diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 10a7cb1c8c..5541fc0f63 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -44,51 +44,51 @@ set this value to **No auditing**, in the **Properties** dialog box for this pol
You can configure this security setting by opening the appropriate policy under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
-| Account management events | Description |
-|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 624 | A user account was created. |
-| 627 | A user password was changed. |
-| 628 | A user password was set. |
-| 630 | A user account was deleted. |
-| 631 | A global group was created. |
-| 632 | A member was added to a global group. |
-| 633 | A member was removed from a global group. |
-| 634 | A global group was deleted. |
-| 635 | A new local group was created. |
-| 636 | A member was added to a local group. |
-| 637 | A member was removed from a local group. |
-| 638 | A local group was deleted. |
-| 639 | A local group account was changed. |
-| 641 | A global group account was changed. |
-| 642 | A user account was changed. |
-| 643 | A domain policy was modified. |
-| 644 | A user account was auto locked. |
-| 645 | A computer account was created. |
-| 646 | A computer account was changed. |
-| 647 | A computer account was deleted. |
-| 648 | A local security group with security disabled was created.
**Note:** SECURITY_DISABLED in the formal name means that this group cannot be used to grant permissions in access checks. |
-| 649 | A local security group with security disabled was changed. |
-| 650 | A member was added to a security-disabled local security group. |
-| 651 | A member was removed from a security-disabled local security group. |
-| 652 | A security-disabled local group was deleted. |
-| 653 | A security-disabled global group was created. |
-| 645 | A security-disabled global group was changed. |
-| 655 | A member was added to a security-disabled global group. |
-| 656 | A member was removed from a security-disabled global group. |
-| 657 | A security-disabled global group was deleted. |
-| 658 | A security-enabled universal group was created. |
-| 659 | A security-enabled universal group was changed. |
-| 660 | A member was added to a security-enabled universal group. |
-| 661 | A member was removed from a security-enabled universal group. |
-| 662 | A security-enabled universal group was deleted. |
-| 663 | A security-disabled universal group was created. |
-| 664 | A security-disabled universal group was changed. |
-| 665 | A member was added to a security-disabled universal group. |
-| 666 | A member was removed from a security-disabled universal group. |
-| 667 | A security-disabled universal group was deleted. |
-| 668 | A group type was changed. |
-| 684 | Set the security descriptor of members of administrative groups. |
-| 685 | Set the security descriptor of members of administrative groups.
**Note:** Every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise, and schema administrators) and applies a fixed security descriptor on them. This event is logged. |
+| Account management events | Description |
+| :-----------------------: | :---------- |
+| 4720 | A user account was created. |
+| 4723 | A user password was changed. |
+| 4724 | A user password was set. |
+| 4726 | A user account was deleted. |
+| 4727 | A global group was created. |
+| 4728 | A member was added to a global group. |
+| 4729 | A member was removed from a global group. |
+| 4730 | A global group was deleted. |
+| 4731 | A new local group was created. |
+| 4732 | A member was added to a local group. |
+| 4733 | A member was removed from a local group. |
+| 4734 | A local group was deleted. |
+| 4735 | A local group account was changed. |
+| 4737 | A global group account was changed. |
+| 4738 | A user account was changed. |
+| 4739 | A domain policy was modified. |
+| 4740 | A user account was auto locked. |
+| 4741 | A computer account was created. |
+| 4742 | A computer account was changed. |
+| 4743 | A computer account was deleted. |
+| 4744 | A local security group with security disabled was created.
**Note:** SECURITY_DISABLED in the formal name means that this group cannot be used to grant permissions in access checks |
+| 4745 | A local security group with security disabled was changed. |
+| 4746 | A member was added to a security-disabled local security group. |
+| 4747 | A member was removed from a security-disabled local security group. |
+| 4748 | A security-disabled local group was deleted. |
+| 4749 | A security-disabled global group was created. |
+| 4750 | A security-disabled global group was changed. |
+| 4751 | A member was added to a security-disabled global group. |
+| 4752 | A member was removed from a security-disabled global group. |
+| 4753 | A security-disabled global group was deleted. |
+| 4754 | A security-enabled universal group was created. |
+| 4755 | A security-enabled universal group was changed. |
+| 4756 | A member was added to a security-enabled universal group. |
+| 4757 | A member was removed from a security-enabled universal group. |
+| 4758 | A security-enabled universal group was deleted. |
+| 4759 | A security-disabled universal group was created. |
+| 4760 | A security-disabled universal group was changed. |
+| 4761 | A member was added to a security-disabled universal group. |
+| 4762 | A member was removed from a security-disabled universal group. |
+| 4763 | A security-disabled universal group was deleted. |
+| 4764 | A group type was changed. |
+| 4780 | Set the security descriptor of members of administrative groups. |
+| 685 | Set the security descriptor of members of administrative groups.
**Note:** Every 60 minutes on a domain controller a background thread searches all members of administrative groups (such as domain, enterprise, and schema administrators) and applies a fixed security descriptor on them. This event is logged. |
## Related topics