Updated for 5358843-files-26to50

windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Packet Drop
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
 

windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Filtering Platform Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Filtering Platform Policy Change allows you to audit events generated by changes to the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) (WFP), such as the following:
 

windows/security/threat-protection/auditing/audit-group-membership.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Group Membership
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
 

windows/security/threat-protection/auditing/audit-handle-manipulation.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Handle Manipulation
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), [Audit Removable Storage](audit-removable-storage.md) and [Audit SAM](audit-sam.md) subcategories, and shows object’s handle duplication and close actions.
 

windows/security/threat-protection/auditing/audit-ipsec-driver.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Driver
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Driver allows you to audit events generated by IPSec driver such as the following:
 

windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Extended Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 

windows/security/threat-protection/auditing/audit-ipsec-main-mode.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Main Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Main Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 

windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 10/02/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit IPsec Quick Mode
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 

windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kerberos Authentication Service
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kerberos Authentication Service determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 

windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kerberos Service Ticket Operations
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kerberos Service Ticket Operations determines whether the operating system generates security audit events for Kerberos service ticket requests.
 

windows/security/threat-protection/auditing/audit-kernel-object.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Kernel Object
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Kernel Object determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 

windows/security/threat-protection/auditing/audit-logoff.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/16/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Logoff
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.
 

windows/security/threat-protection/auditing/audit-logon.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Logon
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer.
 

windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit MPSSVC Rule-Level Policy Change
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit MPSSVC Rule-Level Policy Change determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 

windows/security/threat-protection/auditing/audit-network-policy-server.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Network Policy Server
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
 
 Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
 

windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Non-Sensitive Privilege Use
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:
 

windows/security/threat-protection/auditing/audit-other-account-logon-events.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Account Logon Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 **General Subcategory Information:**
 

windows/security/threat-protection/auditing/audit-other-account-management-events.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Account Management Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Account Management Events determines whether the operating system generates user account management audit events.
 

windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Logon/Logoff Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events.
 

windows/security/threat-protection/auditing/audit-other-object-access-events.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 05/29/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Object Access Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and indirect object access requests.
 

windows/security/threat-protection/auditing/audit-other-policy-change-events.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Policy Change Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Other Policy Change Events contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations.
 

windows/security/threat-protection/auditing/audit-other-privilege-use-events.md

@@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other Privilege Use Events
 
-**Applies to**
-- Windows 10
-- Windows Server 2016
 
 This auditing subcategory should not have any events in it, but for some reason Success auditing will enable the generation of event [4985(S): The state of a transaction has changed](/windows/security/threat-protection/auditing/event-4985).
 

windows/security/threat-protection/auditing/audit-other-system-events.md

@@ -11,17 +11,13 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Other System Events
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
-
+ 
 Audit Other System Events contains Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.
 
 Audit Other System Events determines whether the operating system audits various system events.

windows/security/threat-protection/auditing/audit-pnp-activity.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit PNP Activity
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit PNP Activity determines when Plug and Play detects an external device.
 

windows/security/threat-protection/auditing/audit-process-creation.md

@@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 
 # Audit Process Creation
 
-**Applies to**
--   Windows 10
--   Windows Server 2016
-
 
 Audit Process Creation determines whether the operating system generates audit events when a process is created (starts).