Merge pull request #5675 from MicrosoftDocs/master

Publish 09/20/2021, 3:30 PM
2025-05-12 21:37:22 +00:00 · 2021-09-20 15:48:09 -07:00 · 2021-09-20 15:48:09 -07:00 · 78e31d1ca6
commit 78e31d1ca6
parent 7567139ea8 7f6cce61ba
28 changed files with 61 additions and 143 deletions
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@ -16,7 +16,10 @@ ms.topic: article
 # Windows Update for Business deployment service
-> Applies to: Windows 10
+**Applies to**
 -   Windows 10
 -   Windows 11
 The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies.
@ -56,18 +59,18 @@ The deployment service exposes these capabilities through Microsoft [Graph REST
 To work with the deployment service, devices must meet all these requirements:
- Be running Windows 10, version 1709 or later
+- Be running Windows 10, version 1709 or later (or Windows 11)
 - Be joined to Azure Active Directory (AD) or Hybrid AD
- Have one of the following Windows 10 editions installed:
+- Have one of the following Windows 10 or Windows 11 editions installed:
-    - Windows 10 Pro
+    - Pro
-    - Windows 10 Enterprise
+    - Enterprise
-    - Windows 10 Education
+    - Education
-    - Windows 10 Pro Education
+    - Pro Education
-    - Windows 10 Pro for Workstations
+    - Pro for Workstations
 Additionally, your organization must have one of the following subscriptions:
- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
 - Windows Virtual Desktop Access E3 or E5
 - Microsoft 365 Business Premium
@ -78,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform,
 ### Using Microsoft Endpoint Manager
-Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
 ### Scripting common actions using PowerShell
@ -141,18 +144,27 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
 Following is an example of setting the policy using Microsoft Endpoint Manager:
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**.
 4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**.
 5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**.
    - Name: **AllowWUfBCloudProcessing**
    - Description: Enter a description.
    - OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing`
    - Data type: **Integer**
    - Value: **8**
 6. In **Assignments**, select the groups that will receive the profile, and then select **Next**.
 7. In **Review + create**, review your settings, and then select **Create**.
-8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**.
+
 8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: 
   **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**
 ## Best practices
 Follow these suggestions for the best results with the service.
@ -160,6 +172,7 @@ Follow these suggestions for the best results with the service.
 ### Device onboarding 
 - Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day).
 - Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors.
 ### General
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@ -12,9 +12,14 @@ ms.topic: article
 # Safeguard holds
-Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
+**Applies to**
-Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows 10.
+-   Windows 10
 -   Windows 11
 Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
 Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client.
 The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices.
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@ -14,15 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Advanced security audit policy settings
 **Applies to**
 -   Windows 10
 This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as:
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@ -15,14 +15,13 @@ metadata:
  audience: ITPro
  ms.collection: M365-security-compliance
  ms.topic: conceptual
-  ms.date: 04/19/2017
+  ms.date: 09/06/2021
  ms.technology: mde
 title: Advanced security auditing FAQ
-summary: |
+
-  **Applies to**
+
-  -   Windows 10
+
  This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
  -   [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-)
--- a/windows/security/threat-protection/auditing/advanced-security-auditing.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md
@ -14,15 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 09/6/2021
 ms.technology: mde
 ---
 # Advanced security audit policies
 **Applies to**
 -   Windows 10
 Advanced security audit policy settings are found in **Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently.
 When you apply basic audit policy settings to the local computer by using the Local Security Policy snap-in, you are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe. In Windows 7 and later, advanced security audit policies can be controlled by using Group Policy.
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
 # Appendix A: Security monitoring recommendations for many audit events
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 This document, the [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) reference, provides information about individual audit events, and lists them within audit categories and subcategories. However, there are many events for which the following overall recommendations apply. There are links throughout this document from the “Recommendations” sections of the relevant events to this appendix.
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@ -14,15 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 07/25/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Apply a basic audit policy on a file or folder
 **Applies to**
 -   Windows 10
 You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
 To complete this procedure, you must be signed in as a member of the built-in Administrators group or have **Manage auditing and security log** rights.
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 07/16/2018
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Account Lockout
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. 
--- a/windows/security/threat-protection/auditing/audit-application-generated.md
+++ b/windows/security/threat-protection/auditing/audit-application-generated.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Application Generated
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Application Generated generates events for actions related to Authorization Manager [applications](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770563(v=ws.11)).
 Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)) is very rarely in use and it is deprecated starting from Windows Server 2012.
--- a/windows/security/threat-protection/auditing/audit-application-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-application-group-management.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Application Group Management
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Application Group Management generates events for actions related to [application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)), such as group creation, modification, addition or removal of group member and some other actions.
 [Application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)) are used by [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)).
--- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Audit Policy Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Audit Policy Change determines whether the operating system generates audit events when changes are made to audit policy.
--- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Authentication Policy Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Authentication Policy Change determines whether the operating system generates audit events when changes are made to authentication policy.
 Changes made to authentication policy include:
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Authorization Policy Change
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
--- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
+++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
@ -11,17 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Central Access Policy Staging
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Central Access Policy Staging allows you to audit access requests where a permission granted or denied by a proposed policy differs from the current central access policy on an object.
 If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event is generated as follows:
--- a/windows/security/threat-protection/auditing/audit-certification-services.md
+++ b/windows/security/threat-protection/auditing/audit-certification-services.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Certification Services
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Certification Services determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
 Examples of AD CS operations include:
--- a/windows/security/threat-protection/auditing/audit-computer-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Computer Account Management
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
--- a/windows/security/threat-protection/auditing/audit-credential-validation.md
+++ b/windows/security/threat-protection/auditing/audit-credential-validation.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Credential Validation
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Credential Validation determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
--- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Detailed Directory Service Replication
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Detailed File Share
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Detailed File Share allows you to audit attempts to access files and folders on a shared folder.
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Directory Service Access
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Directory Service Changes
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Directory Service Changes determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Directory Service Replication
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Directory Service Replication determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Distribution Group Management
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Distribution Group Management determines whether the operating system generates audit events for specific distribution-group management tasks.
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit DPAPI Activity
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit [DPAPI](/previous-versions/ms995355(v=msdn.10)) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](/previous-versions/ms995355(v=msdn.10))).
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit File Share
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks.
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit File System
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 > [!NOTE]
 > For more details about applicability on older operating system versions, read the article [Audit File System](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)).
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Filtering Platform Connection
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Filtering Platform Connection determines whether the operating system generates audit events when connections are allowed or blocked by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: dansimp
-ms.date: 04/19/2017
+ms.date: 09/06/2021
 ms.technology: mde
 ---
 # Audit Filtering Platform Packet Drop
 **Applies to**
 -   Windows 10
 -   Windows Server 2016
 Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page).