From 84a24e22fe5813735ed70afe737ceb54391e1e11 Mon Sep 17 00:00:00 2001
From: Michael Nady <michael.nady@gmail.com>
Date: Tue, 21 Jun 2022 12:09:09 +0200
Subject: [PATCH 1/2] #10420

#10420
---
 ...trict-ntlm-audit-ntlm-authentication-in-this-domain.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index bdbf0e528d..725d0aaed2 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -47,9 +47,13 @@ When you enable this audit policy, it functions in the same way as the **Network
 
     The domain controller will log events for NTLM authentication logon attempts that use domain accounts when NTLM authentication would be denied because the **Network security: Restrict NTLM: NTLM authentication in this domain** policy setting is set to **Deny for domain accounts**.
 
--   Not defined
+- **Enable for domain servers**
 
-    This is the same as **Disable** and results in no auditing of NTLM traffic.
+    The domain controller will log events for NTLM authentication requests to all servers in the domain when NTLM authentication would be denied because the **Network security: Restrict NTLM: NTLM authentication in this domain** policy setting is set to **Deny for domain servers**.
+
+- **Enable all**
+    
+    The domain controlleron which this policy is set will log all events for incoming NTLM traffic.
 
 ### Best practices
 

From fa96b6ea13b0d6f6a06e741efb8c2ee316467c0f Mon Sep 17 00:00:00 2001
From: Michael Nady <michael.nady@gmail.com>
Date: Wed, 29 Jun 2022 10:02:28 +0200
Subject: [PATCH 2/2] Update
 windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 ...ty-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 725d0aaed2..0e0c392215 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -53,7 +53,7 @@ When you enable this audit policy, it functions in the same way as the **Network
 
 - **Enable all**
     
-    The domain controlleron which this policy is set will log all events for incoming NTLM traffic.
+    The domain controller on which this policy is set will log all events for incoming NTLM traffic.
 
 ### Best practices