Merge branch 'master' into repo_sync_working_branch

windows/deployment/mbr-to-gpt.md

@@ -12,7 +12,7 @@ ms.author: greglin
 ms.date: 02/13/2018
 manager: dougeby
 ms.audience: itpro
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri

windows/deployment/s-mode.md

@@ -3,7 +3,7 @@ title: Windows 10 Pro in S mode
 description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
 keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode
 ms.mktglfcycl: deploy
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.prod: w10
 ms.sitesec: library
 ms.pagetype: deploy
@@ -58,4 +58,4 @@ The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-too
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
 - [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
+- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)

windows/deployment/update/servicing-stack-updates.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.author: jaimeo
 manager: dougeby
 ms.collection:

windows/security/threat-protection/auditing/event-4673.md

@@ -173,7 +173,7 @@ For 4673(S, F): A privileged service was called.
 
 > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
--   Monitor for this event where “**Subject\\Security ID**” is *not* one of these well-known security principals: LOCAL SYSTEM, NETWORK SERVICE, LOCAL SERVICE, and where “**Subject\\Security ID**” is not an administrative account that is expected to have the listed **Privileges**. Especially monitor Failure events.
+-   Monitor for this event where “**Subject\\Security ID**” is *not* one of these well-known security principals: LOCAL SYSTEM, NETWORK SERVICE, LOCAL SERVICE, and where “**Subject\\Security ID**” is not an administrative account that is expected to have the listed **Privileges**. See subcategories [Audit Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-sensitive-privilege-use) and [Audit Non Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use) for more details.
 
 -   If you need to monitor events related to specific Windows subsystems (“**Service\\Server**”), for example **NT Local Security Authority / Authentication Service** or **Security Account Manager**, monitor this event for the corresponding “**Service\\Server**.”
 
@@ -193,4 +193,4 @@ For 4673(S, F): A privileged service was called.
 
 -   If you have a list of specific user rights which should never be used, or used only by a few accounts (for example, SeDebugPrivilege), trigger an alert for those “**Privileges**.”
 
--   If you have a list of specific user rights for which every use must be reported or monitored (for example, SeRemoteShutdownPrivilege), trigger an alert for those “**Privileges**.”
+-   If you have a list of specific user rights for which every use must be reported or monitored (for example, SeRemoteShutdownPrivilege), trigger an alert for those “**Privileges**.”