Merge branch 'DeviceRegistrationMigrationAndRedirect' of https://github.com/MicrosoftGuyJFlo/windows-docs-pr into DeviceRegistrationMigrationAndRedirect

windows/security/identity-protection/access-control/active-directory-security-groups.md

@@ -3716,7 +3716,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-21-&lt;domain&gt;-1000</p></td>
+<td><p>S-1-5-21-&lt;domain&gt;-&lt;variable RID&gt;</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
@@ -3760,4 +3760,4 @@ This security group was introduced in Windows Server 2012, and it has not chang
 
 - [Special Identities](special-identities.md)
 
-- [Access Control Overview](access-control.md)
+- [Access Control Overview](access-control.md)

windows/security/identity-protection/credential-guard/credential-guard-known-issues.md

@@ -21,16 +21,33 @@ ms.reviewer:
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
+-   Windows Server 2019
  
 Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements). 
 
 The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033):
 
--  Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
-   "Task Scheduler failed to log on ‘\Test’ . <br>
-   Failure occurred in ‘LogonUserExEx’ . <br>
+-  Scheduled tasks with domain user stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
+   "Task Scheduler failed to log on ‘\Test’. <br>
+   Failure occurred in ‘LogonUserExEx’. <br>
    User Action: Ensure the credentials for the task are correctly specified. <br>
-   Additional Data: Error Value: 2147943726. 2147943726 : ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
+   Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
+-  When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. For example:
+   > Log Name: Microsoft-Windows-NTLM/Operational  
+    Source: Microsoft-Windows-Security-Netlogon  
+    Event ID: 8004  
+    Task Category: Auditing NTLM  
+    Level:         Information  
+    Description:  
+    Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.  
+    Secure Channel name: \<Secure Channel Name>  
+    User name:  
+    @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA  
+    Domain name: NULL
+    
+    - This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled.
+    - The username appears in an unusual format because local accounts aren’t protected by Credential Guard. The task also fails to execute.
+    - As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
 
 The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
 
@@ -107,4 +124,4 @@ Windows Defender Credential Guard is not supported by either these products, pro
 
   This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard. 
 
-  Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
+  Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.

windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md

@@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
 |-------------|---------|
 | 0X80072F0C  | Unknown |
 | 0x80070057  | Invalid parameter or argument is passed. |
+| 0x80090010  | NTE_PERM |
 | 0x80090020  | NTE\_FAIL |
 | 0x80090027  | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. |
 | 0x8009002D  | NTE\_INTERNAL\_ERROR |
@@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)