From 754396c7d5d10261891bfb115efba1790f1bff8c Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Mon, 24 Oct 2022 15:45:38 -0400
Subject: [PATCH 01/11] metadeploycm
---
...ws-10-operating-system-image-using-configuration-manager.md | 3 ++-
...0-deployment-with-windows-pe-using-configuration-manager.md | 3 ++-
...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
...reate-a-task-sequence-with-configuration-manager-and-mdt.md | 3 ++-
...on-to-deploy-with-windows-10-using-configuration-manager.md | 3 ++-
.../deploy-windows-10-using-pxe-and-configuration-manager.md | 3 ++-
...ion-for-windows-10-deployment-with-configuration-manager.md | 3 ++-
...ch-installation-of-windows-10-with-configuration-manager.md | 3 ++-
...ows-7-client-with-windows-10-using-configuration-manager.md | 3 ++-
...ows-7-client-with-windows-10-using-configuration-manager.md | 3 ++-
.../upgrade-to-windows-10-with-configuration-manager.md | 3 ++-
11 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index af75531621..6836f336bb 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Operating system images are typically the production image used for
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Add a Windows 10 operating system image using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 1d57288f6f..cc5a8040ad 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to configure the Windows Preinstallation Environment (Win
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index fb7aae6b8e..337c328493 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to create custom Windows Preinstallation Environment (Win
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index f846694f35..7780379c78 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -4,10 +4,11 @@ description: Create a Configuration Manager task sequence with Microsoft Deploym
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Create a task sequence with Configuration Manager and MDT
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 102b3ae2d6..382ccfcfa3 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -5,10 +5,11 @@ ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
+ms.technology: itpro-deploy
---
# Create an application to deploy with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 253e63190e..5cae6b7635 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -4,11 +4,12 @@ description: In this topic, you'll learn how to deploy Windows 10 using Microsof
ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.collection: highpri
+ms.technology: itpro-deploy
---
# Deploy Windows 10 using PXE and Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 3984e65a9b..cd56ad9b66 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: This article provides a walk-through to finalize the configuration
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 02c1c8a43b..54c4a707ea 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -4,10 +4,11 @@ description: Learn how to prepare a Zero Touch Installation of Windows 10 with C
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: how-to
+ms.technology: itpro-deploy
---
# Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 41822baf59..d8969c0190 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to use Configuration Manager and Microsoft Deployment Too
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 4d0bcca63b..8dbbb5bb98 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,11 +5,12 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index 5d6a936a26..f410e7a5c1 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -4,11 +4,12 @@ description: Learn how to perform an in-place upgrade to Windows 10 by automatin
ms.reviewer:
manager: dougeby
ms.author: aaroncz
-ms.prod: w10
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.topic: article
ms.custom: seo-marvel-apr2020
+ms.technology: itpro-deploy
---
# Perform an in-place upgrade to Windows 10 using Configuration Manager
From f7c65cd27b7ca9e9952179717865e16074d09b61 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Mon, 24 Oct 2022 19:01:48 -0400
Subject: [PATCH 02/11] meta client management 8
---
windows/client-management/mdm/policy-csp-userrights.md | 6 +++---
.../mdm/policy-csp-virtualizationbasedtechnology.md | 6 +++---
.../client-management/mdm/policy-csp-webthreatdefense.md | 6 +++---
windows/client-management/mdm/policy-csp-wifi.md | 6 +++---
.../client-management/mdm/policy-csp-windowsautopilot.md | 6 +++---
.../mdm/policy-csp-windowsconnectionmanager.md | 6 +++---
.../mdm/policy-csp-windowsdefendersecuritycenter.md | 6 +++---
.../client-management/mdm/policy-csp-windowsinkworkspace.md | 6 +++---
windows/client-management/mdm/policy-csp-windowslogon.md | 6 +++---
.../client-management/mdm/policy-csp-windowspowershell.md | 6 +++---
windows/client-management/mdm/policy-csp-windowssandbox.md | 4 ++--
windows/client-management/mdm/policy-csp-wirelessdisplay.md | 6 +++---
windows/client-management/mdm/policy-ddf-file.md | 6 +++---
windows/client-management/mdm/provisioning-csp.md | 6 +++---
windows/client-management/mdm/pxlogical-csp.md | 6 +++---
windows/client-management/mdm/reboot-csp.md | 6 +++---
windows/client-management/mdm/reboot-ddf-file.md | 6 +++---
windows/client-management/mdm/remotefind-csp.md | 6 +++---
windows/client-management/mdm/remotefind-ddf-file.md | 6 +++---
windows/client-management/mdm/remotering-csp.md | 6 +++---
windows/client-management/mdm/remotewipe-csp.md | 6 +++---
windows/client-management/mdm/remotewipe-ddf-file.md | 6 +++---
windows/client-management/mdm/reporting-csp.md | 6 +++---
windows/client-management/mdm/reporting-ddf-file.md | 6 +++---
windows/client-management/mdm/rootcacertificates-csp.md | 6 +++---
.../client-management/mdm/rootcacertificates-ddf-file.md | 6 +++---
windows/client-management/mdm/secureassessment-csp.md | 6 +++---
windows/client-management/mdm/secureassessment-ddf-file.md | 6 +++---
windows/client-management/mdm/securitypolicy-csp.md | 6 +++---
windows/client-management/mdm/sharedpc-csp.md | 6 +++---
windows/client-management/mdm/sharedpc-ddf-file.md | 6 +++---
windows/client-management/mdm/storage-csp.md | 6 +++---
windows/client-management/mdm/storage-ddf-file.md | 6 +++---
windows/client-management/mdm/supl-csp.md | 6 +++---
windows/client-management/mdm/supl-ddf-file.md | 6 +++---
windows/client-management/mdm/surfacehub-csp.md | 6 +++---
windows/client-management/mdm/surfacehub-ddf-file.md | 6 +++---
windows/client-management/mdm/tenantlockdown-csp.md | 6 +++---
windows/client-management/mdm/tenantlockdown-ddf.md | 6 +++---
windows/client-management/mdm/tpmpolicy-csp.md | 6 +++---
windows/client-management/mdm/tpmpolicy-ddf-file.md | 6 +++---
41 files changed, 122 insertions(+), 122 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index a4779f0075..9359f7ab9e 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -3,12 +3,12 @@ title: Policy CSP - UserRights
description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/24/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 11630b2ae4..cfbe252574 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -3,12 +3,12 @@ title: Policy CSP - VirtualizationBasedTechnology
description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index 5dc80b41a1..95465df853 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -3,12 +3,12 @@ title: Policy CSP - WebThreatDefense
description: Learn about the Policy CSP - WebThreatDefense.
ms.author: v-aljupudi
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: alekyaj
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 6c4a95d9d8..09a9eb148e 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -3,12 +3,12 @@ title: Policy CSP - Wifi
description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 9ced4af382..01a6430be0 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsAutoPilot
description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 1365e72a03..803dc874b5 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsConnectionManager
description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index cac7ae5d62..106c5f63e4 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsDefenderSecurityCenter
description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 97e61809eb..403b33ba76 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsInkWorkspace
description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 0c5e572c58..7af2d1affc 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsLogon
description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 97687279b6..259cea10dc 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -3,12 +3,12 @@ title: Policy CSP - WindowsPowerShell
description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 614d5d9496..c6271913c6 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -3,8 +3,8 @@ title: Policy CSP - WindowsSandbox
description: Policy CSP - WindowsSandbox
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/14/2020
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index b290aca34c..854f98de60 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -3,12 +3,12 @@ title: Policy CSP - WirelessDisplay
description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 8bd3586113..07c6ded973 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -1,12 +1,12 @@
---
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/28/2020
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index 2462a7dcbb..dfa0ed323d 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -1,12 +1,12 @@
---
title: Provisioning CSP
description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index abed3e7963..82b9629e4d 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -1,12 +1,12 @@
---
title: PXLOGICAL configuration service provider
description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 42e06b3bc0..1f1ced6498 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -1,12 +1,12 @@
---
title: Reboot CSP
description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 25c6107ae8..0b5f03a5ba 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -1,12 +1,12 @@
---
title: Reboot DDF file
description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 5d7e167612..8430142ede 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -1,12 +1,12 @@
---
title: RemoteFind CSP
description: The RemoteFind configuration service provider retrieves the location information for a particular device.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index 1b391b32f9..b0a282ba66 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -1,12 +1,12 @@
---
title: RemoteFind DDF file
description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index fc8e8d1044..16c44fd50b 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -1,12 +1,12 @@
---
title: RemoteRing CSP
description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 73d74f2f2f..f1ad46c81f 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -1,12 +1,12 @@
---
title: RemoteWipe CSP
description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2018
---
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index cb8b212a60..26bd073966 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -1,12 +1,12 @@
---
title: RemoteWipe DDF file
description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2018
---
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index 690823bd91..7921654d92 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -1,12 +1,12 @@
---
title: Reporting CSP
description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index f69c53b09e..1681b2d8c2 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -1,12 +1,12 @@
---
title: Reporting DDF file
description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 7c02b4278c..13ec3d35cc 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -1,12 +1,12 @@
---
title: RootCATrustedCertificates CSP
description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/06/2018
---
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 6d2e87da05..9f73b6023a 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -1,12 +1,12 @@
---
title: RootCATrustedCertificates DDF file
description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/07/2018
---
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 6a0f58509c..196eff5292 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,12 +1,12 @@
---
title: SecureAssessment CSP
description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 7302a11288..4225ec9c51 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,12 +1,12 @@
---
title: SecureAssessment DDF file
description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 72474375fb..3ca90e30a3 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -1,12 +1,12 @@
---
title: SecurityPolicy CSP
description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index 89e0c49e59..9ec9fb7703 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -1,12 +1,12 @@
---
title: SharedPC CSP
description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/23/2022
---
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 87ee1da106..764d14a202 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -1,12 +1,12 @@
---
title: SharedPC DDF file
description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index 53182c42d1..e1e42f6685 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -1,12 +1,12 @@
---
title: Storage CSP
description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index aba4222037..508dfb3f66 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -1,12 +1,12 @@
---
title: Storage DDF file
description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 32fc177aa9..a14b9afd32 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -1,12 +1,12 @@
---
title: SUPL CSP
description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 09/12/2019
---
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 6ddf560abe..ce35649aaf 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -1,12 +1,12 @@
---
title: SUPL DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 60c07c552b..9ddb730b42 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -1,12 +1,12 @@
---
title: SurfaceHub CSP
description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 07/28/2017
---
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 19363a0c32..b641ecada1 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -1,12 +1,12 @@
---
title: SurfaceHub DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index e44dd9087b..615cdfaa7a 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -3,11 +3,11 @@ title: TenantLockdown CSP
description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2018
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index 20ef115f73..788ba62e5c 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -3,11 +3,11 @@ title: TenantLockdown DDF file
description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 08/13/2018
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 7ed88086de..ceee66f4b0 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -3,11 +3,11 @@ title: TPMPolicy CSP
description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components.
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/01/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index fa01f620af..b4bcb92ce0 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -3,11 +3,11 @@ title: TPMPolicy DDF file
description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
From ba5ab70641f7facfdb4d60dc6f7a16fce19a7415 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Tue, 25 Oct 2022 11:43:39 -0400
Subject: [PATCH 03/11] meta security 3
---
.../smart-cards/smart-card-architecture.md | 14 +++++++-------
...smart-card-certificate-propagation-service.md | 14 +++++++-------
...d-certificate-requirements-and-enumeration.md | 14 +++++++-------
.../smart-card-debugging-information.md | 16 ++++++++--------
.../smart-cards/smart-card-events.md | 14 +++++++-------
...rt-card-group-policy-and-registry-settings.md | 14 +++++++-------
...rd-how-smart-card-sign-in-works-in-windows.md | 16 ++++++++--------
.../smart-card-removal-policy-service.md | 14 +++++++-------
...smart-card-smart-cards-for-windows-service.md | 14 +++++++-------
.../smart-cards/smart-card-tools-and-settings.md | 14 +++++++-------
...ard-windows-smart-card-technical-reference.md | 14 +++++++-------
.../how-user-account-control-works.md | 16 ++++++++--------
...rol-group-policy-and-registry-key-settings.md | 16 ++++++++--------
.../user-account-control-overview.md | 16 ++++++++--------
...r-account-control-security-policy-settings.md | 16 ++++++++--------
...tual-smart-card-deploy-virtual-smart-cards.md | 8 ++++----
.../virtual-smart-card-evaluate-security.md | 8 ++++----
.../virtual-smart-card-get-started.md | 8 ++++----
.../virtual-smart-card-overview.md | 8 ++++----
.../virtual-smart-card-tpmvscmgr.md | 8 ++++----
...al-smart-card-understanding-and-evaluating.md | 8 ++++----
...virtual-smart-card-use-virtual-smart-cards.md | 8 ++++----
...ellman-protocol-over-ikev2-vpn-connections.md | 8 ++++----
...sign-on-sso-over-vpn-and-wi-fi-connections.md | 8 ++++----
.../vpn/vpn-authentication.md | 8 ++++----
.../vpn/vpn-auto-trigger-profile.md | 8 ++++----
.../vpn/vpn-conditional-access.md | 8 ++++----
.../vpn/vpn-connection-type.md | 8 ++++----
.../identity-protection/vpn/vpn-guide.md | 8 ++++----
.../vpn/vpn-name-resolution.md | 8 ++++----
.../vpn/vpn-office-365-optimization.md | 8 ++++----
.../vpn/vpn-profile-options.md | 8 ++++----
.../identity-protection/vpn/vpn-routing.md | 8 ++++----
.../vpn/vpn-security-features.md | 8 ++++----
...credential-theft-mitigation-guide-abstract.md | 8 ++++----
.../bitlocker/bcd-settings-and-bitlocker.md | 2 +-
.../bitlocker/bitlocker-basic-deployment.md | 4 ++--
.../bitlocker/bitlocker-countermeasures.md | 4 ++--
.../bitlocker/bitlocker-deployment-comparison.md | 2 +-
...cker-device-encryption-overview-windows-10.md | 4 ++--
.../bitlocker/bitlocker-group-policy-settings.md | 4 ++--
.../bitlocker-how-to-deploy-on-windows-server.md | 2 +-
.../bitlocker-how-to-enable-network-unlock.md | 4 ++--
.../bitlocker-management-for-enterprises.md | 4 ++--
.../bitlocker/bitlocker-overview.md | 4 ++--
.../bitlocker/bitlocker-recovery-guide-plan.md | 2 +-
.../bitlocker/bitlocker-recovery-loop-break.md | 4 ++--
...drive-encryption-tools-to-manage-bitlocker.md | 4 ++--
...ker-use-bitlocker-recovery-password-viewer.md | 4 ++--
...zation-for-bitlocker-planning-and-policies.md | 4 ++--
50 files changed, 217 insertions(+), 217 deletions(-)
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index 3fa8e4255e..7277b044d4 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -1,7 +1,7 @@
---
title: Smart Card Architecture (Windows)
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Architecture
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index ef2c516483..00b2152267 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -1,7 +1,7 @@
---
title: Certificate Propagation Service (Windows)
description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Certificate Propagation Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index df7c9505b6..5707ce0650 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -1,7 +1,7 @@
---
title: Certificate Requirements and Enumeration (Windows)
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Certificate Requirements and Enumeration
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 7f0143c568..7604db531a 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -1,23 +1,23 @@
---
title: Smart Card Troubleshooting (Windows)
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Troubleshooting
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index a750b165ca..fd2d69b73f 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -1,7 +1,7 @@
---
title: Smart Card Events (Windows)
description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Events
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index 2b1c30addd..c32bc12fe2 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -1,7 +1,7 @@
---
title: Smart Card Group Policy and Registry Settings (Windows)
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/02/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Group Policy and Registry Settings
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 4019c75ad2..ad01703612 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -1,23 +1,23 @@
---
title: How Smart Card Sign-in Works in Windows
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# How Smart Card Sign-in Works in Windows
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index 79ce85481a..bd2846b176 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -1,7 +1,7 @@
---
title: Smart Card Removal Policy Service (Windows)
description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Removal Policy Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index 4acfbe37c2..af5b9e8bb6 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
---
title: Smart Cards for Windows Service (Windows)
description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Cards for Windows Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index faab6d1c50..106071d129 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -1,7 +1,7 @@
---
title: Smart Card Tools and Settings (Windows)
description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Tools and Settings
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index 7899c14e50..f1676735c7 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -1,7 +1,7 @@
---
title: Smart Card Technical Reference (Windows)
description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
@@ -10,12 +10,12 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# Smart Card Technical Reference
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 42aca41a0a..49a56c854a 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -1,23 +1,23 @@
---
title: How User Account Control works (Windows)
description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/23/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# How User Account Control works
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index e54d14dafe..540e4342f1 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -1,23 +1,23 @@
---
title: User Account Control Group Policy and registry key settings (Windows)
description: Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# User Account Control Group Policy and registry key settings
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index e9b562bbe0..39dfcbd0bc 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -1,23 +1,23 @@
---
title: User Account Control (Windows)
description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 09/24/2011
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# User Account Control
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index cacda816c0..c65eb01870 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -1,23 +1,23 @@
---
title: User Account Control security policy settings (Windows)
description: You can use security policies to configure how User Account Control works in your organization.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
-- ✅ Windows Server 2016
-- ✅ Windows Server 2019
-- ✅ Windows Server 2022
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
+ - ✅ Windows Server 2016
+ - ✅ Windows Server 2019
+ - ✅ Windows Server 2022
---
# User Account Control security policy settings
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 763ba1f346..0f5fef56ab 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -1,7 +1,7 @@
---
title: Deploy Virtual Smart Cards (Windows 10)
description: This topic for the IT professional discusses the factors to consider when you deploy a virtual smart card authentication solution.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 703582c5a0..f5ce64521a 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -1,7 +1,7 @@
---
title: Evaluate Virtual Smart Card Security (Windows 10)
description: This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index 92cdfe8cdc..ab366df26d 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -1,7 +1,7 @@
---
title: Get Started with Virtual Smart Cards - Walkthrough Guide (Windows 10)
description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Get Started with Virtual Smart Cards: Walkthrough Guide
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index 7d92df7bd0..acb3e89bb3 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -1,7 +1,7 @@
---
title: Virtual Smart Card Overview (Windows 10)
description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/13/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 37b59cb998..62b4f01d0c 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -1,7 +1,7 @@
---
title: Tpmvscmgr (Windows 10)
description: This topic for the IT professional describes the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Tpmvscmgr
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 077d990d63..6b9c28ede3 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -1,7 +1,7 @@
---
title: Understanding and Evaluating Virtual Smart Cards (Windows 10)
description: Learn how smart card technology can fit into your authentication design. Find links to additional topics about virtual smart cards.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Understanding and Evaluating Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 6cb4ac6fc7..713f1ab1f6 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -1,7 +1,7 @@
---
title: Use Virtual Smart Cards (Windows 10)
description: This topic for the IT professional describes requirements for virtual smart cards and provides information about how to use and manage them.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/13/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows Server 2016
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows Server 2016
---
# Use Virtual Smart Cards
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 0e77c5aca8..863eec92a6 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -1,16 +1,16 @@
---
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11)
description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.localizationpriority: medium
ms.date: 09/23/2021
manager: aaroncz
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 58e9851817..d7cefe3eee 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -1,15 +1,15 @@
---
title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11)
description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.date: 03/22/2022
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 3434542f7b..508f1851bc 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -1,16 +1,16 @@
---
title: VPN authentication options (Windows 10 and Windows 11)
description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN authentication options
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 2cef6b0692..84b2d6c66b 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -1,16 +1,16 @@
---
title: VPN auto-triggered profile options (Windows 10 and Windows 11)
description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN auto-triggered profile options
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index e33c303053..2589095203 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -1,16 +1,16 @@
---
title: VPN and conditional access (Windows 10 and Windows 11)
description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: pesmith
manager: aaroncz
ms.localizationpriority: medium
ms.date: 09/23/2021
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN and conditional access
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index 96e77511ad..473b6fede7 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -1,16 +1,16 @@
---
title: VPN connection types (Windows 10 and Windows 11)
description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 08/23/2021
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN connection types
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index c235596b5c..54ef63f227 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -1,16 +1,16 @@
---
title: Windows VPN technical guide (Windows 10 and Windows 11)
description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 02/21/2022
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Windows VPN technical guide
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index d91442912d..cc0d1c17d1 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -1,16 +1,16 @@
---
title: VPN name resolution (Windows 10 and Windows 11)
description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN name resolution
diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
index c54c8c05a4..3512900011 100644
--- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
+++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
@@ -1,7 +1,7 @@
---
title: Optimizing Office 365 traffic for remote workers with the native Windows 10 or Windows 11 VPN client
description: tbd
-ms.prod: m365-security
+ms.prod: windows-client
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/23/2021
@@ -9,9 +9,9 @@ author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index c6a1f32a1b..07f0f4e317 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -2,15 +2,15 @@
title: VPN profile options (Windows 10 and Windows 11)
description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
manager: aaroncz
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: pesmith
ms.localizationpriority: medium
ms.date: 05/17/2018
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN profile options
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index 2fdcf08d5b..8a4d2a49b8 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -1,16 +1,16 @@
---
title: VPN routing decisions (Windows 10 and Windows 10)
description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN routing decisions
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 31e2845099..852ee0c9d5 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -1,16 +1,16 @@
---
title: VPN security features
description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 07/21/2022
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# VPN security features
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index ced8857c84..1e475ba610 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -1,7 +1,7 @@
---
title: Windows Credential Theft Mitigation Guide Abstract
description: Provides a summary of the Windows credential theft mitigation guide.
-ms.prod: m365-security
+ms.prod: windows-client
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
@@ -9,9 +9,9 @@ ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-appliesto:
-- ✅ Windows 10
-- ✅ Windows 11
+appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
---
# Windows Credential Theft Mitigation Guide Abstract
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index 5419fe6df5..4a3b3e57ca 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -2,7 +2,7 @@
title: BCD settings and BitLocker (Windows 10)
description: This topic for IT professionals describes the BCD settings that are used by BitLocker.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index 36cc5e7a7a..f19d80e906 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -2,12 +2,12 @@
title: BitLocker basic deployment
description: This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index 68889e3dcd..0e827934c2 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -2,12 +2,12 @@
title: BitLocker Countermeasures (Windows 10)
description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
index 649c0a0e0f..3811e7cb94 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -1,7 +1,7 @@
---
title: BitLocker deployment comparison (Windows 10)
description: This article shows the BitLocker deployment comparison chart.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: lovina-saldanha
ms.author: v-lsaldanha
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index c7496bb2d0..5b84d41717 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -1,12 +1,12 @@
---
title: Overview of BitLocker Device Encryption in Windows
description: This article provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 3a6b451bd5..8f2e37d39f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -2,12 +2,12 @@
title: BitLocker Group Policy settings (Windows 10)
description: This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 1e211bd02d..17dd8a1f09 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -2,7 +2,7 @@
title: BitLocker How to deploy on Windows Server 2012 and later
description: This article for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index 98acd44af7..88e19c407b 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -2,12 +2,12 @@
title: BitLocker - How to enable Network Unlock (Windows 10)
description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index 4d19e0ed71..6d39fbf7bf 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -1,12 +1,12 @@
---
title: BitLocker Management Recommendations for Enterprises (Windows 10)
description: Refer to relevant documentation, products, and services to learn about managing BitLocker for enterprises and see recommendations for different computers.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 464d9dd86c..30f473587f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -2,11 +2,11 @@
title: BitLocker
description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
ms.author: dansimp
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 2d622dbe34..390b943e87 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -8,7 +8,7 @@ author: frankroj
ms.author: frankroj
ms.reviewer: rafals
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index 528ae87399..62c8fe56d0 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -1,12 +1,12 @@
---
title: Breaking out of a BitLocker recovery loop
description: This article for IT professionals describes how to break out of a BitLocker recovery loop.
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index b3cfe16c19..c276611731 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -2,12 +2,12 @@
title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10)
description: This article for the IT professional describes how to use tools to manage BitLocker.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index b7850352da..56d645428f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -2,12 +2,12 @@
title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10)
description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index beacea058e..4473a9d639 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -2,12 +2,12 @@
title: Prepare your organization for BitLocker Planning and policies (Windows 10)
description: This article for the IT professional explains how can you plan your BitLocker deployment.
ms.reviewer:
-ms.prod: m365-security
+ms.prod: windows-client
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: aaroncz
-ms.collection:
+ms.collection:
- M365-security-compliance
- highpri
ms.topic: conceptual
From 4db3713dbb57e6785e12d42b97b6bc613bdf8f09 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Tue, 25 Oct 2022 11:53:37 -0400
Subject: [PATCH 04/11] meta security 6
---
.../threat-protection/auditing/audit-removable-storage.md | 4 ++--
.../security/threat-protection/auditing/audit-rpc-events.md | 4 ++--
windows/security/threat-protection/auditing/audit-sam.md | 4 ++--
.../auditing/audit-security-group-management.md | 4 ++--
.../threat-protection/auditing/audit-security-state-change.md | 4 ++--
.../auditing/audit-security-system-extension.md | 4 ++--
.../auditing/audit-sensitive-privilege-use.md | 4 ++--
.../threat-protection/auditing/audit-special-logon.md | 4 ++--
.../threat-protection/auditing/audit-system-integrity.md | 4 ++--
.../threat-protection/auditing/audit-token-right-adjusted.md | 4 ++--
.../auditing/audit-user-account-management.md | 4 ++--
.../threat-protection/auditing/audit-user-device-claims.md | 4 ++--
.../auditing/basic-audit-account-logon-events.md | 4 ++--
.../auditing/basic-audit-account-management.md | 4 ++--
.../auditing/basic-audit-directory-service-access.md | 4 ++--
.../threat-protection/auditing/basic-audit-logon-events.md | 4 ++--
.../threat-protection/auditing/basic-audit-object-access.md | 4 ++--
.../threat-protection/auditing/basic-audit-policy-change.md | 4 ++--
.../threat-protection/auditing/basic-audit-privilege-use.md | 4 ++--
.../auditing/basic-audit-process-tracking.md | 4 ++--
.../threat-protection/auditing/basic-audit-system-events.md | 4 ++--
.../auditing/basic-security-audit-policies.md | 4 ++--
.../auditing/basic-security-audit-policy-settings.md | 4 ++--
...ate-a-basic-audit-policy-settings-for-an-event-category.md | 4 ++--
windows/security/threat-protection/auditing/event-1100.md | 4 ++--
windows/security/threat-protection/auditing/event-1102.md | 4 ++--
windows/security/threat-protection/auditing/event-1104.md | 4 ++--
windows/security/threat-protection/auditing/event-1105.md | 4 ++--
windows/security/threat-protection/auditing/event-1108.md | 4 ++--
windows/security/threat-protection/auditing/event-4608.md | 4 ++--
windows/security/threat-protection/auditing/event-4610.md | 4 ++--
windows/security/threat-protection/auditing/event-4611.md | 4 ++--
windows/security/threat-protection/auditing/event-4612.md | 4 ++--
windows/security/threat-protection/auditing/event-4614.md | 4 ++--
windows/security/threat-protection/auditing/event-4615.md | 4 ++--
windows/security/threat-protection/auditing/event-4616.md | 4 ++--
windows/security/threat-protection/auditing/event-4618.md | 4 ++--
windows/security/threat-protection/auditing/event-4621.md | 4 ++--
windows/security/threat-protection/auditing/event-4622.md | 4 ++--
windows/security/threat-protection/auditing/event-4624.md | 4 ++--
windows/security/threat-protection/auditing/event-4625.md | 4 ++--
windows/security/threat-protection/auditing/event-4626.md | 4 ++--
windows/security/threat-protection/auditing/event-4627.md | 4 ++--
windows/security/threat-protection/auditing/event-4634.md | 4 ++--
windows/security/threat-protection/auditing/event-4647.md | 4 ++--
windows/security/threat-protection/auditing/event-4648.md | 4 ++--
windows/security/threat-protection/auditing/event-4649.md | 4 ++--
windows/security/threat-protection/auditing/event-4656.md | 4 ++--
windows/security/threat-protection/auditing/event-4657.md | 4 ++--
windows/security/threat-protection/auditing/event-4658.md | 4 ++--
windows/security/threat-protection/auditing/event-4660.md | 4 ++--
windows/security/threat-protection/auditing/event-4661.md | 4 ++--
windows/security/threat-protection/auditing/event-4662.md | 4 ++--
windows/security/threat-protection/auditing/event-4663.md | 4 ++--
windows/security/threat-protection/auditing/event-4664.md | 4 ++--
windows/security/threat-protection/auditing/event-4670.md | 4 ++--
56 files changed, 112 insertions(+), 112 deletions(-)
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index eae70e36ee..4277dd71c8 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Removable Storage
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index 0b881d3f43..27dc6938be 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit RPC Events
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index 4297c79c86..1f295079c7 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit SAM
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 5d21c7bd36..6fe81c704f 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security Group Management
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index 7e25a9e858..94c6d1f229 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security State Change
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index f2a020e961..fbda6e4cbb 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Security System Extension
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index 3b87a0810f..eb8714f152 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Sensitive Privilege Use
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index ef4cf15494..8f865d11bc 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit Special Logon
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index 59ddddcc56..761abff74a 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit System Integrity
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index 5eb81c872a..df3e720b31 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -5,8 +5,8 @@ manager: aaroncz
author: vinaypamnani-msft
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
---
# Audit Token Right Adjusted
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index e1460e7aa6..7efa2301e3 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit User Account Management
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index adfe26b5d1..750c5568ca 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -6,13 +6,13 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: vinaypamnani-msft
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit User/Device Claims
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index fd30c96538..c40298d5a5 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit account logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 5198cd91e7..2327ae1658 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each event of account management on a d
ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit account management
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index 6baff08ecd..bbd62c2d7f 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -4,7 +4,7 @@ description: Determines whether to audit the event of a user accessing an Active
ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit directory service access
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index 414793c373..b502700f38 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user logging on to o
ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit logon events
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index eea30b98ef..5223f78f44 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -4,7 +4,7 @@ description: The policy setting, Audit object access, determines whether to audi
ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit object access
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index b96ea7b99e..698273ad21 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -4,7 +4,7 @@ description: Determines whether to audit every incident of a change to user righ
ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit policy change
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index a0d131b788..202483cba9 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -4,7 +4,7 @@ description: Determines whether to audit each instance of a user exercising a us
ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit privilege use
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index e1e8ec83dc..96125dc789 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -4,7 +4,7 @@ description: Determines whether to audit detailed tracking information for event
ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit process tracking
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 0f47401092..951ca143f2 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -4,7 +4,7 @@ description: Determines whether to audit when a user restarts or shuts down the
ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Audit system events
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index ba11dec1f1..e05747ce76 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -4,7 +4,7 @@ description: Learn about basic security audit policies that specify the categori
ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Basic security audit policies
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index 306c7c8339..bbc3b39ae8 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: Basic security audit policy settings are found under Computer Confi
ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/06/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Basic security audit policy settings
diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index af627fc630..431c0d89e2 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -4,7 +4,7 @@ description: By defining auditing settings for specific event categories, you ca
ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
ms.reviewer:
ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# Create a basic audit policy for an event category
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index 32ae7fc631..b5e2bfaf89 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -2,7 +2,7 @@
title: 1100(S) The event logging service has shut down. (Windows 10)
description: Describes security event 1100(S) The event logging service has shut down.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1100(S): The event logging service has shut down.
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index 26db20429c..3da9fc2a33 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -2,7 +2,7 @@
title: 1102(S) The audit log was cleared. (Windows 10)
description: Though you shouldn't normally see it, this event generates every time Windows Security audit log is cleared. This is for event 1102(S).
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1102(S): The audit log was cleared.
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 2dc26ce28a..71e08f1f79 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -2,7 +2,7 @@
title: 1104(S) The security log is now full. (Windows 10)
description: This event generates every time Windows security log becomes full and the event log retention method is set to Do not overwrite events.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1104(S): The security log is now full.
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index 876b254fac..6eea66a2d6 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -2,7 +2,7 @@
title: 1105(S) Event log automatic backup. (Windows 10)
description: This event generates every time Windows security log becomes full and new event log file was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1105(S): Event log automatic backup
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index b29bdbea27..3ef547a322 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -2,7 +2,7 @@
title: The event logging service encountered an error (Windows 10)
description: Describes security event 1108(S) The event logging service encountered an error while processing an incoming event published from %1.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index e461d3a1f0..51e0c51819 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -2,7 +2,7 @@
title: 4608(S) Windows is starting up. (Windows 10)
description: Describes security event 4608(S) Windows is starting up. This event is logged when the LSASS.EXE process starts and the auditing subsystem is initialized.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4608(S): Windows is starting up.
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index a9256d7167..cbb410b55d 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -2,7 +2,7 @@
title: 4610(S) An authentication package has been loaded by the Local Security Authority. (Windows 10)
description: Describes security event 4610(S) An authentication package has been loaded by the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4610(S): An authentication package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index ddfd12cebd..0f4b7b7a55 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -2,7 +2,7 @@
title: 4611(S) A trusted logon process has been registered with the Local Security Authority. (Windows 10)
description: Describes security event 4611(S) A trusted logon process has been registered with the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index 1894b7e87a..15ba866bce 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -2,7 +2,7 @@
title: 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. (Windows 10)
description: Describes security event 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index 00aa2bf61d..1dbbdeeefe 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -2,7 +2,7 @@
title: 4614(S) A notification package has been loaded by the Security Account Manager. (Windows 10)
description: Describes security event 4614(S) A notification package has been loaded by the Security Account Manager.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4614(S): A notification package has been loaded by the Security Account Manager.
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index a71a72d981..d3cd763690 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -2,7 +2,7 @@
title: 4615(S) Invalid use of LPC port. (Windows 10)
description: Describes security event 4615(S) Invalid use of LPC port. It appears that the Invalid use of LPC port event never occurs.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4615(S): Invalid use of LPC port.
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index 62f402ee6c..6c96460629 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -2,7 +2,7 @@
title: 4616(S) The system time was changed. (Windows 10)
description: Describes security event 4616(S) The system time was changed. This event is generated every time system time is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4616(S): The system time was changed.
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index 52790766da..dcbe79c3ac 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -2,7 +2,7 @@
title: 4618(S) A monitored security event pattern has occurred. (Windows 10)
description: Describes security event 4618(S) A monitored security event pattern has occurred.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4618(S): A monitored security event pattern has occurred.
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 145a52481e..8d85ca11c8 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -2,7 +2,7 @@
title: 4621(S) Administrator recovered system from CrashOnAuditFail. (Windows 10)
description: Describes security event 4621(S) Administrator recovered system from CrashOnAuditFail.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4621(S): Administrator recovered system from CrashOnAuditFail.
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index d71804453a..b4d338e351 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -2,7 +2,7 @@
title: 4622(S) A security package has been loaded by the Local Security Authority. (Windows 10)
description: Describes security event 4622(S) A security package has been loaded by the Local Security Authority.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4622(S): A security package has been loaded by the Local Security Authority.
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index af8492549e..9a4d514219 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -2,7 +2,7 @@
title: 4624(S) An account was successfully logged on. (Windows 10)
description: Describes security event 4624(S) An account was successfully logged on.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4624(S): An account was successfully logged on.
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index a8cf41f43c..0f5213ddb9 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -2,7 +2,7 @@
title: 4625(F) An account failed to log on. (Windows 10)
description: Describes security event 4625(F) An account failed to log on. This event is generated if an account logon attempt failed for a locked out account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 01/03/2022
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4625(F): An account failed to log on.
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 40dda4fb91..d855d40847 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -2,7 +2,7 @@
title: 4626(S) User/Device claims information. (Windows 10)
description: Describes security event 4626(S) User/Device claims information. This event is generated for new account logons.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4626(S): User/Device claims information.
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 2ced3b38aa..b86dcd5739 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -2,7 +2,7 @@
title: 4627(S) Group membership information. (Windows 10)
description: Describes security event 4627(S) Group membership information. This event is generated with event 4624(S) An account was successfully logged on.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4627(S): Group membership information.
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index 3c9d5b5fcb..467dedd19f 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -2,7 +2,7 @@
title: 4634(S) An account was logged off. (Windows 10)
description: Describes security event 4634(S) An account was logged off. This event is generated when a logon session is terminated and no longer exists.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4634(S): An account was logged off.
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 75ebc4000b..9ff4d6507e 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -2,7 +2,7 @@
title: 4647(S) User initiated logoff. (Windows 10)
description: Describes security event 4647(S) User initiated logoff. This event is generated when a logoff is initiated. No further user-initiated activity can occur.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4647(S): User initiated logoff.
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 38f6872968..b0cab6c7cd 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -2,7 +2,7 @@
title: 4648(S) A logon was attempted using explicit credentials. (Windows 10)
description: Describes security event 4648(S) A logon was attempted using explicit credentials.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4648(S): A logon was attempted using explicit credentials.
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index eb4add10ec..4447ed9ef5 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -2,7 +2,7 @@
title: 4649(S) A replay attack was detected. (Windows 10)
description: Describes security event 4649(S) A replay attack was detected. This event is generated when a KRB_AP_ERR_REPEAT Kerberos response is sent to the client.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4649(S): A replay attack was detected.
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index e00a414562..4f9aa3d55a 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -2,7 +2,7 @@
title: 4656(S, F) A handle to an object was requested. (Windows 10)
description: Describes security event 4656(S, F) A handle to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4656(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index 5d5f2aa622..fbe96e603d 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -2,7 +2,7 @@
title: 4657(S) A registry value was modified. (Windows 10)
description: Describes security event 4657(S) A registry value was modified. This event is generated when a registry key value is modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4657(S): A registry value was modified.
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 2529318f4c..c577dd8cb1 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -2,7 +2,7 @@
title: 4658(S) The handle to an object was closed. (Windows 10)
description: Describes security event 4658(S) The handle to an object was closed. This event is generated when the handle to an object is closed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4658(S): The handle to an object was closed.
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 78d23e5710..52e57a1502 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -2,7 +2,7 @@
title: 4660(S) An object was deleted. (Windows 10)
description: Describes security event 4660(S) An object was deleted. This event is generated when an object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4660(S): An object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index 21aab6e49b..bf8b9b0543 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -2,7 +2,7 @@
title: 4661(S, F) A handle to an object was requested. (Windows 10)
description: Describes security event 4661(S, F) A handle to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4661(S, F): A handle to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index 46ca1c34bf..cdc37e9ac3 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -2,7 +2,7 @@
title: 4662(S, F) An operation was performed on an object. (Windows 10)
description: Describes security event 4662(S, F) An operation was performed on an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4662(S, F): An operation was performed on an object.
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index b407e338d2..e92604294e 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -2,7 +2,7 @@
title: 4663(S) An attempt was made to access an object. (Windows 10)
description: Describes security event 4663(S) An attempt was made to access an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4663(S): An attempt was made to access an object.
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index c3c06a1bff..5d20d8cbda 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -2,7 +2,7 @@
title: 4664(S) An attempt was made to create a hard link. (Windows 10)
description: Describes security event 4664(S) An attempt was made to create a hard link.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4664(S): An attempt was made to create a hard link.
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index 3c34a477b3..1775901f8b 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -2,7 +2,7 @@
title: 4670(S) Permissions on an object were changed. (Windows 10)
description: Describes security event 4670(S) Permissions on an object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4670(S): Permissions on an object were changed.
From 40fe3a82f32b832e04ebcea42f2c6a3eb36d1ad6 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:38:44 -0400
Subject: [PATCH 05/11] meta security 7
---
windows/security/threat-protection/auditing/event-4671.md | 4 ++--
windows/security/threat-protection/auditing/event-4672.md | 4 ++--
windows/security/threat-protection/auditing/event-4673.md | 4 ++--
windows/security/threat-protection/auditing/event-4674.md | 4 ++--
windows/security/threat-protection/auditing/event-4675.md | 4 ++--
windows/security/threat-protection/auditing/event-4688.md | 4 ++--
windows/security/threat-protection/auditing/event-4689.md | 4 ++--
windows/security/threat-protection/auditing/event-4690.md | 4 ++--
windows/security/threat-protection/auditing/event-4691.md | 4 ++--
windows/security/threat-protection/auditing/event-4692.md | 4 ++--
windows/security/threat-protection/auditing/event-4693.md | 4 ++--
windows/security/threat-protection/auditing/event-4694.md | 4 ++--
windows/security/threat-protection/auditing/event-4695.md | 4 ++--
windows/security/threat-protection/auditing/event-4696.md | 4 ++--
windows/security/threat-protection/auditing/event-4697.md | 4 ++--
windows/security/threat-protection/auditing/event-4698.md | 4 ++--
windows/security/threat-protection/auditing/event-4699.md | 4 ++--
windows/security/threat-protection/auditing/event-4700.md | 4 ++--
windows/security/threat-protection/auditing/event-4701.md | 4 ++--
windows/security/threat-protection/auditing/event-4702.md | 4 ++--
windows/security/threat-protection/auditing/event-4703.md | 4 ++--
windows/security/threat-protection/auditing/event-4704.md | 4 ++--
windows/security/threat-protection/auditing/event-4705.md | 4 ++--
windows/security/threat-protection/auditing/event-4706.md | 4 ++--
windows/security/threat-protection/auditing/event-4707.md | 4 ++--
windows/security/threat-protection/auditing/event-4713.md | 4 ++--
windows/security/threat-protection/auditing/event-4714.md | 4 ++--
windows/security/threat-protection/auditing/event-4715.md | 4 ++--
windows/security/threat-protection/auditing/event-4716.md | 4 ++--
windows/security/threat-protection/auditing/event-4717.md | 4 ++--
windows/security/threat-protection/auditing/event-4718.md | 4 ++--
windows/security/threat-protection/auditing/event-4719.md | 4 ++--
windows/security/threat-protection/auditing/event-4720.md | 4 ++--
windows/security/threat-protection/auditing/event-4722.md | 4 ++--
windows/security/threat-protection/auditing/event-4723.md | 4 ++--
windows/security/threat-protection/auditing/event-4724.md | 4 ++--
windows/security/threat-protection/auditing/event-4725.md | 4 ++--
windows/security/threat-protection/auditing/event-4726.md | 4 ++--
windows/security/threat-protection/auditing/event-4731.md | 4 ++--
windows/security/threat-protection/auditing/event-4732.md | 4 ++--
windows/security/threat-protection/auditing/event-4733.md | 4 ++--
windows/security/threat-protection/auditing/event-4734.md | 4 ++--
windows/security/threat-protection/auditing/event-4735.md | 4 ++--
windows/security/threat-protection/auditing/event-4738.md | 4 ++--
windows/security/threat-protection/auditing/event-4739.md | 4 ++--
windows/security/threat-protection/auditing/event-4740.md | 4 ++--
windows/security/threat-protection/auditing/event-4741.md | 4 ++--
windows/security/threat-protection/auditing/event-4742.md | 4 ++--
windows/security/threat-protection/auditing/event-4743.md | 4 ++--
windows/security/threat-protection/auditing/event-4749.md | 4 ++--
windows/security/threat-protection/auditing/event-4750.md | 4 ++--
windows/security/threat-protection/auditing/event-4751.md | 4 ++--
52 files changed, 104 insertions(+), 104 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index b3d70bd49a..7a1ee6965a 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -2,7 +2,7 @@
title: 4671(-) An application attempted to access a blocked ordinal through the TBS. (Windows 10)
description: Describes security event 4671(-) An application attempted to access a blocked ordinal through the TBS.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4671(-): An application attempted to access a blocked ordinal through the TBS.
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index b1dcd19a2f..25a4365bb7 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -2,7 +2,7 @@
title: 4672(S) Special privileges assigned to new logon. (Windows 10)
description: Describes security event 4672(S) Special privileges assigned to new logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4672(S): Special privileges assigned to new logon.
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index 816f3243d3..e4ba4b8a01 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -2,7 +2,7 @@
title: 4673(S, F) A privileged service was called. (Windows 10)
description: Describes security event 4673(S, F) A privileged service was called. This event is generated for an attempt to perform privileged system service operations.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4673(S, F): A privileged service was called.
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index 4811afdc89..09b8e8a50e 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -2,7 +2,7 @@
title: 4674(S, F) An operation was attempted on a privileged object. (Windows 10)
description: Describes security event 4674(S, F) An operation was attempted on a privileged object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4674(S, F): An operation was attempted on a privileged object.
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index c39393eaeb..8a6b84b8e9 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -2,7 +2,7 @@
title: 4675(S) SIDs were filtered. (Windows 10)
description: Describes security event 4675(S) SIDs were filtered. This event is generated when SIDs were filtered for a specific Active Directory trust.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4675(S): SIDs were filtered.
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 9fb85668e9..3de0d6acc5 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -2,7 +2,7 @@
title: 4688(S) A new process has been created. (Windows 10)
description: Describes security event 4688(S) A new process has been created. This event is generated when a new process starts.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 01/24/2022
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4688(S): A new process has been created.
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 4ce41a0a7f..e64fd85f5a 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -2,7 +2,7 @@
title: 4689(S) A process has exited. (Windows 10)
description: Describes security event 4689(S) A process has exited. This event is generates when a process exits.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4689(S): A process has exited.
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index d199963bc4..25c57686e5 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -2,7 +2,7 @@
title: 4690(S) An attempt was made to duplicate a handle to an object. (Windows 10)
description: Describes security event 4690(S) An attempt was made to duplicate a handle to an object.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4690(S): An attempt was made to duplicate a handle to an object.
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index c4cabb426e..140889746d 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -2,7 +2,7 @@
title: 4691(S) Indirect access to an object was requested. (Windows 10)
description: Describes security event 4691(S) Indirect access to an object was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4691(S): Indirect access to an object was requested.
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index b4655573c6..ac9b7268ca 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -2,7 +2,7 @@
title: 4692(S, F) Backup of data protection master key was attempted. (Windows 10)
description: Describes security event 4692(S, F) Backup of data protection master key was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4692(S, F): Backup of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 604b596451..4676511260 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -2,7 +2,7 @@
title: 4693(S, F) Recovery of data protection master key was attempted. (Windows 10)
description: Describes security event 4693(S, F) Recovery of data protection master key was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4693(S, F): Recovery of data protection master key was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index 0282e7d3b4..dc24a37fc9 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -2,7 +2,7 @@
title: 4694(S, F) Protection of auditable protected data was attempted. (Windows 10)
description: Describes security event 4694(S, F) Protection of auditable protected data was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4694(S, F): Protection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 0a1c8102df..78c1b43834 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -2,7 +2,7 @@
title: 4695(S, F) Unprotection of auditable protected data was attempted. (Windows 10)
description: Describes security event 4695(S, F) Unprotection of auditable protected data was attempted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4695(S, F): Unprotection of auditable protected data was attempted.
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index 503e8c18b5..16c7a8e333 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -2,7 +2,7 @@
title: 4696(S) A primary token was assigned to process. (Windows 10)
description: Describes security event 4696(S) A primary token was assigned to process.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4696(S): A primary token was assigned to process.
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 6ca2ffe88c..348ae3a7a9 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -2,7 +2,7 @@
title: 4697(S) A service was installed in the system. (Windows 10)
description: Describes security event 4697(S) A service was installed in the system.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4697(S): A service was installed in the system.
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index 0e8b5ef51d..7eb2d41a68 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -2,7 +2,7 @@
title: 4698(S) A scheduled task was created. (Windows 10)
description: Describes security event 4698(S) A scheduled task was created. This event is generated when a scheduled task is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4698(S): A scheduled task was created.
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index a9d14b8c99..258b0a31d3 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -2,7 +2,7 @@
title: 4699(S) A scheduled task was deleted. (Windows 10)
description: Describes security event 4699(S) A scheduled task was deleted. This event is generated every time a scheduled task is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4699(S): A scheduled task was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index 9846182ff5..aa1ef1cc10 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -2,7 +2,7 @@
title: 4700(S) A scheduled task was enabled. (Windows 10)
description: Describes security event 4700(S) A scheduled task was enabled. This event is generated every time a scheduled task is enabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4700(S): A scheduled task was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index 8efade99fd..11a6147179 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -2,7 +2,7 @@
title: 4701(S) A scheduled task was disabled. (Windows 10)
description: Describes security event 4701(S) A scheduled task was disabled. This event is generated every time a scheduled task is disabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4701(S): A scheduled task was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index 7be335c868..a738b7753e 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -2,7 +2,7 @@
title: 4702(S) A scheduled task was updated. (Windows 10)
description: Describes security event 4702(S) A scheduled task was updated. This event is generated when a scheduled task is updated/changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4702(S): A scheduled task was updated.
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index b96826a470..a4200af9ea 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -2,7 +2,7 @@
title: 4703(S) A user right was adjusted. (Windows 10)
description: Describes security event 4703(S) A user right was adjusted. This event is generated when token privileges are enabled or disabled for a specific account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4703(S): A user right was adjusted.
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index 461a643a95..0780690284 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -2,7 +2,7 @@
title: 4704(S) A user right was assigned. (Windows 10)
description: Describes security event 4704(S) A user right was assigned. This event is generated when a user right is assigned to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4704(S): A user right was assigned.
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 70cfbfdc90..afd7149169 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -2,7 +2,7 @@
title: 4705(S) A user right was removed. (Windows 10)
description: Describes security event 4705(S) A user right was removed. This event is generated when a user right is removed from an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4705(S): A user right was removed.
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index bdbee520fb..c6ff0bb373 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -2,7 +2,7 @@
title: 4706(S) A new trust was created to a domain. (Windows 10)
description: Describes security event 4706(S) A new trust was created to a domain. This event is generated when a new trust is created for a domain.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4706(S): A new trust was created to a domain.
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index 6cd9f771d0..28b13b2cb0 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -2,7 +2,7 @@
title: 4707(S) A trust to a domain was removed. (Windows 10)
description: Describes security event 4707(S) A trust to a domain was removed. This event is generated when a domain trust is removed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4707(S): A trust to a domain was removed.
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 9940e66d35..e92aa50675 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -2,7 +2,7 @@
title: 4713(S) Kerberos policy was changed. (Windows 10)
description: Describes security event 4713(S) Kerberos policy was changed. This event is generated when Kerberos policy is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4713(S): Kerberos policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index 38aad24335..77709fc5c7 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -2,7 +2,7 @@
title: 4714(S) Encrypted data recovery policy was changed. (Windows 10)
description: Describes security event 4714(S) Encrypted data recovery policy was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4714(S): Encrypted data recovery policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index 129d5815bb..82b24bae92 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -2,7 +2,7 @@
title: 4715(S) The audit policy (SACL) on an object was changed. (Windows 10)
description: Describes security event 4715(S) The audit policy (SACL) on an object was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4715(S): The audit policy (SACL) on an object was changed.
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index cd10d369cb..f6d57fece2 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -2,7 +2,7 @@
title: 4716(S) Trusted domain information was modified. (Windows 10)
description: Describes security event 4716(S) Trusted domain information was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4716(S): Trusted domain information was modified.
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index 7f78cff24b..dc449a8758 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -2,7 +2,7 @@
title: 4717(S) System security access was granted to an account. (Windows 10)
description: Describes security event 4717(S) System security access was granted to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4717(S): System security access was granted to an account.
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 244c704a46..7a47fa5d37 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -2,7 +2,7 @@
title: 4718(S) System security access was removed from an account. (Windows 10)
description: Describes security event 4718(S) System security access was removed from an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4718(S): System security access was removed from an account.
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index 7573462403..97711ffdf7 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -2,7 +2,7 @@
title: 4719(S) System audit policy was changed. (Windows 10)
description: Describes security event 4719(S) System audit policy was changed. This event is generated when the computer audit policy changes.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4719(S): System audit policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index 92f0e29689..bb732fd1dd 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -2,7 +2,7 @@
title: 4720(S) A user account was created. (Windows 10)
description: Describes security event 4720(S) A user account was created. This event is generated a user object is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4720(S): A user account was created.
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index 4c4760577c..1d82961714 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -2,7 +2,7 @@
title: 4722(S) A user account was enabled. (Windows 10)
description: Describes security event 4722(S) A user account was enabled. This event is generated when a user or computer object is enabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4722(S): A user account was enabled.
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index 8f28c2cd9e..f63004d706 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -2,7 +2,7 @@
title: 4723(S, F) An attempt was made to change an account's password. (Windows 10)
description: Describes security event 4723(S, F) An attempt was made to change an account's password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4723(S, F): An attempt was made to change an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index 86ee75c102..a36b61acac 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -2,7 +2,7 @@
title: 4724(S, F) An attempt was made to reset an account's password. (Windows 10)
description: Describes security event 4724(S, F) An attempt was made to reset an account's password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4724(S, F): An attempt was made to reset an account's password.
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index bb763a6d94..731fa570ad 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -2,7 +2,7 @@
title: 4725(S) A user account was disabled. (Windows 10)
description: Describes security event 4725(S) A user account was disabled. This event is generated when a user or computer object is disabled.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4725(S): A user account was disabled.
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index 3b94a9d932..620ba8bbeb 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -2,7 +2,7 @@
title: 4726(S) A user account was deleted. (Windows 10)
description: Describes security event 4726(S) A user account was deleted. This event is generated when a user object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4726(S): A user account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index 14024e54dc..39426b84ac 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -2,7 +2,7 @@
title: 4731(S) A security-enabled local group was created. (Windows 10)
description: Describes security event 4731(S) A security-enabled local group was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4731(S): A security-enabled local group was created.
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index e664066bea..e68eecbb3d 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -2,7 +2,7 @@
title: 4732(S) A member was added to a security-enabled local group. (Windows 10)
description: Describes security event 4732(S) A member was added to a security-enabled local group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4732(S): A member was added to a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index aecd37a11c..b3dcf94109 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -2,7 +2,7 @@
title: 4733(S) A member was removed from a security-enabled local group. (Windows 10)
description: Describes security event 4733(S) A member was removed from a security-enabled local group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4733(S): A member was removed from a security-enabled local group.
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index 4c58d09b59..2f83cfa9a5 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -2,7 +2,7 @@
title: 4734(S) A security-enabled local group was deleted. (Windows 10)
description: Describes security event 4734(S) A security-enabled local group was deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4734(S): A security-enabled local group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index ce3d862ef1..f590b87f44 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -2,7 +2,7 @@
title: 4735(S) A security-enabled local group was changed. (Windows 10)
description: Describes security event 4735(S) A security-enabled local group was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4735(S): A security-enabled local group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index 0c8fb36711..ef5a72da75 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -2,7 +2,7 @@
title: 4738(S) A user account was changed. (Windows 10)
description: Describes security event 4738(S) A user account was changed. This event is generated when a user object is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4738(S): A user account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index 5f10b369d3..4ecbfdf064 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -2,7 +2,7 @@
title: 4739(S) Domain Policy was changed. (Windows 10)
description: Describes security event 4739(S) Domain Policy was changed. This event is generated when certain changes are made to the local computer security policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4739(S): Domain Policy was changed.
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 4d0b0d8df2..63c75713f7 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -2,7 +2,7 @@
title: 4740(S) A user account was locked out. (Windows 10)
description: Describes security event 4740(S) A user account was locked out. This event is generated every time a user account is locked out.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4740(S): A user account was locked out.
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index 70b34fee70..0152e427a6 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -2,7 +2,7 @@
title: 4741(S) A computer account was created. (Windows 10)
description: Describes security event 4741(S) A computer account was created. This event is generated every time a computer object is created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4741(S): A computer account was created.
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index da608ef607..de51f96421 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -2,7 +2,7 @@
title: 4742(S) A computer account was changed. (Windows 10)
description: Describes security event 4742(S) A computer account was changed. This event is generated every time a computer object is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4742(S): A computer account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index e439cd89ae..cfa007a9b7 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -2,7 +2,7 @@
title: 4743(S) A computer account was deleted. (Windows 10)
description: Describes security event 4743(S) A computer account was deleted. This event is generated every time a computer object is deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4743(S): A computer account was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index fd2d5944a0..f49d9f6c7c 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -2,7 +2,7 @@
title: 4749(S) A security-disabled global group was created. (Windows 10)
description: Describes security event 4749(S) A security-disabled global group was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4749(S): A security-disabled global group was created.
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index f44abd9c34..aa3be8fba0 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -2,7 +2,7 @@
title: 4750(S) A security-disabled global group was changed. (Windows 10)
description: Describes security event 4750(S) A security-disabled global group was changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4750(S): A security-disabled global group was changed.
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index 1f8e570ad1..fdd8a37fcc 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -2,7 +2,7 @@
title: 4751(S) A member was added to a security-disabled global group. (Windows 10)
description: Describes security event 4751(S) A member was added to a security-disabled global group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4751(S): A member was added to a security-disabled global group.
From e7f68ab734a00c2fb34a70e1c885046f5647b6e5 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Tue, 25 Oct 2022 12:44:29 -0400
Subject: [PATCH 06/11] meta security 8
---
windows/security/threat-protection/auditing/event-4752.md | 4 ++--
windows/security/threat-protection/auditing/event-4753.md | 4 ++--
windows/security/threat-protection/auditing/event-4764.md | 4 ++--
windows/security/threat-protection/auditing/event-4765.md | 4 ++--
windows/security/threat-protection/auditing/event-4766.md | 4 ++--
windows/security/threat-protection/auditing/event-4767.md | 4 ++--
windows/security/threat-protection/auditing/event-4768.md | 4 ++--
windows/security/threat-protection/auditing/event-4769.md | 4 ++--
windows/security/threat-protection/auditing/event-4770.md | 4 ++--
windows/security/threat-protection/auditing/event-4771.md | 4 ++--
windows/security/threat-protection/auditing/event-4772.md | 4 ++--
windows/security/threat-protection/auditing/event-4773.md | 4 ++--
windows/security/threat-protection/auditing/event-4774.md | 4 ++--
windows/security/threat-protection/auditing/event-4775.md | 4 ++--
windows/security/threat-protection/auditing/event-4776.md | 4 ++--
windows/security/threat-protection/auditing/event-4777.md | 4 ++--
windows/security/threat-protection/auditing/event-4778.md | 4 ++--
windows/security/threat-protection/auditing/event-4779.md | 4 ++--
windows/security/threat-protection/auditing/event-4780.md | 4 ++--
windows/security/threat-protection/auditing/event-4781.md | 4 ++--
windows/security/threat-protection/auditing/event-4782.md | 4 ++--
windows/security/threat-protection/auditing/event-4793.md | 4 ++--
windows/security/threat-protection/auditing/event-4794.md | 4 ++--
windows/security/threat-protection/auditing/event-4798.md | 4 ++--
windows/security/threat-protection/auditing/event-4799.md | 4 ++--
windows/security/threat-protection/auditing/event-4800.md | 4 ++--
windows/security/threat-protection/auditing/event-4801.md | 4 ++--
windows/security/threat-protection/auditing/event-4802.md | 4 ++--
windows/security/threat-protection/auditing/event-4803.md | 4 ++--
windows/security/threat-protection/auditing/event-4816.md | 4 ++--
windows/security/threat-protection/auditing/event-4817.md | 4 ++--
windows/security/threat-protection/auditing/event-4818.md | 4 ++--
windows/security/threat-protection/auditing/event-4819.md | 4 ++--
windows/security/threat-protection/auditing/event-4826.md | 4 ++--
windows/security/threat-protection/auditing/event-4864.md | 4 ++--
windows/security/threat-protection/auditing/event-4865.md | 4 ++--
windows/security/threat-protection/auditing/event-4866.md | 4 ++--
windows/security/threat-protection/auditing/event-4867.md | 4 ++--
windows/security/threat-protection/auditing/event-4902.md | 4 ++--
windows/security/threat-protection/auditing/event-4904.md | 4 ++--
windows/security/threat-protection/auditing/event-4905.md | 4 ++--
windows/security/threat-protection/auditing/event-4906.md | 4 ++--
windows/security/threat-protection/auditing/event-4907.md | 4 ++--
43 files changed, 86 insertions(+), 86 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index dfb6e1ca78..d49e422f9e 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -2,7 +2,7 @@
title: 4752(S) A member was removed from a security-disabled global group. (Windows 10)
description: Describes security event 4752(S) A member was removed from a security-disabled global group.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4752(S): A member was removed from a security-disabled global group.
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index d058d6c67b..b5f941a040 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -2,7 +2,7 @@
title: 4753(S) A security-disabled global group was deleted. (Windows 10)
description: Describes security event 4753(S) A security-disabled global group was deleted.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4753(S): A security-disabled global group was deleted.
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index 1d1c326b32..85824b3df3 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -2,7 +2,7 @@
title: 4764(S) A group's type was changed. (Windows 10)
description: Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4764(S): A group’s type was changed.
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index 975ba6c6fd..cf78144c6a 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -2,7 +2,7 @@
title: 4765(S) SID History was added to an account. (Windows 10)
description: Describes security event 4765(S) SID History was added to an account. This event is generated when SID History is added to an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4765(S): SID History was added to an account.
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index f4c4c72b08..4178c53a80 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -2,7 +2,7 @@
title: 4766(F) An attempt to add SID History to an account failed. (Windows 10)
description: Describes security event 4766(F) An attempt to add SID History to an account failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4766(F): An attempt to add SID History to an account failed.
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index 15cbfe61f0..21beb6c3ec 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -2,7 +2,7 @@
title: 4767(S) A user account was unlocked. (Windows 10)
description: Describes security event 4767(S) A user account was unlocked. This event is generated every time a user account is unlocked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4767(S): A user account was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 2504a29182..dee5834cc1 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -2,7 +2,7 @@
title: 4768(S, F) A Kerberos authentication ticket (TGT) was requested. (Windows 10)
description: Describes security event 4768(S, F) A Kerberos authentication ticket (TGT) was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 10/20/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index b6d214a0e6..b6609e7858 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -2,7 +2,7 @@
title: 4769(S, F) A Kerberos service ticket was requested. (Windows 10)
description: Describes security event 4769(S, F) A Kerberos service ticket was requested.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4769(S, F): A Kerberos service ticket was requested.
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index ad500f9438..b24835b3ba 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -2,7 +2,7 @@
title: 4770(S) A Kerberos service ticket was renewed. (Windows 10)
description: Describes security event 4770(S) A Kerberos service ticket was renewed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4770(S): A Kerberos service ticket was renewed.
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index 2bf678cb5f..b0725e0cf9 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -2,7 +2,7 @@
title: 4771(F) Kerberos pre-authentication failed. (Windows 10)
description: Describes security event 4771(F) Kerberos pre-authentication failed. This event is generated when the Key Distribution Center fails to issue a Kerberos TGT.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4771(F): Kerberos pre-authentication failed.
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index b47920e1a2..54fdd53057 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -2,7 +2,7 @@
title: 4772(F) A Kerberos authentication ticket request failed. (Windows 10)
description: Describes security event 4772(F) A Kerberos authentication ticket request failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4772(F): A Kerberos authentication ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index 64b64b2a7f..e3ad7e5b20 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -2,7 +2,7 @@
title: 4773(F) A Kerberos service ticket request failed. (Windows 10)
description: Describes security event 4773(F) A Kerberos service ticket request failed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4773(F): A Kerberos service ticket request failed.
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index d90262ba63..98d30ae44b 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -2,7 +2,7 @@
title: 4774(S, F) An account was mapped for logon. (Windows 10)
description: Describes security event 4774(S, F) An account was mapped for logon. This event is generated when an account is mapped for logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4774(S, F): An account was mapped for logon.
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index f3e9fe6fb3..285efe300f 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -2,7 +2,7 @@
title: 4775(F) An account could not be mapped for logon. (Windows 10)
description: Describes security event 4775(F) An account could not be mapped for logon.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4775(F): An account could not be mapped for logon.
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index 70a1ddd981..ba75ba50eb 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -2,7 +2,7 @@
title: 4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10)
description: Describes security event 4776(S, F) The computer attempted to validate the credentials for an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/13/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4776(S, F): The computer attempted to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index 2c4d16c520..21749ac3ac 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -2,7 +2,7 @@
title: 4777(F) The domain controller failed to validate the credentials for an account. (Windows 10)
description: Describes security event 4777(F) The domain controller failed to validate the credentials for an account.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4777(F): The domain controller failed to validate the credentials for an account.
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index f0f007b611..f9f3175763 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -2,7 +2,7 @@
title: 4778(S) A session was reconnected to a Window Station. (Windows 10)
description: Describes security event 4778(S) A session was reconnected to a Window Station.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4778(S): A session was reconnected to a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 6968f7112c..4edf0f6668 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -2,7 +2,7 @@
title: 4779(S) A session was disconnected from a Window Station. (Windows 10)
description: Describes security event 4779(S) A session was disconnected from a Window Station.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4779(S): A session was disconnected from a Window Station.
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 4cdb52c09c..982fa983de 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -2,7 +2,7 @@
title: 4780(S) The ACL was set on accounts which are members of administrators groups. (Windows 10)
description: Describes security event 4780(S) The ACL was set on accounts which are members of administrators groups.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4780(S): The ACL was set on accounts which are members of administrators groups.
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index f983f65ab6..856cd7cb4b 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -2,7 +2,7 @@
title: 4781(S) The name of an account was changed. (Windows 10)
description: Describes security event 4781(S) The name of an account was changed. This event is generated every time a user or computer account name is changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4781(S): The name of an account was changed.
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index f99d8cfc38..3a6d312600 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -2,7 +2,7 @@
title: 4782(S) The password hash of an account was accessed. (Windows 10)
description: Describes security event 4782(S) The password hash of an account was accessed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4782(S): The password hash of an account was accessed.
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index f09632d7ae..7c64bea4eb 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -2,7 +2,7 @@
title: 4793(S) The Password Policy Checking API was called. (Windows 10)
description: Describes security event 4793(S) The Password Policy Checking API was called.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4793(S): The Password Policy Checking API was called.
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index bce1242646..8519e79e9d 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -2,7 +2,7 @@
title: 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password. (Windows 10)
description: Describes security event 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 675ac8ae63..396f15d0b2 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -2,7 +2,7 @@
title: 4798(S) A user's local group membership was enumerated. (Windows 10)
description: Describes security event 4798(S) A user's local group membership was enumerated.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4798(S): A user's local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 0f06aa7f65..ad750b391e 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -2,7 +2,7 @@
title: 4799(S) A security-enabled local group membership was enumerated. (Windows 10)
description: Describes security event 4799(S) A security-enabled local group membership was enumerated.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4799(S): A security-enabled local group membership was enumerated.
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index d39ab6fe19..87f46d5a18 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -2,7 +2,7 @@
title: 4800(S) The workstation was locked. (Windows 10)
description: Describes security event 4800(S) The workstation was locked. This event is generated when a workstation is locked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4800(S): The workstation was locked.
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index c90c8fdea3..f94c08e08f 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -2,7 +2,7 @@
title: 4801(S) The workstation was unlocked. (Windows 10)
description: Describes security event 4801(S) The workstation was unlocked. This event is generated when workstation is unlocked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4801(S): The workstation was unlocked.
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index 4c84f2bd52..6590d5bd4b 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -2,7 +2,7 @@
title: 4802(S) The screen saver was invoked. (Windows 10)
description: Describes security event 4802(S) The screen saver was invoked. This event is generated when screen saver is invoked.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4802(S): The screen saver was invoked.
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index 5f1894a8cf..2c0e8d441b 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -2,7 +2,7 @@
title: 4803(S) The screen saver was dismissed. (Windows 10)
description: Describes security event 4803(S) The screen saver was dismissed. This event is generated when screen saver is dismissed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4803(S): The screen saver was dismissed.
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index 1d6ad4ae29..8d61ef6f9a 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -2,7 +2,7 @@
title: 4816(S) RPC detected an integrity violation while decrypting an incoming message. (Windows 10)
description: Describes security event 4816(S) RPC detected an integrity violation while decrypting an incoming message.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4816(S): RPC detected an integrity violation while decrypting an incoming message.
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 26a781d5fa..2cb3ae3794 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -2,7 +2,7 @@
title: 4817(S) Auditing settings on object were changed. (Windows 10)
description: Describes security event 4817(S) Auditing settings on object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4817(S): Auditing settings on object were changed.
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index baf2779455..25c2111bd2 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -2,7 +2,7 @@
title: 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. (Windows 10)
description: Describes security event 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index 4cbfab1be0..69743c28c7 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -2,7 +2,7 @@
title: 4819(S) Central Access Policies on the machine have been changed. (Windows 10)
description: Describes security event 4819(S) Central Access Policies on the machine have been changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4819(S): Central Access Policies on the machine have been changed.
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 220ee7a580..914961945b 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -2,7 +2,7 @@
title: 4826(S) Boot Configuration Data loaded. (Windows 10)
description: Describes security event 4826(S) Boot Configuration Data loaded. This event is generated every time system starts and loads Boot Configuration Data settings.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4826(S): Boot Configuration Data loaded.
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index 61eb307968..e70836a75b 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -2,7 +2,7 @@
title: 4864(S) A namespace collision was detected. (Windows 10)
description: Describes security event 4864(S) A namespace collision was detected. This event is generated when a namespace collision is detected.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4864(S): A namespace collision was detected.
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index bf45074afb..76624588fc 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -2,7 +2,7 @@
title: 4865(S) A trusted forest information entry was added. (Windows 10)
description: Describes security event 4865(S) A trusted forest information entry was added.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4865(S): A trusted forest information entry was added.
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 9386b9cba4..1e1b870506 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -2,7 +2,7 @@
title: 4866(S) A trusted forest information entry was removed. (Windows 10)
description: Describes security event 4866(S) A trusted forest information entry was removed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4866(S): A trusted forest information entry was removed.
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index 6873600fc5..24063dad9d 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -2,7 +2,7 @@
title: 4867(S) A trusted forest information entry was modified. (Windows 10)
description: Describes security event 4867(S) A trusted forest information entry was modified.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4867(S): A trusted forest information entry was modified.
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index c95d24be90..5b2a94af52 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -2,7 +2,7 @@
title: 4902(S) The Per-user audit policy table was created. (Windows 10)
description: Describes security event 4902(S) The Per-user audit policy table was created.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4902(S): The Per-user audit policy table was created.
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index a7554ed6c4..fd9ee497a2 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -2,7 +2,7 @@
title: 4904(S) An attempt was made to register a security event source. (Windows 10)
description: Describes security event 4904(S) An attempt was made to register a security event source.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/07/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4904(S): An attempt was made to register a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index 11a3bf597b..c8ba9bb9c9 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -2,7 +2,7 @@
title: 4905(S) An attempt was made to unregister a security event source. (Windows 10)
description: Describes security event 4905(S) An attempt was made to unregister a security event source.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4905(S): An attempt was made to unregister a security event source.
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 70848c2c2f..4913d0d431 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -2,7 +2,7 @@
title: 4906(S) The CrashOnAuditFail value has changed. (Windows 10)
description: Describes security event 4906(S) The CrashOnAuditFail value has changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4906(S): The CrashOnAuditFail value has changed.
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 64869d1958..70de13eecf 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -2,7 +2,7 @@
title: 4907(S) Auditing settings on object were changed. (Windows 10)
description: Describes security event 4907(S) Auditing settings on object were changed.
ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
ms.reviewer:
manager: aaroncz
ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
---
# 4907(S): Auditing settings on object were changed.
From 2efd6fab73c0a42047321197e1da2ef088e51cb6 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Tue, 25 Oct 2022 15:28:23 -0600
Subject: [PATCH 07/11] Update event-4776.md
Lines 32 and 34: you will > you'll
Lines 32 and 137: is not > isn't
Lines 38 and 85: it is > it's
Line 85: which > that
Lines 130 and 133: should not > shouldn't
Line 130: you are > you're
---
.../threat-protection/auditing/event-4776.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index ba75ba50eb..0a115b9db4 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -29,13 +29,13 @@ This event occurs only on the computer that is authoritative for the provided cr
It shows successful and unsuccessful credential validation attempts.
-It shows only the computer name (**Source Workstation**) from which the authentication attempt was performed (authentication source). For example, if you authenticate from CLIENT-1 to SERVER-1 using a domain account you will see CLIENT-1 in the **Source Workstation** field. Information about the destination computer (SERVER-1) is not presented in this event.
+It shows only the computer name (**Source Workstation**) from which the authentication attempt was performed (authentication source). For example, if you authenticate from CLIENT-1 to SERVER-1 using a domain account you'll see CLIENT-1 in the **Source Workstation** field. Information about the destination computer (SERVER-1) isn't presented in this event.
-If a credential validation attempt fails, you will see a Failure event with **Error Code** parameter value not equal to “**0x0**”.
+If a credential validation attempt fails, you'll see a Failure event with **Error Code** parameter value not equal to “**0x0**”.
The main advantage of this event is that on domain controllers you can see all authentication attempts for domain accounts when NTLM authentication was used.
-For monitoring local account logon attempts, it is better to use event “[4624](event-4624.md): An account was successfully logged on” because it contains more details and is more informative.
+For monitoring local account logon attempts, it's better to use event “[4624](event-4624.md): An account was successfully logged on” because it contains more details and is more informative.
This event also generates when a workstation unlock event occurs.
@@ -82,7 +82,7 @@ This event does *not* generate when a domain account logs on locally to a domain
***Field Descriptions:***
-- **Authentication Package** \[Type = UnicodeString\]: the name of [Authentication Package](/windows/win32/secauthn/authentication-packages) which was used for credential validation. It is always “**MICROSOFT\_AUTHENTICATION\_PACKAGE\_V1\_0**” for [4776](event-4776.md) event.
+- **Authentication Package** \[Type = UnicodeString\]: the name of [Authentication Package](/windows/win32/secauthn/authentication-packages) that was used for credential validation. It's always “**MICROSOFT\_AUTHENTICATION\_PACKAGE\_V1\_0**” for [4776](event-4776.md) event.
> **Note** **Authentication package** is a DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. [Local Security Authority](/windows/win32/secgloss/l-gly#_security_local_security_authority_gly) (LSA) authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt.
@@ -127,14 +127,14 @@ For 4776(S, F): The computer attempted to validate the credentials for an accoun
| **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“Logon Account”** value (with other information) to monitor how or when a particular account is being used.
To monitor activity of specific user accounts outside of working hours, monitor the appropriate **Logon Account + Source Workstation** pairs. |
| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor this event with the **“Logon Account”** that should never be used. |
| **Account allow list**: You might have a specific allow list of accounts that are the only ones allowed to perform actions corresponding to particular events. | If this event corresponds to a “allow list-only” action, review the **“Logon Account”** for accounts that are outside the allow list. |
-| **Restricted-use computers**: You might have certain computers from which certain people (accounts) should not log on. | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you are concerned about. |
+| **Restricted-use computers**: You might have certain computers from which certain people (accounts) shouldn't log on. | Monitor the target **Source Workstation** for credential validation requests from the **“Logon Account”** that you're concerned about. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**Logon Account”** for names that don’t comply with naming conventions. |
-- If NTLM authentication should not be used for a specific account, monitor for that account. Don’t forget that local logon will always use NTLM authentication if an account logs on to a device where its user account is stored.
+- If NTLM authentication shouldn't be used for a specific account, monitor for that account. Don’t forget that local logon will always use NTLM authentication if an account logs on to a device where its user account is stored.
- You can use this event to collect all NTLM authentication attempts in the domain, if needed. Don’t forget that local logon will always use NTLM authentication if the account logs on to a device where its user account is stored.
-- If a local account should be used only locally (for example, network logon or terminal services logon is not allowed), you need to monitor for all events where **Source Workstation** and **Computer** (where the event was generated and where the credentials are stored) have different values.
+- If a local account should be used only locally (for example, network logon or terminal services logon isn't allowed), you need to monitor for all events where **Source Workstation** and **Computer** (where the event was generated and where the credentials are stored) have different values.
- Consider tracking the following errors for the reasons listed:
From 8b25c2c338e5dddc6e95c1e0bd9f5e885414bf99 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Tue, 25 Oct 2022 15:58:17 -0600
Subject: [PATCH 08/11] Update event-4769.md
Lines 30, 32, and 115: you will > you'll
Line 244: According > According to
Line 282: Add backticks to ::1 (x2) to try to improve Acro score.
Lines 15, 207 (x2), 119, 177, 214, 216 (x3), 223-224, and 228: cannot > can't
Lines 89, 176, 213, 230, 240, 246, 251, 278, and 280: is not > isn't
Line 180: has not: hasn't
Line 181: Should not > Shouldn't
Lines 181 and 230: are not > aren't
Lines 211 and 233: there is > there's
Lines 215, 250, 252, and 256: does not > doesn't
Line 272: are not > aren't
Lines 225, 246, and 254: do not > don't
Line 249: have not > haven't
---
.../threat-protection/auditing/event-4769.md | 70 +++++++++----------
1 file changed, 35 insertions(+), 35 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index b6609e7858..bcf3312248 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -27,9 +27,9 @@ This event generates every time Key Distribution Center gets a Kerberos Ticket G
This event generates only on domain controllers.
-If TGS issue fails then you will see Failure event with **Failure Code** field not equal to “**0x0**”.
+If TGS issue fails then you'll see Failure event with **Failure Code** field not equal to “**0x0**”.
-You will typically see many Failure events with **Failure Code** “**0x20**”, which simply means that a TGS ticket has expired. These are informational messages and have little to no security relevance.
+You'll typically see many Failure events with **Failure Code** “**0x20**”, which simply means that a TGS ticket has expired. These are informational messages and have little to no security relevance.
> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@@ -86,7 +86,7 @@ You will typically see many Failure events with **Failure Code** “**0x20**”,
- Computer account example: WIN81$@CONTOSO.LOCAL
- > **Note** Although this field is in the UPN format, this is not the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name.
+ > **Note** Although this field is in the UPN format, this isn't the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name.
This parameter in this event is optional and can be empty in some cases.
@@ -112,11 +112,11 @@ You will typically see many Failure events with **Failure Code** “**0x20**”,
- This parameter in this event is optional and can be empty in some cases.
-- **Service ID** \[Type = SID\]**:** SID of the account or computer object for which the TGS ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Service ID** \[Type = SID\]**:** SID of the account or computer object for which the TGS ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
- **NULL SID** – this value shows in Failure events.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it can't ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
**Network Information:**
@@ -173,12 +173,12 @@ The most common values:
| 14 | Request-anonymous | KILE not use this flag. |
| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the “canonicalize” KDC option for the AS-REQ or TGS-REQ. |
| 16-25 | Unused | - |
-| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag is not supported by KILE. |
-| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
+| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag isn't supported by KILE. |
+| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life can't otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
-| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
-| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. |
+| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field hasn't passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
+| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Shouldn't be in use, because postdated tickets aren't supported by KILE. |
| ## Table 4. Kerberos encryption types | | |
- **Ticket Encryption Type**: \[Type = HexInt32\]: the cryptographic suite that was used for issued TGS.
@@ -204,56 +204,56 @@ The most common values:
| 0x4 | KDC\_ERR\_C\_OLD\_MAST\_KVNO | Client's key encrypted in old master key | No information. |
| 0x5 | KDC\_ERR\_S\_OLD\_MAST\_KVNO | Server's key encrypted in old master key | No information. |
| 0x6 | KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN | Client not found in Kerberos database | The username doesn’t exist. |
-| 0x7 | KDC\_ERR\_S\_PRINCIPAL\_UNKNOWN | Server not found in Kerberos database | This error can occur if the domain controller cannot find the server’s name in Active Directory. This error is similar to KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN except that it occurs when the server name cannot be found. |
+| 0x7 | KDC\_ERR\_S\_PRINCIPAL\_UNKNOWN | Server not found in Kerberos database | This error can occur if the domain controller can't find the server’s name in Active Directory. This error is similar to KDC\_ERR\_C\_PRINCIPAL\_UNKNOWN except that it occurs when the server name can't be found. |
| 0x8 | KDC\_ERR\_PRINCIPAL\_NOT\_UNIQUE | Multiple principal entries in KDC database | This error occurs if duplicate principal names exist. Unique principal names are crucial for ensuring mutual authentication. Thus, duplicate principal names are strictly forbidden, even across multiple realms. Without unique principal names, the client has no way of ensuring that the server it is communicating with is the correct one. |
| 0x9 | KDC\_ERR\_NULL\_KEY | The client or server has a null key (master key) | No master key was found for client or server. Usually it means that administrator should reset the password on the account. |
| 0xA | KDC\_ERR\_CANNOT\_POSTDATE | Ticket (TGT) not eligible for postdating | This error can occur if a client requests postdating of a Kerberos ticket. Postdating is the act of requesting that a ticket’s start time be set into the future.
It also can occur if there is a time difference between the client and the KDC. |
-| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There is a time difference between the KDC and the client. |
+| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There's a time difference between the KDC and the client. |
| 0xC | KDC\_ERR\_POLICY | Requested start time is later than end time | This error is usually the result of logon restrictions in place on a user’s account. For example workstation restriction, smart card authentication requirement or logon time restriction. |
-| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials is not in its Allowed-to-delegate-to list |
-| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it cannot decrypt. |
-| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it does not have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
-| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials isn't in its Allowed-to-delegate-to list |
+| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it can't decrypt. |
+| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it doesn't have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
+| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate can't be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA can't be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
| 0x11 | KDC\_ERR\_TRTYPE\_NO\_SUPP | KDC has no support for transited type | No information. |
| 0x12 | KDC\_ERR\_CLIENT\_REVOKED | Client’s credentials have been revoked | This might be because of an explicit disabling or because of other restrictions in place on the account. For example: account disabled, expired, or locked out. |
| 0x13 | KDC\_ERR\_SERVICE\_REVOKED | Credentials for server have been revoked | No information. |
| 0x14 | KDC\_ERR\_TGT\_REVOKED | TGT has been revoked | Since the remote KDC may change its PKCROSS key while there are PKCROSS tickets still active, it SHOULD cache the old PKCROSS keys until the last issued PKCROSS ticket expires. Otherwise, the remote KDC will respond to a client with a KRB-ERROR message of type KDC\_ERR\_TGT\_REVOKED. See [RFC1510](https://www.ietf.org/proceedings/49/I-D/draft-ietf-cat-kerberos-pk-cross-07.txt) for more details. |
| 0x15 | KDC\_ERR\_CLIENT\_NOTYET | Client not yet valid—try again later | No information. |
| 0x16 | KDC\_ERR\_SERVICE\_NOTYET | Server not yet valid—try again later | No information. |
-| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
-| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
-| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
+| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The user’s password has expired.
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code can't occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
+| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients don't request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
| 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. |
| 0x1B | KDC\_ERR\_MUST\_USE\_USER2USER | Server principal valid for user2user only | This error occurs because the service is missing an SPN. |
-| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
+| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client can't decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
| 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. |
-| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
+| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server isn't yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client aren't synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
| 0x22 | KRB\_AP\_ERR\_REPEAT | The request is a replay | This error indicates that a specific authenticator showed up twice — the KDC has detected that this session ticket duplicates one that it has already received. |
| 0x23 | KRB\_AP\_ERR\_NOT\_US | The ticket is not for us | The server has received a ticket that was meant for a different realm. |
-| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There is an account mismatch during protocol transition. |
+| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There's an account mismatch during protocol transition. |
| 0x25 | KRB\_AP\_ERR\_SKEW | The clock skew is too great | This error is logged if a client computer sends a timestamp whose value differs from that of the server’s timestamp by more than the number of minutes found in the “Maximum tolerance for computer clock synchronization” setting in Kerberos policy. |
| 0x26 | KRB\_AP\_ERR\_BADADDR | Network address in network layer header doesn't match address inside ticket | Session tickets MAY include the addresses from which they are valid. This error can occur if the address of the computer sending the ticket is different from the valid address in the ticket. A possible cause of this could be an Internet Protocol (IP) address change. Another possible cause is when a ticket is passed through a proxy server or NAT. The client is unaware of the address scheme used by the proxy server, so unless the program caused the client to request a proxy server ticket with the proxy server's source address, the ticket could be invalid. |
| 0x27 | KRB\_AP\_ERR\_BADVERSION | Protocol version numbers don't match (PVNO) | When an application receives a KRB\_SAFE message, it verifies it. If any error occurs, an error code is reported for use by the application.
The message is first checked by verifying that the protocol version and type fields match the current version and KRB\_SAFE, respectively. A mismatch generates a KRB\_AP\_ERR\_BADVERSION.
See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
| 0x28 | KRB\_AP\_ERR\_MSG\_TYPE | Message type is unsupported | This message is generated when target server finds that message format is wrong. This applies to KRB\_AP\_REQ, KRB\_SAFE, KRB\_PRIV and KRB\_CRED messages.
This error also generated if use of UDP protocol is being attempted with User-to-User authentication. |
| 0x29 | KRB\_AP\_ERR\_MODIFIED | Message stream modified and checksum didn't match | The authentication data was encrypted with the wrong key for the intended server.
The authentication data was modified in transit by a hardware or software error, or by an attacker.
The client sent the authentication data to the wrong server because incorrect DNS data caused the client to send the request to the wrong server.
The client sent the authentication data to the wrong server because DNS data was out-of-date on the client. |
| 0x2A | KRB\_AP\_ERR\_BADORDER | Message out of order (possible tampering) | This event generates for KRB\_SAFE and KRB\_PRIV messages if an incorrect sequence number is included, or if a sequence number is expected but not present. See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
-| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ is not one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
+| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ isn't one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
| 0x2D | KRB\_AP\_ERR\_NOKEY | Service key not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. Because it is possible for the server to be registered in multiple realms, with different keys in each, the realm field in the unencrypted portion of the ticket in the KRB\_AP\_REQ is used to specify which secret key the server should use to decrypt that ticket. The KRB\_AP\_ERR\_NOKEY error code is returned if the server doesn't have the proper key to decipher the ticket. |
| 0x2E | KRB\_AP\_ERR\_MUT\_FAIL | Mutual authentication failed | No information. |
| 0x2F | KRB\_AP\_ERR\_BADDIRECTION | Incorrect message direction | No information. |
-| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
+| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According to [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
| 0x31 | KRB\_AP\_ERR\_BADSEQ | Incorrect sequence number in message | No information. |
-| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after the user-supplied checksum in the Authenticator MUST be verified against the contents of the request, and the message MUST be rejected if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum is not collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
+| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after the user-supplied checksum in the Authenticator MUST be verified against the contents of the request, and the message MUST be rejected if the checksums don't match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum isn't collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
| 0x33 | KRB\_AP\_PATH\_NOT\_ACCEPTED | Desired path is unreachable | No information. |
| 0x34 | KRB\_ERR\_RESPONSE\_TOO\_BIG | Too much data | The size of a ticket is too large to be transmitted reliably via UDP. In a Windows environment, this message is purely informational. A computer running a Windows operating system will automatically try TCP if UDP fails. |
-| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes have not propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
-| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that does not understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
-| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) is not trusted by the domain controller. |
-| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client does not possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
+| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes hanven't propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
+| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that doesn't understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
+| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) isn't trusted by the domain controller. |
+| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client doesn't possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
| 0x40 | KDC\_ERR\_INVALID\_SIG | The signature is invalid | This error is related to PKINIT. If a PKI trust relationship exists, the KDC then verifies the client's signature on AuthPack (TGT request signature). If that fails, the KDC returns an error message of type KDC\_ERR\_INVALID\_SIG. |
-| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they do not (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
+| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they don't (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
| 0x42 | KRB\_AP\_ERR\_USER\_TO\_USER\_REQUIRED | User-to-user authorization is required | In the case that the client application doesn't know that a service requires user-to-user authentication, and requests and receives a conventional KRB\_AP\_REP, the client will send the KRB\_AP\_REP request, and the server will respond with a KRB\_ERROR token as described in [RFC1964](https://tools.ietf.org/html/rfc1964), with a msg-type of KRB\_AP\_ERR\_USER\_TO\_USER\_REQUIRED. |
-| 0x43 | KRB\_AP\_ERR\_NO\_TGT | No TGT was presented or available | In user-to-user authentication if the service does not possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT. |
+| 0x43 | KRB\_AP\_ERR\_NO\_TGT | No TGT was presented or available | In user-to-user authentication if the service doesn't possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT. |
| 0x44 | KDC\_ERR\_WRONG\_REALM | Incorrect domain or principal | Although this error rarely occurs, it occurs when a client presents a cross-realm TGT to a realm other than the one specified in the TGT. Typically, this results from incorrectly configured DNS. |
- **Transited Services** \[Type = UnicodeString\]: this field contains list of SPNs which were requested if Kerberos delegation was used.
@@ -269,17 +269,17 @@ For 4769(S, F): A Kerberos service ticket was requested.
| **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“Account Information\\Account Name”** that corresponds to the high-value account or accounts. |
| **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“Account Information\\Account Name”** (with other information) to monitor how or when a particular account is being used. |
| **Non-active accounts**: You might have non-active, disabled, or guest accounts, or other accounts that should never be used. | Monitor this event with the **“Account Information\\Account Name”** that corresponds to the accounts that should never be used. |
-| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Account Information\\Account Domain”** corresponding to another domain or “external” location. |
+| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that aren't allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Account Information\\Account Domain”** corresponding to another domain or “external” location. |
| **Restricted-use computers or devices**: You might have certain computers, machines, or devices on which certain people (accounts) should not typically perform any actions. | Monitor the target **Computer:** (or other target device) for actions performed by the **“Account Information\\Account Name”** that you are concerned about. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**User ID”** for names that don’t comply with naming conventions. |
- If you know that **Account Name** should never request any tickets for (that is, never get access to) a particular computer account or service account, monitor for [4769](event-4769.md) events with the corresponding **Account Name** and **Service ID** fields.
-- You can track all [4769](event-4769.md) events where the **Client Address** is not from your internal IP range or not from private IP ranges.
+- You can track all [4769](event-4769.md) events where the **Client Address** isn't from your internal IP range or not from private IP ranges.
-- If you know that **Account Name** should be able to request tickets (should be used) only from a known allow list of IP addresses, track all **Client Address** values for this **Account Name** in [4769](event-4769.md) events. If **Client Address** is not from your allow list of IP addresses, generate the alert.
+- If you know that **Account Name** should be able to request tickets (should be used) only from a known allow list of IP addresses, track all **Client Address** values for this **Account Name** in [4769](event-4769.md) events. If **Client Address** isn't from your allow list of IP addresses, generate the alert.
-- All **Client Address** = ::1 means local TGS requests, which means that the **Account Name** logged on to a domain controller before making the TGS request. If you have an allow list of accounts allowed to log on to domain controllers, monitor events with **Client Address** = ::1 and any **Account Name** outside the allow list.
+- All **Client Address** = `::1` means local TGS requests, which means that the **Account Name** logged on to a domain controller before making the TGS request. If you have an allow list of accounts allowed to log on to domain controllers, monitor events with **Client Address** = `::1` and any **Account Name** outside the allow list.
- All [4769](event-4769.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
@@ -287,4 +287,4 @@ For 4769(S, F): A Kerberos service ticket was requested.
- Starting with Windows Vista and Windows Server 2008, monitor for a **Ticket Encryption Type** other than **0x11 and 0x12**. These are the expected values, starting with these operating systems, and represent AES-family algorithms.
-- If you have a list of important **Failure Codes**, monitor for these codes.
\ No newline at end of file
+- If you have a list of important **Failure Codes**, monitor for these codes.
From e7631dc2734311055a24e6f0521d1cd06a6b2569 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Tue, 25 Oct 2022 16:04:01 -0600
Subject: [PATCH 09/11] Update event-4768.md
Line 187: it's > its
Line 239 (x2), 245, 250 (x2), 320, 322, 324: is not > isn't
Line 243: According > According to
---
.../threat-protection/auditing/event-4768.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index dee5834cc1..e4d1fe8e0d 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -184,7 +184,7 @@ The most common values:
| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
-| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in it’s renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
+| 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in its renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. |
| 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. |
## Table 2. Kerberos ticket flags
@@ -236,18 +236,18 @@ The most common values:
| 0x28 | KRB\_AP\_ERR\_MSG\_TYPE | Message type is unsupported | This message is generated when target server finds that message format is wrong. This applies to KRB\_AP\_REQ, KRB\_SAFE, KRB\_PRIV and KRB\_CRED messages.
This error also generated if use of UDP protocol is being attempted with User-to-User authentication. |
| 0x29 | KRB\_AP\_ERR\_MODIFIED | Message stream modified and checksum didn't match | The authentication data was encrypted with the wrong key for the intended server.
The authentication data was modified in transit by a hardware or software error, or by an attacker.
The client sent the authentication data to the wrong server because incorrect DNS data caused the client to send the request to the wrong server.
The client sent the authentication data to the wrong server because DNS data was out-of-date on the client. |
| 0x2A | KRB\_AP\_ERR\_BADORDER | Message out of order (possible tampering) | This event generates for KRB\_SAFE and KRB\_PRIV messages if an incorrect sequence number is included, or if a sequence number is expected but not present. See [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) for more details. |
-| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key is not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ is not one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
+| 0x2C | KRB\_AP\_ERR\_BADKEYVER | Specified version of key isn't available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. If the key version indicated by the Ticket in the KRB\_AP\_REQ isn't one the server can use (e.g., it indicates an old key, and the server no longer possesses a copy of the old key), the KRB\_AP\_ERR\_BADKEYVER error is returned. |
| 0x2D | KRB\_AP\_ERR\_NOKEY | Service key not available | This error might be generated on server side during receipt of invalid KRB\_AP\_REQ message. Because it is possible for the server to be registered in multiple realms, with different keys in each, the realm field in the unencrypted portion of the ticket in the KRB\_AP\_REQ is used to specify which secret key the server should use to decrypt that ticket. The KRB\_AP\_ERR\_NOKEY error code is returned if the server doesn't have the proper key to decipher the ticket. |
| 0x2E | KRB\_AP\_ERR\_MUT\_FAIL | Mutual authentication failed | No information. |
| 0x2F | KRB\_AP\_ERR\_BADDIRECTION | Incorrect message direction | No information. |
-| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
+| 0x30 | KRB\_AP\_ERR\_METHOD | Alternative authentication method required | According to [RFC4120](http://www.ietf.org/rfc/rfc4120.txt) this error message is obsolete. |
| 0x31 | KRB\_AP\_ERR\_BADSEQ | Incorrect sequence number in message | No information. |
-| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after that, the user-supplied checksum in the Authenticator MUST be verified against the contents of the request. The message MUST be rejected either if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum is not collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
+| 0x32 | KRB\_AP\_ERR\_INAPP\_CKSUM | Inappropriate type of checksum in message (checksum may be unsupported) | When KDC receives KRB\_TGS\_REQ message it decrypts it, and after that, the user-supplied checksum in the Authenticator MUST be verified against the contents of the request. The message MUST be rejected either if the checksums do not match (with an error code of KRB\_AP\_ERR\_MODIFIED) or if the checksum isn't collision-proof (with an error code of KRB\_AP\_ERR\_INAPP\_CKSUM). |
| 0x33 | KRB\_AP\_PATH\_NOT\_ACCEPTED | Desired path is unreachable | No information. |
| 0x34 | KRB\_ERR\_RESPONSE\_TOO\_BIG | Too much data | The size of a ticket is too large to be transmitted reliably via UDP. In a Windows environment, this message is purely informational. A computer running a Windows operating system will automatically try TCP if UDP fails. |
| 0x3C | KRB\_ERR\_GENERIC | Generic error | Group membership has overloaded the PAC.
Multiple recent password changes have not propagated.
Crypto subsystem error caused by running out of memory.
SPN too long.
SPN has too many parts. |
| 0x3D | KRB\_ERR\_FIELD\_TOOLONG | Field is too long for this implementation | Each request (KRB\_KDC\_REQ) and response (KRB\_KDC\_REP or KRB\_ERROR) sent over the TCP stream is preceded by the length of the request as 4 octets in network byte order. The high bit of the length is reserved for future expansion and MUST currently be set to zero. If a KDC that does not understand how to interpret a set high bit of the length encoding receives a request with the high order bit of the length set, it MUST return a KRB-ERROR message with the error KRB\_ERR\_FIELD\_TOOLONG and MUST close the TCP stream. |
-| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or is not implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) is not trusted by the domain controller. |
+| 0x3E | KDC\_ERR\_CLIENT\_NOT\_TRUSTED | The client trust failed or isn't implemented | This typically happens when user’s smart-card certificate is revoked or the root Certification Authority that issued the smart card certificate (in a chain) isn't trusted by the domain controller. |
| 0x3F | KDC\_ERR\_KDC\_NOT\_TRUSTED | The KDC server trust failed or could not be verified | The trustedCertifiers field contains a list of certification authorities trusted by the client, in the case that the client does not possess the KDC's public key certificate. If the KDC has no certificate signed by any of the trustedCertifiers, then it returns an error of type KDC\_ERR\_KDC\_NOT\_TRUSTED. See [RFC1510](https://www.ietf.org/proceedings/50/I-D/cat-kerberos-pk-init-13.txt) for more details. |
| 0x40 | KDC\_ERR\_INVALID\_SIG | The signature is invalid | This error is related to PKINIT. If a PKI trust relationship exists, the KDC then verifies the client's signature on AuthPack (TGT request signature). If that fails, the KDC returns an error message of type KDC\_ERR\_INVALID\_SIG. |
| 0x41 | KDC\_ERR\_KEY\_TOO\_WEAK | A higher encryption level is needed | If the clientPublicValue field is filled in, indicating that the client wishes to use Diffie-Hellman key agreement, then the KDC checks to see that the parameters satisfy its policy. If they do not (e.g., the prime size is insufficient for the expected encryption type), then the KDC sends back an error message of type KDC\_ERR\_KEY\_TOO\_WEAK. |
@@ -317,11 +317,11 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
| **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Supplied Realm Name”** corresponding to another domain or “external” location. |
| **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**User ID”** for names that don’t comply with naming conventions. |
-- You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP address range or not from private IP address ranges.
+- You can track all [4768](event-4768.md) events where the **Client Address** isn't from your internal IP address range or not from private IP address ranges.
-- If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** is not from the allowlist, generate the alert.
+- If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** isn't from the allowlist, generate the alert.
-- All **Client Address** = ::1 means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** is not allowed to log on to any domain controller.
+- All **Client Address** = ::1 means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** isn't allowed to log on to any domain controller.
- All [4768](event-4768.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
From 4bbdaae6d59a2e9c55a9666eb41ede3fc4e7adc3 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Tue, 25 Oct 2022 16:12:20 -0600
Subject: [PATCH 10/11] Update event-4768.md
Line 324: Add backticks (x2) to ::1 to raiseAcro score.
Lines 183, 212, and 229: is not > isn't
---
windows/security/threat-protection/auditing/event-4768.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index e4d1fe8e0d..1eded19698 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -180,7 +180,7 @@ The most common values:
| 14 | Request-anonymous | KILE not use this flag. |
| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the "canonicalize" KDC option for the AS-REQ or TGS-REQ. |
| 16-25 | Unused | - |
-| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag is not supported by KILE. |
+| 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
the DISABLE-TRANSITED-CHECK option.
Should not be in use, because Transited-policy-checked flag isn't supported by KILE. |
| 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. |
| 28 | Enc-tkt-in-skey | No information. |
| 29 | Unused | - |
@@ -209,7 +209,7 @@ The most common values:
| 0xA | KDC\_ERR\_CANNOT\_POSTDATE | Ticket (TGT) not eligible for postdating | This error can occur if a client requests postdating of a Kerberos ticket. Postdating is the act of requesting that a ticket’s start time be set into the future.
It also can occur if there is a time difference between the client and the KDC. |
| 0xB | KDC\_ERR\_NEVER\_VALID | Requested start time is later than end time | There is a time difference between the KDC and the client. |
| 0xC | KDC\_ERR\_POLICY | Requested start time is later than end time | This error is usually the result of logon restrictions in place on a user’s account. For example workstation restriction, smart card authentication requirement or logon time restriction. |
-| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials is not in its Allowed-to-delegate-to list |
+| 0xD | KDC\_ERR\_BADOPTION | KDC cannot accommodate requested option | Impending expiration of a TGT.
The SPN to which the client is attempting to delegate credentials isn't in its Allowed-to-delegate-to list |
| 0xE | KDC\_ERR\_ETYPE\_NOTSUPP | KDC has no support for encryption type | In general, this error occurs when the KDC or a client receives a packet that it cannot decrypt. |
| 0xF | KDC\_ERR\_SUMTYPE\_NOSUPP | KDC has no support for checksum type | The KDC, server, or client receives a packet for which it does not have a key of the appropriate encryption type. The result is that the computer is unable to decrypt the ticket. |
| 0x10 | KDC\_ERR\_PADATA\_TYPE\_NOSUPP | KDC has no support for PADATA type (pre-authentication data) | Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted.
It can also happen when a domain controller doesn’t have a certificate installed for smart cards (Domain Controller or Domain Controller Authentication templates).
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
@@ -226,7 +226,7 @@ The most common values:
| 0x1D | KDC\_ERR\_SVC\_UNAVAILABLE | KDC is unavailable | No information. |
| 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. |
| 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. |
-| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
+| 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server isn't yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. |
| 0x22 | KRB\_AP\_ERR\_REPEAT | The request is a replay | This error indicates that a specific authenticator showed up twice — the KDC has detected that this session ticket duplicates one that it has already received. |
| 0x23 | KRB\_AP\_ERR\_NOT\_US | The ticket is not for us | The server has received a ticket that was meant for a different realm. |
| 0x24 | KRB\_AP\_ERR\_BADMATCH | The ticket and authenticator do not match | The KRB\_TGS\_REQ is being sent to the wrong KDC.
There is an account mismatch during protocol transition. |
@@ -321,7 +321,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested.
- If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** isn't from the allowlist, generate the alert.
-- All **Client Address** = ::1 means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = ::1 and **Account Name** isn't allowed to log on to any domain controller.
+- All **Client Address** = `::1` means local authentication. If you know the list of accounts which should log on to the domain controllers, then you need to monitor for all possible violations, where **Client Address** = `::1` and **Account Name** isn't allowed to log on to any domain controller.
- All [4768](event-4768.md) events with **Client Port** field value > 0 and < 1024 should be examined, because a well-known port was used for outbound connection.
From 52603749107d21e4c040d1bbece9e5d9496be4fb Mon Sep 17 00:00:00 2001
From: Angela Fleischmann
Date: Tue, 25 Oct 2022 16:23:22 -0600
Subject: [PATCH 11/11] Update event-4693.md
Line 110: a RSA > an RSA
Line 104: it's > its
Lines 82 and 110: you will > you'll
Lines 28, 82, and 84: cannot > can't
Line 124: it is > it's
---
.../threat-protection/auditing/event-4693.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 4676511260..219798f08e 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -25,7 +25,7 @@ ms.technology: itpro-security
This event generates every time that recovery is attempted for a [DPAPI](/previous-versions/ms995355(v=msdn.10)) Master Key.
-While unprotecting data, if DPAPI cannot use the Master Key protected by the user's password, it sends the backup Master Key to a domain controller by using a mutually authenticated and privacy protected RPC call. The domain controller then decrypts the Master Key with its private key and sends it back to the client by using the same protected RPC call. This protected RPC call is used to ensure that no one listening on the network can get the Master Key.
+While unprotecting data, if DPAPI can't use the Master Key protected by the user's password, it sends the backup Master Key to a domain controller by using a mutually authenticated and privacy protected RPC call. The domain controller then decrypts the Master Key with its private key and sends it back to the client by using the same protected RPC call. This protected RPC call is used to ensure that no one listening on the network can get the Master Key.
This event generates on domain controllers, member servers, and workstations.
@@ -79,9 +79,9 @@ Failure event generates when a Master Key restore operation fails for some reaso
**Subject:**
-- **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+- **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it can't ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “recover” operation.
@@ -101,13 +101,13 @@ Failure event generates when a Master Key restore operation fails for some reaso
**Key Information:**
-- **Key Identifier** \[Type = UnicodeString\]**:** unique identifier of a master key which was recovered. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is it’s ID.
+- **Key Identifier** \[Type = UnicodeString\]**:** unique identifier of a master key which was recovered. The Master Key is used, with some additional data, to generate an actual symmetric session key to encrypt\\decrypt the data using DPAPI. All of user's Master Keys are located in user profile -> %APPDATA%\\Roaming\\Microsoft\\Windows\\Protect\\%SID% folder. The name of every Master Key file is its ID.
- **Recovery Server** \[Type = UnicodeString\]: the name (typically – DNS name) of the computer that you contacted to recover your Master Key. For domain joined machines, it’s typically a name of a domain controller.
> **Note** In this event Recovery Server field contains information from Recovery Reason field.
-- **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates a RSA public/private key pair, which is the recovery key. In this field you will see unique Recovery key ID which was used for Master key recovery operation. This parameter might not be captured in the event, and in that case will be empty.
+- **Recovery Key ID** \[Type = UnicodeString\]**:** unique identifier of a recovery key. The recovery key is generated when a user chooses to create a Password Reset Disk (PRD) from the user's Control Panel or when first Master Key is generated. First, DPAPI generates an RSA public/private key pair, which is the recovery key. In this field you'll see unique Recovery key ID which was used for Master key recovery operation. This parameter might not be captured in the event, and in that case will be empty.
- **Recovery Reason** \[Type = HexInt32\]: hexadecimal code of recovery reason.
@@ -121,8 +121,8 @@ Failure event generates when a Master Key restore operation fails for some reaso
For 4693(S, F): Recovery of data protection master key was attempted.
-- This event is typically an informational event and it is difficult to detect any malicious activity using this event. It’s mainly used for DPAPI troubleshooting.
+- This event is typically an informational event and it's difficult to detect any malicious activity using this event. It’s mainly used for DPAPI troubleshooting.
- For domain joined computers, **Recovery Reason** should typically be a domain controller DNS name.
-> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
\ No newline at end of file
+> **Important** For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).