msdn.10)) object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated.
 
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 2adb3bcac5..0e7051d0c0 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4781(S): The name of an account was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4781.png" alt="Event 4781 illustration" width="449" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index e0ecc19336..0d7d285e29 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4782(S): The password hash of an account was accessed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4782.png" alt="Event 4782 illustration" width="449" height="407" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index 4b75a802d5..d471201647 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4793(S): The Password Policy Checking API was called.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4793.png" alt="Event 4793 illustration" width="449" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 6e585048c1..6901d09cbe 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4794.png" alt="Event 4794 illustration" width="449" height="418" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 3fddfd9b65..15a1328384 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4798(S): A user's local group membership was enumerated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4798.png" alt="Event 4798 illustration" width="438" height="402" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 18b337fcdc..92441ae64b 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4799(S): A security-enabled local group membership was enumerated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4799.png" alt="Event 4799 illustration" width="438" height="402" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index 92c543f8b0..2e468c9d92 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4800(S): The workstation was locked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4800.png" alt="Event 4800 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index ed7c8ec85c..7da15cbbe7 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4801(S): The workstation was unlocked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4801.png" alt="Event 4801 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 9f5fa2b8e3..7ea6add001 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4802(S): The screen saver was invoked.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4802.png" alt="Event 4802 illustration" width="449" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 20304e4527..4971789fd3 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4803(S): The screen saver was dismissed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4803.png" alt="Event 4803 illustration" width="449" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 9e36c52bb1..a2c127435d 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4816(S): RPC detected an integrity violation while decrypting an incoming message.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This message generates if RPC detected an integrity violation while decrypting an incoming message.
 
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 0b0fc16bf7..3744b68704 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4817(S): Auditing settings on object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4817.png" alt="Event 4817 illustration" width="616" height="480" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 05266e39e5..c71a145e05 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4818.png" alt="Event 4818 illustration" width="727" height="725" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 3751b39e45..f3acc685b2 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4819(S): Central Access Policies on the machine have been changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4819.png" alt="Event 4819 illustration" width="449" height="540" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 2e78b4c653..27f8cbeb41 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4826(S): Boot Configuration Data loaded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4826.png" alt="Event 4826 illustration" width="438" height="494" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index ca1995291e..aec977eddd 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4864(S): A namespace collision was detected.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is generated when a namespace collision was detected.
 
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 063eb88afc..994d2407a3 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4865(S): A trusted forest information entry was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4865.png" alt="Event 4865 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 922d662887..ad75bb1d68 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4866(S): A trusted forest information entry was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4866.png" alt="Event 4866 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index a8fdb4a693..e82918ba71 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4867(S): A trusted forest information entry was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4867.png" alt="Event 4867 illustration" width="449" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index d5a7640b84..67d2817434 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4902(S): The Per-user audit policy table was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4902.png" alt="Event 4902 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index 268606eab6..0a72ca6e45 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4904(S): An attempt was made to register a security event source.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4904.png" alt="Event 4904 illustration" width="449" height="462" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index 65338f9f64..2bc2194af3 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4905(S): An attempt was made to unregister a security event source.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4905.png" alt="Event 4905 illustration" width="449" height="458" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 49269c1eb3..5f8556c594 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4906(S): The CrashOnAuditFail value has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4906.png" alt="Event 4906 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index e8f78c11b1..54960760dd 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4907(S): Auditing settings on object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4907.png" alt="Event 4907 illustration" width="643" height="542" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index 3a12a949e0..4b00b7dc48 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4908(S): Special Groups Logon table modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4908.png" alt="Event 4908 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index 9c3b067418..77f5ddd123 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4909(-): The local policy settings for the TBS were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index 948c3a6dab..0c3e27cbcd 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4910(-): The group policy settings for the TBS were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index cf47c889e0..34506e27c7 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4911(S): Resource attributes of the object were changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4911.png" alt="Event 4911 illustration" width="545" height="541" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index e4bc6d9d43..cd13c3c6ed 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4912(S): Per User Audit Policy was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4912.png" alt="Event 4912 illustration" width="471" height="478" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index 51ff7291cb..88f5b9912c 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4913(S): Central Access Policy on the object was changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4913.png" alt="Event 4913 illustration" width="648" height="557" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index 166bc42cf3..c771de77c7 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4928(S, F): An Active Directory replica source naming context was established.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4928.png" alt="Event 4928 illustration" width="449" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index ab04f9ab17..8befaf8042 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4929(S, F): An Active Directory replica source naming context was removed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4929.png" alt="Event 4929 illustration" width="500" height="374" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index 3897b1bd01..9b7133cbec 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4930(S, F): An Active Directory replica source naming context was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4930.png" alt="Event 4930 illustration" width="448" height="333" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index dfb00ceb91..9be2c0b308 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4931(S, F): An Active Directory replica destination naming context was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4931.png" alt="Event 4931 illustration" width="500" height="374" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index 13f42ce386..2fe1488145 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4932(S): Synchronization of a replica of an Active Directory naming context has begun.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4932.png" alt="Event 4932 illustration" width="774" height="363" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index b4f0784a45..763c17876e 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4933.png" alt="Event 4933 illustration" width="773" height="377" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index ffc4b9b4a3..edfe9bb645 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4934(S): Attributes of an Active Directory object were replicated.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when attributes of an Active Directory object were replicated.
 
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index f2910784e6..6473cffbe6 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4935(F): Replication failure begins.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4935.png" alt="Event 4935 illustration" width="448" height="312" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 3f808bf11d..e87cf4d53e 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4936(S): Replication failure ends.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when Active Directory replication failure ends.
 
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index 2775be1c5d..6c1f85f0a7 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4937(S): A lingering object was removed from a replica.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when a [lingering object](https://support.microsoft.com/kb/910205) was removed from a replica.
 
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index 3821d18e1b..046a35e163 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4944(S): The following policy was active when the Windows Firewall started.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4944.png" alt="Event 4944 illustration" width="449" height="391" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index da8105bffc..c76d313b14 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4945(S): A rule was listed when the Windows Firewall started.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4945.png" alt="Event 4945 illustration" width="449" height="354" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index 30ae25fd28..4279a425ff 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4946(S): A change has been made to Windows Firewall exception list. A rule was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4946.png" alt="Event 4946 illustration" width="449" height="350" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index b38eef6371..48613fd427 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4947.png" alt="Event 4947 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 5f92a37c6a..6d0290f772 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4948.png" alt="Event 4948 illustration" width="449" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index e304844bc8..50b400ce2d 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4949(S): Windows Firewall settings were restored to the default values.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4949.png" alt="Event 4949 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index 54ead99c65..90fdd4b72d 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4950(S): A Windows Firewall setting has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4950.png" alt="Event 4950 illustration" width="449" height="354" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index 4a2c32b9e2..65357fc8cf 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4951.png" alt="Event 4951 illustration" width="449" height="364" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index 150a0ac97d..abd1012a90 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 When you create or edit a Windows Firewall rule, the settings that you can include depend upon the version of Windows you use when creating the rule. As new settings are added to later versions of Windows or to service packs for existing versions of Windows, the version number of the rules processing engine is updated, and that version number is stamped into rules that are created by using that version of Windows. For example, Windows Vista produces firewall rules that are stamped with version "v2.0". Future versions of Windows might use "v2.1", or "v3.0" to indicate, respectively, minor or major changes and additions.
 
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index 38d9aa6a3d..d35205d2e8 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4953(F): Windows Firewall ignored a rule because it could not be parsed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4953.png" alt="Event 4953 illustration" width="449" height="375" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index 99bb6457e2..f671cef1ef 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4954.png" alt="Event 4954 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index 34d36fa5d0..c56a466f9f 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4956(S): Windows Firewall has changed the active profile.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4956.png" alt="Event 4956 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index 8b822ee84c..a34de9e92f 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4957(F): Windows Firewall did not apply the following rule.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4957.png" alt="Event 4957 illustration" width="449" height="365" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index 05922fd7a7..7bb37f579a 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows Firewall with Advanced Security processed a rule that contains parameters that cannot be resolved on the local computer. The rule is therefore not enforceable on the computer and so is excluded from the runtime state of the firewall. This is not necessarily an error. Examine the rule for applicability on the computers to which it was applied.
 
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index 0ee97ac194..b83f63788a 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4964(S): Special groups have been assigned to a new logon.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4964.png" alt="Event 4964 illustration" width="448" height="419" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index c57db1916e..ee97d237fc 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 4985(S): The state of a transaction has changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-4985.png" alt="Event 4985 illustration" width="468" height="473" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index b24cd95e31..6f42905b26 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5024(S): The Windows Firewall Service has started successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5024.png" alt="Event 5024 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index a9a3c5e14b..51c4600f15 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5025(S): The Windows Firewall Service has been stopped.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5025.png" alt="Event 5025 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index 4ea2177c6b..85afaa1f92 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5027.png" alt="Event 5027 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index 9ab51ca985..8835c0a855 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5028.png" alt="Event 5028 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index 46d9b7b3e7..6e8bfab573 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs an error if either the Windows Firewall service or its driver fails to start, or if they unexpectedly terminate. The error message indicates the cause of the service failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index de68bc30db..175e125235 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5030(F): The Windows Firewall Service failed to start.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if the Windows Firewall service fails to start, or if it unexpectedly terminates. The error message indicates the cause of the service failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index df9881e050..8a10a69008 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -10,17 +10,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
+ms.date: 09/08/2021
 ms.technology: mde
 ---
 
 # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
--   Windows Server 2012 R2
--   Windows Server 2012
-
 
 <img src="images/event-5031.png" alt="Event 5031 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index a356c6ba72..235d9fd8d3 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future.
 
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index 05552da629..e664ac846b 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5033(S): The Windows Firewall Driver has started successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5033.png" alt="Event 5033 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index 7cef4c54e0..e447aeb0e7 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5034(S): The Windows Firewall Driver was stopped.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5034.png" alt="Event 5034 illustration" width="449" height="317" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index 6b9d8a9488..0bc400131b 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5035(F): The Windows Firewall Driver failed to start.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index a189ce3f21..c36c375902 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message.
 
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 2dc28bef2e..996a74d7b5 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
- 
 
 The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
 
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index fda19e5f16..09baf51880 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5039(-): A registry key was virtualized.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event should be generated when registry key was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
 
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index 3ac07671d2..e9e1bea6c6 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5051(-): A file was virtualized.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event should be generated when file was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx).
 
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index a717d05e4a..96af867108 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5056(S): A cryptographic self-test was performed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in CNG Self-Test function. This function is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index c83ca8bd2e..5d686b4510 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5057(F): A cryptographic primitive operation failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in case of CNG primitive operation failure.
 
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index b351ee93e6..319ffe99f0 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5058(S, F): Key file operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5058.png" alt="Event 5058 illustration" width="833" height="502" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 5881e672d5..ff33eba467 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5059(S, F): Key migration operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5059.png" alt="Event 5059 illustration" width="491" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 11b9903d5d..23fa5c78d9 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5060(F): Verification operation failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates when the Cryptographic Next Generation (CNG) verification operation fails.
 
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index 7612017713..919d66a79c 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5061(S, F): Cryptographic operation.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5061.png" alt="Event 5061 illustration" width="486" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index e397844d41..242721afc4 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5062(S): A kernel-mode cryptographic self-test was performed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event occurs rarely, and in some situations may be difficult to reproduce.
 
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index e06e3118a6..020b7ebc4c 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5063(S, F): A cryptographic provider operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in BCryptUnregisterProvider() and BCryptRegisterProvider() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index 077fadf9f7..2532a3b70b 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5064(S, F): A cryptographic context operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptCreateContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatecontext)() and [BCryptDeleteContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptdeletecontext)() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 3a64e39e7f..0bbc9ae5c7 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5065(S, F): A cryptographic context modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptConfigureContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontext)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index 52fca7414b..eebc61873d 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5066(S, F): A cryptographic function operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptAddContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptaddcontextfunction)() and [BCryptRemoveContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptremovecontextfunction)() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 245b241e69..a3ca03be65 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5067(S, F): A cryptographic function modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptConfigureContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontextfunction)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index 1cb02be991..645868eeca 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5068(S, F): A cryptographic function provider operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These are Cryptographic Next Generation (CNG) functions.
 
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index 742188905d..50d95a9aff 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5069(S, F): A cryptographic function property operation was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index 9893a7116b..e279ab685d 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5070(S, F): A cryptographic function property modification was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function.
 
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index 1b62c11bab..d83424aac5 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5136(S): A directory service object was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5136.png" alt="Event 5136 illustration" width="449" height="611" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index 0146958e61..65f8370ad0 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5137(S): A directory service object was created.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5137.png" alt="Event 5137 illustration" width="449" height="532" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index 2553251b75..4fa35c7f07 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5138(S): A directory service object was undeleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5138.png" alt="Event 5138 illustration" width="671" height="573" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index c7f306eab0..43eacd93d9 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5139(S): A directory service object was moved.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5139.png" alt="Event 5139 illustration" width="505" height="547" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 199e5a4cd7..eb389fe767 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5140(S, F): A network share object was accessed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5140.png" alt="Event 5140 illustration" width="449" height="557" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index 7d85f444d4..8da8b7d590 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5141(S): A directory service object was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5141.png" alt="Event 5141 illustration" width="449" height="549" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index d29c26ddc4..b72ef6d776 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5142(S): A network share object was added.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5142.png" alt="Event 5142 illustration" width="449" height="406" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index bc8f827e03..d173059b23 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5143(S): A network share object was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5143.png" alt="Event 5143 illustration" width="740" height="547" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 886dc70759..937bc39ce4 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5144(S): A network share object was deleted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5144.png" alt="Event 5144 illustration" width="449" height="412" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 933ab84191..1bf796cf9f 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5145(S, F): A network share object was checked to see whether client can be granted desired access.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5145.png" alt="Event 5145 illustration" width="591" height="671" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index 23a31eb1a6..1946129b9b 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected.
 
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index 04f6c8747a..467c7145cc 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5149(F): The DoS attack has subsided and normal processing is being resumed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended.
 
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index 7e8b6a5cc1..9d9c830f21 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5150(-): The Windows Filtering Platform blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if the Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index 611541553e..6601b86883 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if a more restrictive Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) has blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index cb8da40be3..d4bcbf8042 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5152(F): The Windows Filtering Platform blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5152.png" alt="Event 5152 illustration" width="497" height="499" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index ce3f53f60d..eee4621b4d 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event is logged if a more restrictive Windows Filtering Platform filter has blocked a packet.
 
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index ea9c8ea638..6d0b939b64 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5154.png" alt="Event 5154 illustration" width="490" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index d00134db41..166520ef13 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 By default Windows firewall won't prevent a port from being listened by an application. In the other word, Windows system will not generate Event 5155 by itself.
 
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index b7aa9709b2..d0af703c34 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5156(S): The Windows Filtering Platform has permitted a connection.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5156.png" alt="Event 5156 illustration" width="491" height="506" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index 73d84e9d53..c20c64f670 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5157(F): The Windows Filtering Platform has blocked a connection.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5157.png" alt="Event 5157 illustration" width="491" height="503" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index d863b08c36..f35938a490 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5158.png" alt="Event 5158 illustration" width="491" height="466" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index fb896131ac..95ac21b41a 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index bb9371baff..5d1e8bf0d8 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5168(F): SPN check for SMB/SMB2 failed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5168.png" alt="Event 5168 illustration" width="575" height="474" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index 3cbb58cf29..1b77d59d7e 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5376(S): Credential Manager credentials were backed up.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5376.png" alt="Event 5376 illustration" width="449" height="404" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index 3be670da7b..82af29b1d7 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5377(S): Credential Manager credentials were restored from a backup.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5377.png" alt="Event 5377 illustration" width="449" height="404" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index 0025f40837..7880067fb3 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5378(F): The requested credentials delegation was disallowed by policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5378.png" alt="Event 5378 illustration" width="449" height="438" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 2b5c265e83..c7e89a3513 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5447(S): A Windows Filtering Platform filter has been changed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5447.png" alt="Event 5447 illustration" width="493" height="793" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index ad0e108238..fd3345a565 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5632(S, F): A request was made to authenticate to a wireless network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5632.png" alt="Event 5632 illustration" width="419" height="417" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index ba78854b75..d72afb75da 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5633(S, F): A request was made to authenticate to a wired network.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5633.png" alt="Event 5633 illustration" width="528" height="449" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index 5bb81e6f09..48363c3beb 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5712(S): A Remote Procedure Call (RPC) was attempted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 It appears that this event never occurs.
 
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 8d2ea38fcb..4a22ab0013 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5888(S): An object in the COM+ Catalog was modified.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5888.png" alt="Event 5888 illustration" width="457" height="489" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index e3d65ee453..d0d9842512 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5889(S): An object was deleted from the COM+ Catalog.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5889.png" alt="Event 5889 illustration" width="472" height="653" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index 9b7a9f515c..f7bf90b524 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 5890(S): An object was added to the COM+ Catalog.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-5890.png" alt="Event 5890 illustration" width="449" height="462" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index 7565e8f794..0ed126dc60 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6144(S): Security policy in the group policy objects has been applied successfully.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6144.png" alt="Event 6144 illustration" width="449" height="347" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index b70a0844a2..ff67ad627d 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/08/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6145(F): One or more errors occurred while processing security policy in the group policy objects.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6145.png" alt="Event 6145 illustration" width="464" height="361" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index e6ec5bea59..28b9c2e509 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
- 
 
 The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
 
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index 511aeb3ae9..214d0c5b93 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index 829c3215c9..7ae7c5a3ab 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index 2aee0f9232..ca0ea21dbe 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index ec9028c852..dfa11c62ac 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index eaa912b6e3..fb4bccd26f 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index fc188cce3b..557c8ebabe 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index 689085b2fd..dbaeb0e873 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index 3273efaba1..28612dacba 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6407(-): 1%.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md
index 7b29a0468c..c36f520a60 100644
--- a/windows/security/threat-protection/auditing/event-6408.md
+++ b/windows/security/threat-protection/auditing/event-6408.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md
index 6855ea810d..1ac08c75f1 100644
--- a/windows/security/threat-protection/auditing/event-6409.md
+++ b/windows/security/threat-protection/auditing/event-6409.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6409(-): BranchCache: A service connection point object could not be parsed.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.
 
diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md
index a306a98882..a9f5e5111f 100644
--- a/windows/security/threat-protection/auditing/event-6410.md
+++ b/windows/security/threat-protection/auditing/event-6410.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 [Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.
 
diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md
index 4b85673aa7..337a5395be 100644
--- a/windows/security/threat-protection/auditing/event-6416.md
+++ b/windows/security/threat-protection/auditing/event-6416.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6416(S): A new external device was recognized by the System.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6416.png" alt="Event 6416 illustration" width="438" height="598" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md
index 90c145ff77..69a6f30def 100644
--- a/windows/security/threat-protection/auditing/event-6419.md
+++ b/windows/security/threat-protection/auditing/event-6419.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6419(S): A request was made to disable a device.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6419.png" alt="Event 6419 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 51570d3ab3..3a2dc5c9d9 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6420(S): A device was disabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6420.png" alt="Event 6420 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md
index ef4e0b856f..8ac5372312 100644
--- a/windows/security/threat-protection/auditing/event-6421.md
+++ b/windows/security/threat-protection/auditing/event-6421.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6421(S): A request was made to enable a device.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6421.png" alt="Event 6421 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 2b2f45d1b8..7e577f25c3 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6422(S): A device was enabled.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6422.png" alt="Event 6422 illustration" width="526" height="682" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md
index 3332a01011..5f8278b20e 100644
--- a/windows/security/threat-protection/auditing/event-6423.md
+++ b/windows/security/threat-protection/auditing/event-6423.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6423(S): The installation of this device is forbidden by system policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 <img src="images/event-6423.png" alt="Event 6423 illustration" width="526" height="680" hspace="10" align="left" />
 
diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md
index 8ca1ce36d6..ba3fcbffe7 100644
--- a/windows/security/threat-protection/auditing/event-6424.md
+++ b/windows/security/threat-protection/auditing/event-6424.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 This event occurs rarely, and in some situations may be difficult to reproduce.
 
diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
index 1093140e38..9c7941df2b 100644
--- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # File System (Global Object Access Auditing)
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes the Advanced Security Audit policy setting, **File System (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the file system for an entire computer.
 
diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
index 1efc819647..cc3bf79488 100644
--- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
+++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 10/22/2018
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,8 +16,6 @@ ms.technology: mde
 
 # How to get a list of XML data name elements in EventData
 
-**Applies to**
--   Windows 10
 
 The Security log uses a manifest where you can get all of the event schema.
 
diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
index 3c07a1dae0..c446bdec67 100644
--- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor central access policy and rule definitions
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md
index baf7d9e8a7..b9e1ea714f 100644
--- a/windows/security/threat-protection/auditing/monitor-claim-types.md
+++ b/windows/security/threat-protection/auditing/monitor-claim-types.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor claim types
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.
 
diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
index ed4d03037f..791549bb4f 100644
--- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor resource attribute definitions
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
 Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged. Changes can be monitored like any other AD DS object.
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
index f034f7c0fc..ece759aeb6 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the central access policies associated with files and folders
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index 12dedf0d60..2d50a5c7db 100644
--- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the central access policies that apply on a file server
 
-**Applies to**
--   Windows 10
 
 This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management.
 
diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
index f1676a1640..f223b3433d 100644
--- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the resource attributes on files and folders
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
index 04ac1c7929..af897bbd62 100644
--- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor the use of removable storage devices
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
index edaf8e590f..7f950dd7b1 100644
--- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Monitor user and device claims during sign-in
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects.
 
diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md
index e74cf80553..a54f6a6f1c 100644
--- a/windows/security/threat-protection/auditing/other-events.md
+++ b/windows/security/threat-protection/auditing/other-events.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -16,10 +16,6 @@ ms.technology: mde
 
 # Other Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Events in this section generate automatically and are enabled by default.
 
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index 068c8792d4..d47efbedbf 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Plan and deploy advanced security audit policies
 
-**Applies to**
--   Windows 10
 
 This article for IT professionals explains the options that security policy planners should consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.
 
diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
index 3c5c1ece1e..a01a3a3514 100644
--- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
+++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Registry (Global Object Access Auditing)
 
-**Applies to**
--   Windows 10
 
 This topic for the IT professional describes the Advanced Security Audit policy setting, **Registry (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the registry of a computer.
 
diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md
index ec89d5ef53..fb1184eed7 100644
--- a/windows/security/threat-protection/auditing/security-auditing-overview.md
+++ b/windows/security/threat-protection/auditing/security-auditing-overview.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Security auditing
 
-**Applies to**
--   Windows 10
 
 Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.
 
diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 6e90c989e0..dd8bb6516d 100644
--- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Using advanced security auditing options to monitor dynamic access control objects
 
-**Applies to**
--   Windows 10
 
 This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
 
diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md
index 84a296e182..5b89a3802e 100644
--- a/windows/security/threat-protection/auditing/view-the-security-event-log.md
+++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # View the security event log
 
-**Applies to**
--   Windows 10
 
 The security log records each event as defined by the audit policies you set on each object.
 
diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index 4b20841dd8..8e1db3e1b0 100644
--- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/09/2021
 ms.technology: mde
 ---
 
 # Which editions of Windows support advanced audit policy configuration
 
-**Applies to**
--   Windows 10
 
 Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. 
 There is no difference in security auditing support between 32-bit and 64-bit versions. 
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 0365837d1b..d9e8974465 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -151,7 +151,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/> 
   <Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
   <Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "10.0.0.0" />
+  <Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "5.812.10240.0" />
   <Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/> 
   <Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/>
   <Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
@@ -181,7 +181,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
   <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
-  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "10.0.0.0" />
+  <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe"  FileName="wscript.exe" MinimumFileVersion = "5.812.10240.0" />
   <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/> 
   <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/>