Merge branch 'master' into aljupudi-5422453-BitlockerCSP

2025-05-18 16:27:22 +00:00 · 2021-09-22 12:04:27 +05:30 · 2021-09-22 12:04:27 +05:30 · 1f929d55a0
commit 1f929d55a0
parent cc18bef0e4 4069fa4bdc
320 changed files with 1033 additions and 1733 deletions
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@ -428,6 +428,7 @@ ms.date: 10/08/2020
 - [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
 - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
 - [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
 - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
 - [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
 - [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -1676,6 +1676,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### ADMX_LocationProviderAdm policies
 <dl>
  <dd>
    <a href="./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1" id="admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin</a>
  </dd>
 <dl>
 ### ADMX_Logon policies  
 <dl>
@ -6065,6 +6073,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
  </dd>
 </dl>
 ### Feeds policies
 <dl>
  <dd>
    <a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
  </dd>
 </dl>
 ### FileExplorer policies
 <dl>
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@ -0,0 +1,112 @@
 ---
 title: Policy CSP - ADMX_LocationProviderAdm
 description: Policy CSP - ADMX_LocationProviderAdm
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nimishasatapathy
 ms.date: 09/20/2021
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - ADMX_LocationProviderAdm
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
 <hr/>
 <!--Policies-->
 ## ADMX_LocationProviderAdm policies  
 <dl>
  <dd>
    <a href="#admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="admx-locationprovideradm-disablewindowslocationprovider_1"></a>**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Machine
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting turns off the Windows Location Provider feature for this computer.  
 - If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.  
 - If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
 <!--/Description-->
 > [!TIP]
 > This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 > 
 > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 > 
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Turn off Windows Location Provider*
 -   GP name: *DisableWindowsLocationProvider_1*
 -   GP path: *Windows Components\Location and Sensors\Windows Location Provider*
 -   GP ADMX file name: *LocationProviderAdm.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <hr/>
 > [!NOTE]
 > These policies are currently only available as part of a Windows Insider release.
 <!--/Policies-->
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -37,9 +37,6 @@ manager: dansimp
  <dd>
    <a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
  </dd>
  <dd>
    <a href="#experience-allownewsandinterestsonthetaskbar">Experience/AllowNewsAndInterestsOnTheTaskbar</a>
  </dd>
  <dd>
    <a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
  </dd>
@ -105,28 +102,34 @@ manager: dansimp
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -184,28 +187,34 @@ ADMX Info:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -252,28 +261,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -314,28 +329,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -384,28 +405,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -442,65 +469,6 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
 <a href="" id="experience-allownewsandinterestsonthetaskbar"></a>**Experience/AllowNewsAndInterestsOnTheTaskbar**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Windows Edition</th>
    <th>Supported?</th>
 </tr>
 <tr>
    <td>Home</td>
    <td><img src="images/crossmark.png" alt="cross mark" /></td>
 </tr>
 <tr>
    <td>Pro</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Business</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 <tr>
    <td>Education</td>
    <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Machine
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Specifies whether to allow "News and interests" on the Taskbar.
 <!--/Description-->
 <!--SupportedValues-->
 The values for this policy are 1 and 0. This policy defaults to 1.
 - 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
 - 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="experience-allowsaveasofofficefiles"></a><b>Experience/AllowSaveAsOfOfficeFiles</b>
@ -531,28 +499,34 @@ This policy is deprecated.
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -589,28 +563,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -665,28 +645,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -735,28 +721,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -808,28 +800,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -880,28 +878,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -951,28 +955,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1021,28 +1031,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1093,28 +1109,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1159,28 +1181,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td>No</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1217,28 +1245,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1286,28 +1320,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1356,28 +1396,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1426,28 +1472,34 @@ The following list shows the supported values:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1512,36 +1564,40 @@ _**Turn syncing off by default but don’t disable**_
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**  
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
@ -1615,28 +1671,34 @@ Validation procedure:
 <!--SupportedSKUs-->
 <table>
 <tr>
-    <th>Windows Edition</th>
+    <th>Edition</th>
-    <th>Supported?</th>
+    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 <tr>
    <td>Education</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
+    <td>Yes</td>
    <td>Yes</td>
 </tr>
 </table>
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@ -0,0 +1,103 @@
 ---
 title: Policy CSP - Feeds
 description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
 ms.author: v-nsatapathy
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nimishasatapathy
 ms.localizationpriority: medium
 ms.date: 09/17/2021
 ms.reviewer: 
 manager: dansimp
 ---
 # Policy CSP - Feeds
 <hr/>
 <!--Policies-->
 ## Feeds policies  
 <dl>
  <dd>
    <a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
  </dd>
 </dl>
 <hr/>
 <!--Policy-->
 <a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Edition</th>
    <th>Windows 10</th>
    <th>Windows 11</th>
 </tr>
 <tr>
    <td>Home</td>
    <td>No</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Pro</td>
    <td>Yes</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Business</td>
    <td>Yes</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Enterprise</td>
    <td>Yes</td>
    <td>No</td>
 </tr>
 <tr>
    <td>Education</td>
    <td>Yes</td>
    <td>No</td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Machine
 <hr/>
 <!--/Scope-->
 <!--Description-->
 This policy setting specifies whether news and interests is allowed on the device.
 The values for this policy are 1 and 0. This policy defaults to 1.
 - 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
 - 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Enable news and interests on the taskbar*
 -   GP name: *FeedsEnabled*
 -   GP path: *Windows Components\News and interests*
 -   GP ADMX file name: *Feeds.admx*
 <!--/ADMXBacked-->
 <!--/Policy-->
 <!--/Policies-->
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -480,7 +480,7 @@ items:
            - name: ADMX_Explorer
              href: policy-csp-admx-explorer.md
            - name: ADMX_ExternalBoot
-              href: policy-csp-admx-externalboot.md  
+              href: policy-csp-admx-externalboot.md 
            - name: ADMX_FileRecovery
              href: policy-csp-admx-filerecovery.md
            - name: ADMX_FileRevocation
@ -519,6 +519,8 @@ items:
              href: policy-csp-admx-leakdiagnostic.md  
            - name: ADMX_LinkLayerTopologyDiscovery
              href: policy-csp-admx-linklayertopologydiscovery.md
            - name: ADMX_LocationProviderAdm
              href: policy-csp-admx-locationprovideradm.md  
            - name: ADMX_Logon
              href: policy-csp-admx-logon.md
            - name: ADMX_MicrosoftDefenderAntivirus
@ -713,6 +715,8 @@ items:
              href: policy-csp-experience.md
            - name: ExploitGuard
              href: policy-csp-exploitguard.md
            - name: Feeds
              href: policy-csp-feeds.md
            - name: FileExplorer
              href: policy-csp-fileexplorer.md
            - name: Games
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@ -9,7 +9,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/30/2020
+ms.date: 09/21/2021
 ---
 # VPNv2 CSP
@ -591,7 +591,7 @@ Valid values:
 - True = Register the connection's addresses in DNS.
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**  
-Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
+Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance.
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@ -7,9 +7,9 @@ audience: itpro
 itproauthor: jaimeo
 ms.audience: itpro
 author: jaimeo
-ms.reviewer: 
+ms.reviewer: kaushika
 manager: laurawi
-ms.topic: article
+ms.topic: troubleshooting
 ms.custom: seo-marvel-apr2020
 ---
@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 ## 0x8024402F
-|                Error Code                |              Message              |                                          Description                                          |                                                                                                                                                                                                                     Mitigation                                                                                                                                                                                                                      |
+| Message | Description | Mitigation |
-|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---------|-------------|------------|
-|                0x8024402F                | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS |                    External cab file processing completed with some errors                    |                                                                                               One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed                                                                                               |
+| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
-|                0x80242006                |      WU_E_UH_INVALIDMETADATA      |   A handler operation could not be completed because the update contains invalid metadata.    | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
+
-|                0x80070BC9                |    ERROR_FAIL_REBOOT_REQUIRED     |    The requested operation failed. A system reboot is required to roll back changes made.     |                                                                                                                          Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system.                                                                                                                          |
+## 0x80242006
-|                0x80200053                |      BG_E_VALIDATION_FAILED       |                                              NA                                               |                                                                  Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).                                                                  |
+
-|                0x80072EE2                |         WININET_E_TIMEOUT         |                                    The operation timed out                                    |                   This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com>  <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario>                   |
+| Message | Description | Mitigation |
-| 0x80072EFD <br>0x80072EFE <br>0x80D02002 |          TIME_OUT_ERRORS          |                                    The operation timed out                                    |                                                                                                                                Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario>                                                                                                                                 |
+|---------|-------------|------------|
-|                0X8007000D                |        ERROR_INVALID_DATA         |                   Indicates invalid data downloaded or corruption occurred.                   |                                                                                                                                                                                            Attempt to re-download the update and initiate installation.                                                                                                                                                                                             |
+| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
-|                0x8024A10A                |    USO_E_SERVICE_SHUTTING_DOWN    |                        Indicates that the Windows Update Service is shutting down.                        |                                                                                         This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade.                                                                                          |
+
-|                0x80240020                |     WU_E_NO_INTERACTIVE_USER      |          Operation did not complete because there is no logged-on interactive user.           |                                                                                                                                                                            Sign in to the device to start the installation and allow the device to restart.                                                                                                                                                                             |
+## 0x80070BC9
-|                0x80242014                |  WU_E_UH_POSTREBOOTSTILLPENDING   |                The post-restart operation for the update is still in progress.                 |                                                                                                                                                               Some Windows Updates require the device to be restarted. Restart the device to complete update installation.                                                                                                                                                              |
+
-|                0x80246017                |  WU_E_DM_UNAUTHORIZED_LOCAL_USER  | The download failed because the local user was denied authorization to download the content.  |                                                                                                                                               Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).                                                                                                                                                |
+| Message | Description | Mitigation |
-|                0x8024000B                |        WU_E_CALL_CANCELLED        |                                   Operation was canceled.                                    |                                                            The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete.                                                             |
+|---------|-------------|------------|
-|                0x8024000E                |         WU_E_XML_INVALID          |           Windows Update Agent found invalid information in the update's XML data.            |                                                                                                              Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine.                                                                                                              |
+| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
-|                0x8024D009                |      WU_E_SETUP_SKIP_UPDATE       | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. |                                                                                       You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue.                                                                                       |
+
-|                0x80244007                |   WU_E_PT_SOAPCLIENT_SOAPFAULT    | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. |                                                                                        This issue occurs because Windows cannot renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue.                                                                                         |
+## 0x80200053
-|                0x80070422               |       | This issue occurs when the Windows Update service stops working or is not running. |                                                                                       Check if the Windows Update service is running.<br>                                                                                        |
+
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
 ## 0x80072EFD or 0x80072EFE or 0x80D02002
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
 ## 0X8007000D
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. |
 ## 0x8024A10A
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | USO_E_SERVICE_SHUTTING_DOWN  | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. |
 ## 0x80240020
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. |
 ## 0x80242014
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. |
 ## 0x80246017
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content.  | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
 ## 0x8024000B
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
 ## 0x8024000E
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. |
 ## 0x8024D009
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
 ## 0x80244007
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update.  <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
 ## 0x80070422
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.<br> |
 ## 0x800f0821
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS   transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
 ## 0x800f0825
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
 ## 0x800F0920
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding.  Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
 ## 0x800f081f
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
 ## 0x800f0831
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component  Store. | Repair the component store with **Dism RestoreHealth** or manually repair with   the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.  |
 ## 0x80070005
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
 ## 0x80070570
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.|
 ## 0x80070003
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. |
 ## 0x80070020
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)  <br> 2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
 ## 0x80073701
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
 ## 0x8007371b
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
 ## 0x80072EFE
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.<br> From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE* <br> Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure you’re using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
 ## 0x80072F8F
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/). 
 ## 0x80072EE2
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://ntservicepack.microsoft.com |
 ## 0x80240022
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
 ## 0x8024401B
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error. <br> Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN. <br> Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
 ## 0x80244022
 | Message | Description | Mitigation |
 |---------|-------------|------------|
 | WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@ -1,5 +1,5 @@
 ---
-title: Active Directory Security Groups (Windows 10)
+title: Active Directory Security Groups
 description: Active Directory Security Groups
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -12,14 +12,15 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/19/2017
+ms.date: 09/21/2021
 ms.reviewer: 
 ---
 # Active Directory Security Groups
 **Applies to**
-   Windows Server 2016
+-   Windows Server 2016 or later
 -   Windows 10 or later
 This reference topic for the IT professional describes the default Active Directory security groups.
@ -1489,7 +1490,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-&lt;domain&gt;-512</p></td>
+<td><p>S-1-5-21-&lt;domain&gt;-512</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
@ -1885,7 +1886,7 @@ This security group has not changed since Windows Server 2008.
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-21-&lt;domain&gt;-498</p></td>
+<td><p>S-1-5-21-&lt;root domain&gt;-498</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Filtering Platform Policy Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Filtering Platform Policy Change allows you to audit events generated by changes to the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) (WFP), such as the following:
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Group Membership
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Handle Manipulation
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), [Audit Removable Storage](audit-removable-storage.md) and [Audit SAM](audit-sam.md) subcategories, and shows object’s handle duplication and close actions.
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit IPsec Driver
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit IPsec Driver allows you to audit events generated by IPSec driver such as the following:
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit IPsec Extended Mode
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit IPsec Main Mode
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit IPsec Main Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit IPsec Quick Mode
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Kerberos Authentication Service
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Kerberos Authentication Service determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Kerberos Service Ticket Operations
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Kerberos Service Ticket Operations determines whether the operating system generates security audit events for Kerberos service ticket requests.
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Kernel Object
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Kernel Object determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/16/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Logoff
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Logon
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer.
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit MPSSVC Rule-Level Policy Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit MPSSVC Rule-Level Policy Change determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Network Policy Server
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Non-Sensitive Privilege Use
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@ -1,6 +1,6 @@
 ---
 title: Audit Other Account Logon Events (Windows 10)
-description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons.
+description: The policy setting, Audit Other Account Logon Events allows you to audit events when generated by responses to credential requests for certain kinds of user logons.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
 ms.reviewer: 
 manager: dansimp
@ -11,24 +11,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Account Logon Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 **General Subcategory Information:**
 This auditing subcategory does not contain any events. It is intended for future use.
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                   |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
+| Domain Controller | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
-| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
+| Member Server     | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
-| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
+| Workstation       | No              | No              | No               | No               | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Account Management Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Other Account Management Events determines whether the operating system generates user account management audit events.
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Logon/Logoff Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events.
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Object Access Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and indirect object access requests.
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Policy Change Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Other Policy Change Events contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations.
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other Privilege Use Events
 **Applies to**
 - Windows 10
 - Windows Server 2016
 This auditing subcategory should not have any events in it, but for some reason Success auditing will enable the generation of event [4985(S): The state of a transaction has changed](/windows/security/threat-protection/auditing/event-4985).
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@ -11,17 +11,13 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Other System Events
-**Applies to**
+ 
 -   Windows 10
 -   Windows Server 2016
 Audit Other System Events contains Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.
 Audit Other System Events determines whether the operating system audits various system events.
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit PNP Activity
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit PNP Activity determines when Plug and Play detects an external device.
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Process Creation
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Process Creation determines whether the operating system generates audit events when a process is created (starts).
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Process Termination
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Process Termination determines whether the operating system generates audit events when process has exited.
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Registry
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Registry allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists ([SACL](/windows/win32/secauthz/access-control-lists)s) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Removable Storage
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Removable Storage allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated for all objects and all types of access requested, with no dependency on object’s [SACL](/windows/win32/secauthz/access-control-lists).
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit RPC Events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit RPC Events determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit SAM
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager ([SAM](/previous-versions/windows/it-pro/windows-server-2003/cc756748(v=ws.10))) objects.
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 02/28/2019
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Security Group Management
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Security Group Management determines whether the operating system generates audit events when specific security group management tasks are performed.
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Security State Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Security State Change contains Windows startup, recovery, and shutdown events, and information about changes in system time.
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Security System Extension
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Security System Extension contains information about the loading of an authentication package, notification package, or security package, plus information about trusted logon process registration events.
@ -36,9 +32,9 @@ Attempts to install or load security system extensions or services are critical
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
 |-------------------|-----------------|-----------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
+| Member Server     | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
-| Workstation       | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
+| Workstation       | Yes             | No              | Yes              | No               | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.   |
 **Events List:**
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Sensitive Privilege Use
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Sensitive Privilege Use contains events that show the usage of sensitive privileges. This is the list of sensitive privileges:
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Special Logon
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Special Logon determines whether the operating system generates audit events under special sign on (or log on) circumstances.
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit System Integrity
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit System Integrity determines whether the operating system audits events that violate the integrity of the security subsystem.
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@ -11,10 +11,6 @@ ms.technology: mde
 # Audit Token Right Adjusted
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token. 
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit User Account Management
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit User Account Management determines whether the operating system generates audit events when specific user account management tasks are performed.
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit User/Device Claims
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit User/Device Claims allows you to audit user and device claims information in the account’s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to.
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit account logon events
 **Applies to**
 -   Windows 10
 Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit account management
 **Applies to**
 -   Windows 10
 Determines whether to audit each event of account management on a device.
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit directory service access
 **Applies to**
 -   Windows 10
 Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit logon events
 **Applies to**
 -   Windows 10
 Determines whether to audit each instance of a user logging on to or logging off from a device.
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit object access
 **Applies to**
 -   Windows 10
 Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit policy change
 **Applies to**
 -   Windows 10
 Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit privilege use
 **Applies to**
 -   Windows 10
 Determines whether to audit each instance of a user exercising a user right.
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit process tracking
 **Applies to**
 -   Windows 10
 Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit system events
 **Applies to**
 -   Windows 10
 Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Basic security audit policies
 **Applies to**
 -   Windows 10
 Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization.
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Basic security audit policy settings
 **Applies to**
 -   Windows 10
 Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@ -14,14 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.technology: mde
 ---
 # Create a basic audit policy for an event category
 **Applies to**
 -   Windows 10
 By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 1100(S): The event logging service has shut down.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 1102(S): The audit log was cleared.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 1104(S): The security log is now full.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 1105(S): Event log automatic backup
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4608(S): Windows is starting up.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4610(S): An authentication package has been loaded by the Local Security Authority.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4611(S): A trusted logon process has been registered with the Local Security Authority.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4614(S): A notification package has been loaded by the Security Account Manager.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4615(S): Invalid use of LPC port.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 It appears that this event never occurs.
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4616(S): The system time was changed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4618(S): A monitored security event pattern has occurred.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 ***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,9 +16,6 @@ ms.technology: mde
 # 4621(S): Administrator recovered system from CrashOnAuditFail.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4622(S): A security package has been loaded by the Local Security Authority.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />
@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10:
 For 4622(S): A security package has been loaded by the Local Security Authority.
-   Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not.
+-   Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not.
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4624(S): An account was successfully logged on.
 **Applies to**
 - Windows 10
 - Windows Server 2016
 <img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4625(F): An account failed to log on.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4626(S): User/Device claims information.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4627(S): Group membership information.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 11/20/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4634(S): An account was logged off.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4647(S): User initiated logoff.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4648(S): A logon was attempted using explicit credentials.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4649(S): A replay attack was detected.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4656(S, F): A handle to an object was requested.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4657(S): A registry value was modified.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4657.png" alt="Event 4657 illustration" width="449" height="570" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4658(S): The handle to an object was closed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4658.png" alt="Event 4658 illustration" width="449" height="463" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4660(S): An object was deleted.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4660.png" alt="Event 4660 illustration" width="449" height="477" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4661(S, F): A handle to an object was requested.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4661.png" alt="Event 4661 illustration" width="449" height="661" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4662(S, F): An operation was performed on an object.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4662.png" alt="Event 4662 illustration" width="496" height="614" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4663(S): An attempt was made to access an object.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4663.png" alt="Event 4663 illustration" width="530" height="589" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4664(S): An attempt was made to create a hard link.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4664.png" alt="Event 4664 illustration" width="449" height="419" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4670(S): Permissions on an object were changed.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4670.png" alt="Event 4670 illustration" width="449" height="605" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,11 +16,7 @@ ms.technology: mde
 # 4671(-): An application attempted to access a blocked ordinal through the TBS.
-**Applies to**
+*
 -   Windows 10
 -   Windows Server 2016
 Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system.
 ***Subcategory:***&nbsp;[Audit Other Object Access Events](audit-other-object-access-events.md)
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 12/20/2018
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4672(S): Special privileges assigned to new logon.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4672.png" alt="Event 4672 illustration" width="449" height="503" hspace="10" align="left" />
 </br>
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4673(S, F): A privileged service was called.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4673.png" alt="Event 4673 illustration" width="449" height="503" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4674(S, F): An operation was attempted on a privileged object.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4674.png" alt="Event 4674 illustration" width="449" height="543" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4675(S): SIDs were filtered.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This event generates when SIDs were filtered for specific Active Directory trust.
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4688(S): A new process has been created.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4688.png" alt="Event 4688 illustration" width="417" height="479" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4689(S): A process has exited.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4689.png" alt="Event 4689 illustration" width="449" height="421" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4690(S): An attempt was made to duplicate a handle to an object.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4690.png" alt="Event 4690 illustration" width="449" height="463" hspace="10" align="left" />
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/07/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # 4691(S): Indirect access to an object was requested.
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 <img src="images/event-4691.png" alt="Event 4691 illustration" width="485" height="515" hspace="10" align="left" />
--- a/Show More
+++ b/Show More