From a8f9f997dd095e1a436188f23f824ef5230ab896 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Tue, 8 Nov 2022 20:26:58 +0530
Subject: [PATCH 01/25] Update servicing-stack-updates.md

Added a related article - Windows server OS SSU catalog

per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10905
---
 windows/deployment/update/servicing-stack-updates.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index b1549aa4b9..531f6367f1 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -59,3 +59,8 @@ Typically, the improvements are reliability and performance improvements that do
 ## Simplifying on-premises deployment of servicing stack updates
 
 With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
+
+## Related Articles
+
+[Microsoft Servicing Stack Updates catalog for windows server operating system](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update)
+

From dd0a605ff3fbcc20ab63b53a9d5cb3cdc6872d27 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Tue, 8 Nov 2022 21:39:44 +0530
Subject: [PATCH 02/25] Update
 windows/deployment/update/servicing-stack-updates.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/update/servicing-stack-updates.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 531f6367f1..53152d4e87 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -62,5 +62,5 @@ With the Windows Update experience, servicing stack updates and cumulative updat
 
 ## Related Articles
 
-[Microsoft Servicing Stack Updates catalog for windows server operating system](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update)
+[Microsoft Servicing Stack Updates Catalog for Windows Server](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update)
 

From 6d8371aad95ff97e8f5dbe2399912e7caf44421f Mon Sep 17 00:00:00 2001
From: Dario Woitasen <33589238+dariomws@users.noreply.github.com>
Date: Thu, 10 Nov 2022 22:10:28 +0100
Subject: [PATCH 03/25] Update wdsc-customize-contact-information.md

---
 .../wdsc-customize-contact-information.md             | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
index a4d1b860ad..644c84414e 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -43,8 +43,6 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo
 
 There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
 
-This can only be done in Group Policy.
-
 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
@@ -55,6 +53,9 @@ This can only be done in Group Policy.
 
     1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
 
+        > [!NOTE]
+        > This can only be done in Group Policy.
+
     2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**.
 
 5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
@@ -66,5 +67,7 @@ This can only be done in Group Policy.
 
 7. Select **OK** after you configure each setting to save your changes.
 
->[!IMPORTANT]
->You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
+To enable the customized notifications and add the contact information in Intune, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy) and [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
+
+> [!IMPORTANT]
+> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.

From 926c1470ee83e89890cfb858e672944a50a2cfe7 Mon Sep 17 00:00:00 2001
From: Dario Woitasen <33589238+dariomws@users.noreply.github.com>
Date: Mon, 14 Nov 2022 10:02:33 +0100
Subject: [PATCH 04/25] Update
 use-windows-event-forwarding-to-assist-in-intrusion-detection.md

---
 ...t-forwarding-to-assist-in-intrusion-detection.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index d48d5da38b..a28ab4ca3e 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -397,6 +397,17 @@ The following GPO snippet performs the following tasks:
 
 ![configure event channels.](images/capi-gpo.png)
 
+The following table also contains the six actions to configure in the GPO:
+
+| Program/Script                     | Arguments                                                                                                |
+|------------------------------------|----------------------------------------------------------------------------------------------------------|
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /e:true                                                           |
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ms:102432768                                                     |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-AppLocker/EXE and DLL" /ms:102432768                                               |
+| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ca:"O:BAG:SYD:(A;;0x7;;;BA)(A;;0x2;;;AU)(A;;0x1;;;S-1-5-32-573)" |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /e:true                                     |
+| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /ms:52432896                                |
+
 ## <a href="" id="bkmk-appendixd"></a>Appendix D - Minimum GPO for WEF Client configuration
 
 Here are the minimum steps for WEF to operate:
@@ -655,4 +666,4 @@ You can get more info with the following links:
 -   [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90))
 -   [Event Query Schema](/windows/win32/wes/queryschema-schema)
 -   [Windows Event Collector](/windows/win32/wec/windows-event-collector)
--   [4625(F): An account failed to log on](./auditing/event-4625.md)
\ No newline at end of file
+-   [4625(F): An account failed to log on](./auditing/event-4625.md)

From 0cfc6b409506f14aec357da00b451fda69b6f64c Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Fri, 2 Dec 2022 15:00:54 -0800
Subject: [PATCH 05/25] Update waas-delivery-optimization-reference.md

Update min build for "DO Cache Host Source" policy, it was incorrectly set as 1809, should be 2004
---
 windows/deployment/do/waas-delivery-optimization-reference.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index 22dff75ed5..ff80d5f043 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -64,7 +64,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 |
 | [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 |
 | [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  |
-| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 1809  |
+| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 |
 | [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs)         | DOMaxForegroundDownloadBandwidth | 2004 |
 | [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 |
 

From e149c6257ea466a8fafc79a9015d90f1331ff88c Mon Sep 17 00:00:00 2001
From: Rafal Sosnowski <51166236+rafals2@users.noreply.github.com>
Date: Fri, 2 Dec 2022 15:09:31 -0800
Subject: [PATCH 06/25] Update bitlocker-management-for-enterprises.md

---
 .../bitlocker/bitlocker-management-for-enterprises.md       | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index e3bea9928b..3acad9a900 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -37,6 +37,12 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge
 
 For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well.
 
+Note:
+Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users:
+-Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+-Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+
+
 ## Managing workplace-joined PCs and phones
 
 For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD.

From ef8c7eeb4230f5677ed1f70a8aade8ad6476f429 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Mon, 5 Dec 2022 13:44:54 +0530
Subject: [PATCH 07/25] Update administer-security-policy-settings.md

Changed the URL to Microsoft security baselines blog

fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10332
---
 .../administer-security-policy-settings.md                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index bc2b937927..4303604e8b 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -95,7 +95,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
 
 **To administer security policies by using the Security Compliance Manager**
 
-1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](/archive/blogs/secguide/) blog.
+1. Download the most recent version. You can find out more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog.
 1. Read the relevant security baseline documentation that is included in this tool.
 1. Download and import the relevant security baselines. The installation process steps you through baseline selection.
 1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.

From 13eb0d0edb6873cee74ff7f5203c9df32b333b91 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Mon, 5 Dec 2022 17:05:13 +0530
Subject: [PATCH 08/25] Update
 windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../administer-security-policy-settings.md                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index 4303604e8b..781556ab7a 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -95,7 +95,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl
 
 **To administer security policies by using the Security Compliance Manager**
 
-1. Download the most recent version. You can find out more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog.
+1. Download the most recent version. You can find more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog.
 1. Read the relevant security baseline documentation that is included in this tool.
 1. Download and import the relevant security baselines. The installation process steps you through baseline selection.
 1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines.

From f468194f655c7aa181b72c11ae48d13911e3e8f0 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 18:34:31 +0530
Subject: [PATCH 09/25] Update usmt-scanstate-syntax.md

Updated /listfiles: as an incompatible switch to be used with genconfig.

fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10576
---
 windows/deployment/usmt/usmt-scanstate-syntax.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index e8fd16c69f..14b65a281f 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -203,6 +203,7 @@ The following table indicates which command-line options aren't compatible with
 |**/encrypt**|Required*|X|X||
 |**/keyfile**|N/A||X||
 |**/l**|||||
+|**/listfiles**|||X||
 |**/progress**|||X||
 |**/r**|||X||
 |**/w**|||X||

From 5500255fa6a39c9a75df72295137aac826ff3230 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:25:18 +0530
Subject: [PATCH 10/25] Update servicing-stack-updates.md

Updated per author
---
 windows/deployment/update/servicing-stack-updates.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 53152d4e87..6060da4f88 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -21,6 +21,7 @@ ms.technology: itpro-updates
 
 -   Windows 10
 -   Windows 11
+-   Windows Server
 
 ## What is a servicing stack update?
 Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
@@ -60,7 +61,4 @@ Typically, the improvements are reliability and performance improvements that do
 
 With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
 
-## Related Articles
-
-[Microsoft Servicing Stack Updates Catalog for Windows Server](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update)
 

From 91de098a4c2aa8ea391b965a852b74c6c2be9816 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:34:23 +0530
Subject: [PATCH 11/25] Update event-5140.md

Updated the document per author's guidance on table

Fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10657
---
 windows/security/threat-protection/auditing/event-5140.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index 5d72bf2c8c..70aa2bbbdb 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -132,7 +132,7 @@ This event generates once per session, when first access attempt was made.
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event.
 

From 77a10e1d3d824e7783ac7155a61ac05cee78e0ed Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:36:58 +0530
Subject: [PATCH 12/25] Update event-4661.md

Updated per author's recommendation.
---
 windows/security/threat-protection/auditing/event-4661.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index bf8b9b0543..d651a58146 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -163,9 +163,9 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
 
 > **Note**&nbsp;&nbsp;**GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances.
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use <https://technet.microsoft.com/> or other informational resources.
 
 -   **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below:
 
@@ -217,4 +217,4 @@ For 4661(S, F): A handle to an object was requested.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
--   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.
\ No newline at end of file
+-   You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document.

From df8bbc4d3cd0842f381d115c847bbc6be8891643 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:38:40 +0530
Subject: [PATCH 13/25] Update event-4691.md

updated per authors recommendation
---
 windows/security/threat-protection/auditing/event-4691.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index 140889746d..716abaaa34 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -125,12 +125,12 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ
 
 **Access Request Information:**
 
--   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
--   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
+-   **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use <https://technet.microsoft.com/> or other informational resources.
 
 ## Security Monitoring Recommendations
 
 For 4691(S): Indirect access to an object was requested.
 
--   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.
\ No newline at end of file
+-   Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports.

From 2ec0032bbadbc2967f8875b12aad88f4e1a03b2e Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 7 Dec 2022 20:40:29 +0530
Subject: [PATCH 14/25] Update event-5145.md

Updated the document per authors recommendation.
---
 windows/security/threat-protection/auditing/event-5145.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 8f47f2b4d1..5c736eaa3d 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -134,7 +134,7 @@ This event generates every time network share object (file or folder) was access
 
 **Access Request Information:**
 
--   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights.
+-   **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights.
 
 -   **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**.
 
@@ -318,4 +318,4 @@ For 5145(S, F): A network share object was checked to see whether client can be
 
     -   WRITE\_DAC
 
-    -   WRITE\_OWNER
\ No newline at end of file
+    -   WRITE\_OWNER

From 5ad8c9e6c05cfef8de51296429124b231e89c7de Mon Sep 17 00:00:00 2001
From: "beedell.rokejulianlockhart" <rokejulianlockhart@outlook.com>
Date: Wed, 7 Dec 2022 19:32:33 +0000
Subject: [PATCH 15/25] Corrected capitalization.

"-online" to "-Online".
---
 .../install-md-app-guard.md                                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
index b4fb01a3c6..222fad81b1 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
@@ -81,7 +81,7 @@ Application Guard functionality is turned off by default. However, you can quick
 3. Type the following command:
 
     ```
-    Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
+    Enable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard
     ```
 4. Restart the device.
 

From 606053160139620d67d1323f5673587d9718fc67 Mon Sep 17 00:00:00 2001
From: Rowan Lea <rowan.lea92@gmail.com>
Date: Tue, 13 Dec 2022 13:35:22 +0000
Subject: [PATCH 16/25] Fixed simple spelling mistake

It's small but it's in the page description and the first line of text.
---
 .../azure-active-directory-integration-with-mdm.md            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index e1d6f4d069..f2c906993c 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -1,6 +1,6 @@
 ---
 title: Azure Active Directory integration with MDM
-description: Azure Active Directory is the world largest enterprise cloud identity management service.
+description: Azure Active Directory is the world's largest enterprise cloud identity management service.
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
@@ -14,7 +14,7 @@ ms.date: 12/31/2017
 
 # Azure Active Directory integration with MDM
 
-Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow.
+Azure Active Directory is the world's largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow.
 
 Once a device is enrolled in MDM, the MDM:
 

From 1de72609a949e75df4acdf1543527f131d109da1 Mon Sep 17 00:00:00 2001
From: ruimurakami-MSFT <84647422+rui0122@users.noreply.github.com>
Date: Mon, 19 Dec 2022 08:50:57 -0500
Subject: [PATCH 17/25] Modify for convenience PIN

Adding "However" which is easier to follow explanation.
---
 .../identity-protection/hello-for-business/hello-faq.yml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index f4456c7110..a215926020 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -91,7 +91,7 @@ sections:
 
       - question: Can I use a convenience PIN with Azure Active Directory?
         answer: |
-          It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users.
+          It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. However, convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users.
 
       - question: Can I use an external Windows Hello compatible camera when my computer has a built-in Windows Hello compatible camera?
         answer: |

From 30c8e8b1060673392e4c6c0f4fee2ba04f767d69 Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Wed, 21 Dec 2022 14:45:25 +0000
Subject: [PATCH 18/25] Clarification of Settings Catalog options

We currently list both a method of configuring this with Settings Catalog, and with a Custom profile. Arguably the custom profile should just go these days, but in any case the Settings Catalog entry was incomplete and needed clarification on the Telemetry options, as we did not state recommended settings. Those settings are also not required, but recommended, so I have moved them as such.

I've also added brief wording to clarify that you need not do a Settings Catalog AND a custom profile, as this has been misunderstood before.
---
 .../update/wufb-reports-configuration-intune.md           | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 2d9a417660..fd664caf03 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -27,7 +27,7 @@ This article is targeted at configuring devices enrolled to [Microsoft Intune](/
 
 ## Create a configuration profile
 
-Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports:
+Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports (select one):
 - The [settings catalog](#settings-catalog)
 - [Template](#custom-oma-uri-based-profile) for a custom OMA URI-based profile
 
@@ -45,11 +45,15 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
         - **Setting**: Allow Update Compliance Processing
         - **Value**: Enabled
-        - **Setting**: Configure Telemetry Opt In Change Notification
     1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports:
+        - **Setting**: Configure Telemetry Opt In Settings Ux
+        - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
+        - **Setting**: Configure Telemetry Opt In Change Notification
+        - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*)
         - **Setting**: Allow device name to be sent in Windows diagnostic data
         - **Value**: Allowed
 
+
 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
 1. Review the settings and then select **Create**.
 

From 1ea7fa8a50dc180e4c2a8978d3904ba8a82eb72c Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Wed, 21 Dec 2022 14:54:42 +0000
Subject: [PATCH 19/25] Update wufb-reports-configuration-intune.md

---
 .../deployment/update/wufb-reports-configuration-intune.md   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index fd664caf03..503f0890f4 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -45,15 +45,14 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
         - **Setting**: Allow Update Compliance Processing
         - **Value**: Enabled
-    1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports:
+    1. (*Recommended, but not required*):
         - **Setting**: Configure Telemetry Opt In Settings Ux
         - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification
         - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*)
-        - **Setting**: Allow device name to be sent in Windows diagnostic data
+        - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports)
         - **Value**: Allowed
 
-
 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
 1. Review the settings and then select **Create**.
 

From a78392268c9de20d53e36478c20ec9458c5bf89f Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Wed, 21 Dec 2022 16:24:07 +0000
Subject: [PATCH 20/25] Update wufb-reports-configuration-intune.md

---
 .../deployment/update/wufb-reports-configuration-intune.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 503f0890f4..0507737391 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -47,9 +47,9 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Enabled
     1. (*Recommended, but not required*):
         - **Setting**: Configure Telemetry Opt In Settings Ux
-        - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
+        - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification
-        - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*)
+        - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*)
         - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports)
         - **Value**: Allowed
 

From c92916c5b158fb18ff104641eb909173ba122456 Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Wed, 21 Dec 2022 16:25:10 +0000
Subject: [PATCH 21/25] Update wufb-reports-configuration-intune.md

---
 windows/deployment/update/wufb-reports-configuration-intune.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 0507737391..fe024f687a 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -50,7 +50,7 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification
         - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*)
-        - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports)
+        - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports*)
         - **Value**: Allowed
 
 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.

From 3d195622f368b5670e907d5df12f0153bc59fa64 Mon Sep 17 00:00:00 2001
From: Ben Watt <13239035+wattbt@users.noreply.github.com>
Date: Wed, 21 Dec 2022 16:26:01 +0000
Subject: [PATCH 22/25] Update wufb-reports-configuration-intune.md

---
 windows/deployment/update/wufb-reports-configuration-intune.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index fe024f687a..f6e00ead05 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -45,7 +45,7 @@ Create a configuration profile that will set the required policies for Windows U
         - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
         - **Setting**: Allow Update Compliance Processing
         - **Value**: Enabled
-    1. (*Recommended, but not required*):
+    1. Recommended settings, but not required:
         - **Setting**: Configure Telemetry Opt In Settings Ux
         - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification

From dfa3662f265e9d40fc6df0c0b395e2d917d9f150 Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Thu, 22 Dec 2022 18:00:50 -0800
Subject: [PATCH 23/25] Update
 windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../bitlocker/bitlocker-management-for-enterprises.md    | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 3acad9a900..5c994ae869 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -37,11 +37,10 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge
 
 For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well.
 
-Note:
-Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users:
--Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
--Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
-
+> [!NOTE]
+> To manage Bitlocker, except to enable and disable it, one of the following licenses must be assigned to your users:
+> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5).
+> - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 and A5).
 
 ## Managing workplace-joined PCs and phones
 

From 5d16d00140a06cd64fc9ab1fdce27b2c08cf71e6 Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Thu, 22 Dec 2022 20:12:23 -0800
Subject: [PATCH 24/25] reword

---
 .../deployment/update/wufb-reports-configuration-intune.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index f6e00ead05..5f07d75c3e 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -8,7 +8,7 @@ author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
 ms.topic: article
-ms.date: 12/05/2022
+ms.date: 12/22/2022
 ms.technology: itpro-updates
 ---
 
@@ -49,7 +49,7 @@ Create a configuration profile that will set the required policies for Windows U
         - **Setting**: Configure Telemetry Opt In Settings Ux
         - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*)
         - **Setting**: Configure Telemetry Opt In Change Notification
-        - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*)
+        - **Value**: Disabled (*By turning this setting on you are disabling notifications of diagnostic data changes*)
         - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports*)
         - **Value**: Allowed
 

From 3e080a5bbf9465c62cd7b400c4835137a3de3dbb Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com>
Date: Tue, 27 Dec 2022 08:59:53 -0800
Subject: [PATCH 25/25] Update event-4661.md

---
 windows/security/threat-protection/auditing/event-4661.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index a49b9f501e..6cc68892c8 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -158,7 +158,7 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
 
 **Access Request Information:**
 
--   **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same the **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
+-   **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.”
 
     This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”.