diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 74c7755cb8..bea0be45b0 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -1,6 +1,6 @@ --- title: Audit User/Device Claims (Windows 10) -description: Audit User/Device Claims is an audit policy setting which enables you to audit security events that are generated by user and device claims. +description: Audit User/Device Claims is an audit policy setting that enables you to audit security events that are generated by user and device claims. ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486 ms.reviewer: manager: dansimp @@ -25,7 +25,7 @@ Audit User/Device Claims allows you to audit user and device claims information For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource. -***Important***: [Audit Logon](audit-logon.md) subcategory must also be enabled in order to get events from this subcategory. +***Important***: Enable the [Audit Logon](audit-logon.md) subcategory in order to get events from this subcategory. **Event volume**: diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index e00e49b666..bd4e2bb72a 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -13,7 +13,7 @@ manager: dansimp ms.author: dansimp --- -# 1105(S): Event log automatic backup. +# 1105(S): Event log automatic backup **Applies to** - Windows 10 @@ -71,7 +71,7 @@ This event generates, for example, if the maximum size of Security Event Log fil ***Field Descriptions:*** -**Log** \[Type = UnicodeString\]: the name of the log which was archived (new event log file was created and previous event log was archived). Always “**Security”** for Security Event Logs. +**Log** \[Type = UnicodeString\]: the name of the log that was archived (new event log file was created and previous event log was archived). Always “**Security”** for Security Event Logs. **File**: \[Type = FILETIME\]: full path and filename of archived log file. diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index 9dcc575df1..4155868172 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -32,7 +32,7 @@ Account must have **SeAuditPrivilege** (Generate security audits) to be able to - Only **OrgEventID**, **ComputerName**, and **EventCount** are required—others are optional. Fields not specified appear with “**-**“ in the event description field. -- If a field doesn’t match the expected data type, the event is not generated. (i.e., if **EventCount** = “XYZ” then no event is generated.) +- If a field doesn’t match the expected data type, the event is not generated. That is, if **EventCount** = “XYZ”, then no event is generated. - **UserSid**, **UserName**, and **UserDomain** are not related to each other (think **SubjectUser** fields, where they are) @@ -98,5 +98,5 @@ Account must have **SeAuditPrivilege** (Generate security audits) to be able to For 4618(S): A monitored security event pattern has occurred. -- This event can be invoked only manually/intentionally, it is up to you how interpret this event depends on information you put inside of it. +- This event can be invoked only manually/intentionally, it is up to you how to interpret this event depends on information you put inside of it.