From 44066e2f4fd27f01ccaa652eb6d3a02c9b779956 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Tue, 4 Aug 2020 13:32:19 +0300
Subject: [PATCH 1/2] Update advanced-hunting-devicelogonevents-table.md

Adding a  small support statement to avoid future customer cases.
---
 .../advanced-hunting-devicelogonevents-table.md             | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index f48045b11f..db40cc7f1f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -27,6 +27,10 @@ ms.topic: article
 
 The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
 
+> [!NOTE]
+> Collection of DeviceLogonEvents is not supported for Windows 7 or Windows Server 2008 R2.
+> We recommend upgrading to Windows 10 or Windows Server 2019 for optimal visibility into user logon activity.
+
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
 
 | Column name | Data type | Description |
@@ -68,4 +72,4 @@ For information on other tables in the advanced hunting schema, see [the advance
 ## Related topics
 - [Advanced hunting overview](advanced-hunting-overview.md)
 - [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
\ No newline at end of file
+- [Understand the schema](advanced-hunting-schema-reference.md)

From c12a1157d92a7d9c25abf631ed812c8ad9c90f6d Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Tue, 4 Aug 2020 13:55:57 +0300
Subject: [PATCH 2/2] Update advanced-hunting-devicelogonevents-table.md

minor edit
---
 .../advanced-hunting-devicelogonevents-table.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index db40cc7f1f..1f7e4db8a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -28,7 +28,7 @@ ms.topic: article
 The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
 
 > [!NOTE]
-> Collection of DeviceLogonEvents is not supported for Windows 7 or Windows Server 2008 R2.
+> Collection of DeviceLogonEvents is not supported on Windows 7 or Windows Server 2008 R2.
 > We recommend upgrading to Windows 10 or Windows Server 2019 for optimal visibility into user logon activity.
 
 For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).