From 425f096d8d91f3562919cbe29bcb985d4d8b1e6c Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 28 Jun 2021 18:34:23 +0530
Subject: [PATCH 1/3] corrected link

as per user report issue #9742, so i corrected the link.
all event ids  560, 562 , ....... all comes under  **audit object access**
---
 .../audit-audit-the-access-of-global-system-objects.md        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
index 4015f85f3f..55abcdd744 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
@@ -79,7 +79,7 @@ All auditing capabilities are integrated in Group Policy. You can configure, dep
 To audit attempts to access global system objects, you can use one of two security audit policy settings:
 
 -   [Audit Kernel Object](../auditing/audit-kernel-object.md) in Advanced Security Audit Policy Settings\\Object Access
--   [Audit object access](../auditing/basic-audit-object-access.md) under Security Settings\\Local Policies\\Audit Policy
+-   [Audit Object Access](../auditing/basic-audit-object-access.md) under Security Settings\\Local Policies\\Audit Policy
 
 If possible, use the Advanced Security Audit Policy option to reduce the number of unrelated audit events that you generate.
 
@@ -92,7 +92,7 @@ If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is conf
 | 4661 | A handle to an object was requested. |  
 | 4663 | An attempt was made to access an object. |  
  
-If the [Audit Kernel Object](../auditing/audit-kernel-object.md) setting is configured, the following events are generated:
+If the [Audit Object Access](../auditing/basic-audit-object-access.md) setting is configured, the following events are generated:
 
 | Event ID | Event message |
 | - | - |

From 62a35d4bd272e9f029889ccbac808b56d8637234 Mon Sep 17 00:00:00 2001
From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com>
Date: Thu, 1 Jul 2021 11:28:16 -0700
Subject: [PATCH 2/3] Update defender-csp.md

@denisebmsft some additions
---
 windows/client-management/mdm/defender-csp.md | 44 ++++++++++++++++---
 1 file changed, 39 insertions(+), 5 deletions(-)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 97561119e4..15b3e6a372 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -62,6 +62,7 @@ Defender
 --------PlatformUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
 --------EngineUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
 --------SignaturesUpdatesChannel (Added with the 4.18.2106.5 Defender platform release)
+--------DisableGradualRelease (Added with the 4.18.2106.5 Defender platform release)
 ----Scan
 ----UpdateSignature
 ----OfflineScan (Added in Windows 10 version 1803)
@@ -524,8 +525,7 @@ More details:
 - [Microsoft Defender Antivirus diagnostic data](/microsoft-365/security/defender-endpoint/collect-diagnostic-data)  
 - [Collect investigation package from devices](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices)  
 
-<a href="" id="configuration-supportloglocation"></a>**Configuration/PlatformUpdatesChannel**
-
+<a href="" id="configuration-platformupdateschannel"></a>**Configuration/PlatformUpdatesChannel**
 Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.
 
 Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
@@ -549,8 +549,12 @@ Valid values are:
 - 3: Current Channel (Staged)
 - 4: Current Channel (Broad)
 
-<a href="" id="configuration-supportloglocation"></a>**Configuration/EngineUpdatesChannel**
+More details:  
 
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+<a href="" id="configuration-engineupdateschannel"></a>**Configuration/EngineUpdatesChannel**
 Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.
 
 Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices.
@@ -574,8 +578,12 @@ Valid values are:
 - 3 - Current Channel (Staged)
 - 4 - Current Channel (Broad)
 
-<a href="" id="configuration-supportloglocation"></a>**Configuration/SignaturesUpdatesChannel** 
+More details:  
 
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+<a href="" id="configuration-definitionupdateschannel"></a>**Configuration/DefinitionUpdatesChannel** 
 Enable this policy to specify when devices receive daily Microsoft Defender definition updates during the daily gradual rollout.
 
 Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
@@ -590,6 +598,32 @@ Valid Values are:
 - 3: Current Channel (Staged)
 - 4: Current Channel (Broad)
 
+More details:  
+
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
+<a href="" id="configuration-disablegradualrelease"></a>**Configuration/DisableGradualRelease**
+Enable this policy to disable gradual rollout of monthly and daily Defender updates.
+Devices will be offered all Defender updates after the gradual release cycle completes. Best for datacenter machines that only receive limited updates.
+
+Note: This setting applies to both monthly as well as daily Defender updates and will override any previously configured channel selections for platform and engine updates.
+
+If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+•	1 – Enabled.
+•	0 (default) – Not Configured.
+
+More details:  
+
+- [Manage the gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/manage-gradual-rollout)  
+- [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
+
 <a href="" id="scan"></a>**Scan**  
 Node that can be used to start a Windows Defender scan on a device.
 
@@ -611,4 +645,4 @@ Supported operations are Get and Execute.
 
 ## Related topics
 
-[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
+[Configuration service provider reference](configuration-service-provider-reference.md)

From d35efcdadfc0bee35b3d35eb9dff74abff3c12a5 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 1 Jul 2021 11:50:54 -0700
Subject: [PATCH 3/3] Update defender-csp.md

---
 windows/client-management/mdm/defender-csp.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 15b3e6a372..c66d28ae30 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -604,10 +604,11 @@ More details:
 - [Create a custom gradual rollout process for Microsoft Defender updates](/microsoft-365/security/defender-endpoint/configure-updates)  
 
 <a href="" id="configuration-disablegradualrelease"></a>**Configuration/DisableGradualRelease**
-Enable this policy to disable gradual rollout of monthly and daily Defender updates.
-Devices will be offered all Defender updates after the gradual release cycle completes. Best for datacenter machines that only receive limited updates.
+Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates.
+Devices will be offered all Microsoft Defender updates after the gradual release cycle completes. This is best for datacenters that only receive limited updates.
 
-Note: This setting applies to both monthly as well as daily Defender updates and will override any previously configured channel selections for platform and engine updates.
+> [!NOTE]
+> This setting applies to both monthly as well as daily Microsoft Defender updates and will override any previously configured channel selections for platform and engine updates.
 
 If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.