From 4c1e8b10d41effc6552ab71155d0bc0de5203d74 Mon Sep 17 00:00:00 2001
From: Justinha <Justinha@Microsoft.com>
Date: Wed, 25 Jan 2017 16:19:37 -0800
Subject: [PATCH 1/3] fixed formatting of *Session

---
 ...o-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 032e04c1ad..c3595ae774 100644
--- a/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -22,8 +22,8 @@ Credential Manager is a place where credentials in the OS are can be stored for
 For VPN, the VPN stack saves its credential as the session default. 
 For WiFi, EAP does it. 
 
-The credentials are put in Credential Manager as a "`*Session`" credential. 
-A "`*Session`" credential implies that it is valid for the current user session. 
+The credentials are put in Credential Manager as a "\*Session" credential. 
+A "\*Session" credential implies that it is valid for the current user session. 
 The credentials are also cleaned up when the WiFi or VPN connection is disconnected. 
 
 When the user tries to access a domain resource, using Edge for example, Edge has the right Enterprise Authentication capability so [WinInet](https://msdn.microsoft.com/library/windows/desktop/aa385483.aspx) can release the credentials that it gets from the Credential Manager to the SSP that is requesting it. 

From 30c6007a1eb06278ab7a0281a095881578259434 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 26 Jan 2017 11:38:56 -0800
Subject: [PATCH 2/3] minor typo fixed

---
 windows/deploy/windows-10-poc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md
index d2d418cbda..30bfed2bcc 100644
--- a/windows/deploy/windows-10-poc.md
+++ b/windows/deploy/windows-10-poc.md
@@ -865,7 +865,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
     >The commands in this script might take a few moments to complete. If an error is displayed, check that you typed the command correctly, paying close attention to spaces. PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. PC1 is also not renamed to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer.
 
 22. Upon completion of the script, PC1 will automatically restart. When it has restarted, sign in to the contoso.com domain using the **Switch User** option, with the **user1** account you created in step 11 of this section.
-    >**Important**: The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all use accounts, or only other specific accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing.
+    >**Important**: The settings that will be used later to migrate user data specifically select only accounts that belong to the CONTOSO domain. However, this can be changed to migrate all user accounts, or only other specified accounts. If you wish to test migration of user data and settings with accounts other than those in the CONTOSO domain, you must specify these accounts or domains when you configure the value of **ScanStateArgs** in the MDT test lab guide. This value is specifically called out when you get to that step. If you wish to only migrate CONTOSO accounts, then you can log in with the user1 account or the administrator account at this time and modify some of the files and settings for later use in migration testing.
 23. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services. 
 24. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands:
 

From 407d708748db2addeb4f48b71aa34540acc18308 Mon Sep 17 00:00:00 2001
From: Justinha <Justinha@Microsoft.com>
Date: Thu, 26 Jan 2017 12:00:21 -0800
Subject: [PATCH 3/3] added Failure event for 4774

---
 windows/keep-secure/TOC.md        | 2 +-
 windows/keep-secure/event-4774.md | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 7662302c08..d687114889 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -197,7 +197,7 @@
 ###### [Monitor claim types](monitor-claim-types.md)
 ##### [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 ###### [Audit Credential Validation](audit-credential-validation.md)
-####### [Event 4774 S: An account was mapped for logon.](event-4774.md)
+####### [Event 4774 S, F: An account was mapped for logon.](event-4774.md)
 ####### [Event 4775 F: An account could not be mapped for logon.](event-4775.md)
 ####### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](event-4776.md)
 ####### [Event 4777 F: The domain controller failed to validate the credentials for an account.](event-4777.md)
diff --git a/windows/keep-secure/event-4774.md b/windows/keep-secure/event-4774.md
index 2b626f9576..5d919fd37b 100644
--- a/windows/keep-secure/event-4774.md
+++ b/windows/keep-secure/event-4774.md
@@ -1,6 +1,6 @@
 ---
 title: 4774(S) An account was mapped for logon. (Windows 10)
-description: Describes security event 4774(S) An account was mapped for logon.
+description: Describes security event 4774(S, F) An account was mapped for logon.
 ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -8,14 +8,13 @@ ms.sitesec: library
 author: Mir0sh
 ---
 
-# 4774(S): An account was mapped for logon.
+# 4774(S, F): An account was mapped for logon.
 
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 
-
-It appears that this event never occurs.
+Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx). 
 
 ***Subcategory:***&nbsp;[Audit Credential Validation](audit-credential-validation.md)
 
@@ -23,7 +22,7 @@ It appears that this event never occurs.
 
 *An account was mapped for logon.*
 
-*Authentication Package:%1*
+*Authentication Package:Schannel*
 
 *Account UPN:%2*