resolve merge conflict

windows/client-management/index.yml

@@ -96,4 +96,4 @@ landingContent:
           - text: Advanced troubleshooting for Windows start-up and performance
             url: /troubleshoot/windows-client/performance/performance-overview
           - text: Advanced troubleshooting for user profiles and logon
-            url: /troubleshoot-windows-startup.md/troubleshoot/windows-client/user-profiles-and-logon/userprofiles-and-logon-overview
+            url: /troubleshoot/windows-client/user-profiles-and-logon/userprofiles-and-logon-overview

windows/configuration/provisioning-packages/provisioning-create-package.md

@@ -43,6 +43,9 @@ You can use Windows Configuration Designer to create a provisioning package (`.p
 
       Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop and kiosk devices, see [What you can configure using Configuration Designer wizards](provisioning-packages.md#configuration-designer-wizards).
       
+      >[!NOTE]
+      >To target devices running versions earlier than Windows 10, version 2004, ComputerName customization must be defined from the setting path: `Accounts/ComputerAccount/ComputerName` from the advanced editor. The default path from the simple editor uses a new CSP that isn't available on older systems.
+
     - The **Advanced provisioning** option opens a new project with all the runtime settings available. (The rest of this procedure uses advanced provisioning.)
 
         >[!TIP]

windows/deployment/update/update-compliance-v2-workbook.md

@@ -8,7 +8,7 @@ author: mestew
 ms.author: mstewart
 ms.collection: M365-analytics
 ms.topic: article
-ms.date: 08/10/2022
+ms.date: 10/24/2022
 ---
 
 # Update Compliance (preview) workbook
@@ -67,10 +67,13 @@ The charts displayed in the **Summary** tab give you a general idea of the overa
 
 The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information:
 
-- **Devices count**: Count of devices that have reported at least one security update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
+- **Latest security update**: Count of devices that have reported successful installation of the latest security update.
-- **Latest security update**: Count of devices that have installed the latest security update.
+- **Missing one security update**: Count of devices that haven't installed the latest security update.
-- **Security update status**: Count of devices that haven't installed a security update released within the last 60 days.
+- **Missing multiple security updates**: Count of devices that are missing two or more security updates.
-- **Total alerts**: Count of active alerts that are for quality updates.
+- **Active alerts**: Count of active update and device alerts for quality updates.
+
+Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+
 
 Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end-users are impacted.
 
@@ -79,7 +82,6 @@ Below the tiles, the **Quality updates** tab is subdivided into **Update status*
 The **Update status** group for quality updates contains the following items:
 
 - **Update states for all security releases**: Chart containing the number of devices in a specific state, such as installing, for security updates.
-- **Update states for the latest security releases**: Chart containing the number of devices in a specific state for the most recent security update.
 - **Update alerts for all security releases**: Chart containing the count of active errors and warnings for security updates.
 
 :::image type="content" source="media/33771278-update-deployment-status-table.png" alt-text="Screenshot of the charts and table in the workbook's quality updates tab" lightbox="media/33771278-update-deployment-status-table.png":::
@@ -98,6 +100,7 @@ The **Device status** group for quality updates contains the following items:
 
 - **OS build number**: Chart containing a count of devices by OS build that are getting security updates.
 - **Target version**: Chart containing how many devices by operating system version that are getting security updates.
+- **Device alerts**: Chart containing the count of active device errors and warnings for quality updates.
 - **Device compliance status**: Table containing a list of devices getting security updates and update installation information including active alerts for the devices.
   - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
@@ -105,13 +108,12 @@ The **Device status** group for quality updates contains the following items:
 
 The **Feature updates** tab displays generalized data at the top by using tiles. The feature update data becomes more specific as you navigate lower in this tab. The top of the **Feature updates** tab contains tiles with the following information:
 
-- **Devices count**: Count of devices that have reported a feature update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
+- **In service feature update**: Count of devices that are installed with a supported version of a Windows feature update.
-- **Feature update status**: Count of the devices that installed a feature update in the past 30 days.
+- **End of service feature update**: Count of devices that don't have a supported version of a Windows feature update installed. For more information, see the [Windows lifecycle FAQ](/lifecycle/faq/windows).
-- **End Of Service**: Count of devices running an operating system version that no longer receives feature updates. For more information, see the [Windows lifecycle FAQ](/lifecycle/faq/windows).
 - **Nearing EOS** Count of devices that are within 18 months of their end of service date.
-- **Total alerts**: Count of active alerts that are for feature updates.
+- **Active alerts**: Count of active update and device alerts for feature updates.
 
-Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles.
+Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ### <a name="bkmk_update-group-feature"></a> Update status group for feature updates
 
@@ -134,7 +136,7 @@ The **Update status** group for feature updates contains the following items:
 The **Device status** group for feature updates contains the following items:
 
 - **Windows 11 readiness status**: Chart containing how many devices that have a status of capable, not capable, or unknown for Windows 11 readiness.
-- **Device alerts**: Count of active alerts for feature updates in each alert classification.
+- **Device alerts**: Count of active device alerts for feature updates in each alert classification.
 - **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
   - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 

windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md

@@ -1,7 +1,7 @@
 ---
 title: Device registration overview
 description: This article provides an overview on how to register devices in Autopatch
-ms.date: 09/07/2022
+ms.date: 10/5/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -22,7 +22,8 @@ The overall device registration process is:
 
 :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
 
-1. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
+1. IT admin reviews [Windows Autopatch device registration pre-requisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch.
+2. IT admin identifies devices to be managed by Windows Autopatch and adds them into the **Windows Autopatch Device Registration** Azure Active Directory (AD) group.
 1. Windows Autopatch then:
     1. Performs device readiness prior registration (prerequisite checks).
     1. Calculates the deployment ring distribution.

windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md

@@ -72,8 +72,8 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
 - Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
 - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
 - Managed by Microsoft Endpoint Manager.
-    - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) and/or [Configuration Manager Co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
+    - [Already enrollled into Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) and/or [Configuration Manager co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
-        - Must switch the following Microsoft Endpoint Manager-Configuration Manager [Co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
+        - Must switch the following Microsoft Endpoint Manager-Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
             - Windows updates policies
             - Device configuration
             - Office Click-to-run
@@ -202,7 +202,7 @@ For ease of deployment, we recommend nesting a dynamic device group in your Auto
 Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
 
 - For Windows 365 support, see [Get support](/mem/get-support).
-- For Azure Virtual Desktop support, see [Get support](/support/create-ticket/).
+- For Azure Virtual Desktop support, see [Get support](https://azure.microsoft.com/support/create-ticket/).
 - For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).  
 
 ## Device management lifecycle scenarios

windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md

@@ -24,7 +24,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl
 | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).<p><p>For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).<p><p>For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). |
 | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.<p><p>For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). |
 | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.<br><ul><li>For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)</li><li>For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).</li></ul> |
-| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works.<p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
+| Device management | [Devices must be already enrolled with Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) prior to registering with Windows Autopatch. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.<p><p>At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).<p>Other device management prerequisites include:<ul><li>Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.</li><li>Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.</li><li>Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.</li><li>Devices must be connected to the internet.</li><li>Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.</li></ul><p>See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works with Windows Autopatch.<p>For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).</p> |
 | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). |
 
 ## More about licenses

windows/privacy/changes-to-windows-diagnostic-data-collection.md

@@ -118,7 +118,7 @@ It's recommended Insiders on these devices pause flighting if these changes aren
 
 For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
 
-For other Windows devices (not in the Dev Channel), additional details on supported versions of Windows 11 and Windows 10 will be announced at a later date. These changes will roll out no earlier than the last quarter of calendar year 2022.  
+For other Windows devices (not in the Dev Channel), the change will rollout with the January 2023 release preview cumulative update for Windows 10 versions 20H2, 21H2 and 22H2, and Windows 11 versions 21H2 and 22H2.
 
 To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD (can be a hybrid Azure AD join), and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services.
 

windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md

@@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business works (Windows)
 description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: high
 author: paolomatarazzo
 ms.author: paoloma

windows/security/information-protection/bitlocker/bitlocker-overview.md

@@ -66,7 +66,7 @@ The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support th
 > [!NOTE]
 > TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature.
 
-> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt.md) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
+> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
 
 The hard disk must be partitioned with at least two drives:
 

windows/security/threat-protection/auditing/event-4774.md

@@ -14,10 +14,7 @@ ms.author: vinpa
 ms.technology: windows-sec
 ---
 
-# 4774(S, F): An account was mapped for logon.
+# 4774(S, F): An account was mapped for logon
-
-
-Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx). 
 
 ***Subcategory:*** [Audit Credential Validation](audit-credential-validation.md)
 
@@ -25,11 +22,11 @@ Success events do not appear to occur. Failure event [has been reported](http://
 
 *An account was mapped for logon.*
 
-*Authentication Package:Schannel*
+*Authentication Package:* `<Authentication package>`
 
-*Account UPN:*<*Acccount*>@<*Domain*>
+*Account UPN:* `<Acccount>@<Domain>`
 
-*Mapped Name:*<*Account*>
+*Mapped Name:* `<Account>`
 
 ***Required Server Roles:*** no information.
 
@@ -40,4 +37,3 @@ Success events do not appear to occur. Failure event [has been reported](http://
 ## Security Monitoring Recommendations
 
 - There is no recommendation for this event in this document.
-

windows/security/threat-protection/auditing/event-4908.md

@@ -2,7 +2,7 @@
 title: 4908(S) Special Groups Logon table modified. (Windows 10)
 description: Describes security event 4908(S) Special Groups Logon table modified. This event is generated when the Special Groups Logon table is modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4908(S): Special Groups Logon table modified.
@@ -70,7 +70,7 @@ For more information about Special Groups auditing, see [4908(S): Special Groups
 
 ***Field Descriptions:***
 
-**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
+**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID can't be resolved, you'll see the source data in the event.
 
 > [!NOTE]
 > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
@@ -83,7 +83,7 @@ For more information about Special Groups auditing, see [4908(S): Special Groups
 
 For 4908(S): Special Groups Logon table modified.
 
--   If you use the Special Groups feature, then this event should be always monitored, especially on high value assets or computers. If this change was not planned, investigate the reason for the change.
+-   If you use the Special Groups feature, then this event should be always monitored, especially on high value assets or computers. If this change wasn't planned, investigate the reason for the change.
 
 -   If you don’t use the Special Groups feature, then this event should be always monitored because it indicates use of the Special Groups feature outside of your standard procedures.
 

windows/security/threat-protection/auditing/event-4909.md

@@ -2,7 +2,7 @@
 title: 4909(-) The local policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4909(-) The local policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4909(-): The local policy settings for the TBS were changed.

windows/security/threat-protection/auditing/event-4910.md

@@ -2,7 +2,7 @@
 title: 4910(-) The group policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4910(-) The group policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4910(-): The group policy settings for the TBS were changed.

windows/security/threat-protection/auditing/event-4911.md

@@ -2,7 +2,7 @@
 title: 4911(S) Resource attributes of the object were changed. (Windows 10)
 description: Describes security event 4911(S) Resource attributes of the object were changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4911(S): Resource attributes of the object were changed.

windows/security/threat-protection/auditing/event-4912.md

@@ -2,7 +2,7 @@
 title: 4912(S) Per User Audit Policy was changed. (Windows 10)
 description: Describes security event 4912(S) Per User Audit Policy was changed. This event is generated every time Per User Audit Policy is changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4912(S): Per User Audit Policy was changed.

windows/security/threat-protection/auditing/event-4913.md

@@ -2,7 +2,7 @@
 title: 4913(S) Central Access Policy on the object was changed. (Windows 10)
 description: Describes security event 4913(S) Central Access Policy on the object was changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4913(S): Central Access Policy on the object was changed.

windows/security/threat-protection/auditing/event-4928.md

@@ -2,7 +2,7 @@
 title: 4928(S, F) An Active Directory replica source naming context was established. (Windows 10)
 description: Describes security event 4928(S, F) An Active Directory replica source naming context was established.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4928(S, F): An Active Directory replica source naming context was established.

windows/security/threat-protection/auditing/event-4929.md

@@ -2,7 +2,7 @@
 title: 4929(S, F) An Active Directory replica source naming context was removed. (Windows 10)
 description: Describes security event 4929(S, F) An Active Directory replica source naming context was removed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4929(S, F): An Active Directory replica source naming context was removed.

windows/security/threat-protection/auditing/event-4930.md

@@ -2,7 +2,7 @@
 title: 4930(S, F) An Active Directory replica source naming context was modified. (Windows 10)
 description: Describes security event 4930(S, F) An Active Directory replica source naming context was modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4930(S, F): An Active Directory replica source naming context was modified.

windows/security/threat-protection/auditing/event-4931.md

@@ -2,7 +2,7 @@
 title: 4931(S, F) An Active Directory replica destination naming context was modified. (Windows 10)
 description: Describes security event 4931(S, F) An Active Directory replica destination naming context was modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4931(S, F): An Active Directory replica destination naming context was modified.

windows/security/threat-protection/auditing/event-4932.md

@@ -2,7 +2,7 @@
 title: 4932(S) Synchronization of a replica of an Active Directory naming context has begun. (Windows 10)
 description: Describes security event 4932(S) Synchronization of a replica of an Active Directory naming context has begun.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4932(S): Synchronization of a replica of an Active Directory naming context has begun.

windows/security/threat-protection/auditing/event-4933.md

@@ -2,7 +2,7 @@
 title: 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended. (Windows 10)
 description: Describes security event 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended.

windows/security/threat-protection/auditing/event-4934.md

@@ -2,7 +2,7 @@
 title: 4934(S) Attributes of an Active Directory object were replicated. (Windows 10)
 description: Describes security event 4934(S) Attributes of an Active Directory object were replicated.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4934(S): Attributes of an Active Directory object were replicated.

windows/security/threat-protection/auditing/event-4935.md

@@ -2,7 +2,7 @@
 title: 4935(F) Replication failure begins. (Windows 10)
 description: Describes security event 4935(F) Replication failure begins. This event is generated when Active Directory replication failure begins.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4935(F): Replication failure begins.

windows/security/threat-protection/auditing/event-4936.md

@@ -2,7 +2,7 @@
 title: 4936(S) Replication failure ends. (Windows 10)
 description: Describes security event 4936(S) Replication failure ends. This event is generated when Active Directory replication failure ends.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4936(S): Replication failure ends.

windows/security/threat-protection/auditing/event-4937.md

@@ -2,7 +2,7 @@
 title: 4937(S) A lingering object was removed from a replica. (Windows 10)
 description: Describes security event 4937(S) A lingering object was removed from a replica.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4937(S): A lingering object was removed from a replica.

windows/security/threat-protection/auditing/event-4944.md

@@ -2,7 +2,7 @@
 title: 4944(S) The following policy was active when the Windows Firewall started. (Windows 10)
 description: Describes security event 4944(S) The following policy was active when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4944(S): The following policy was active when the Windows Firewall started.

windows/security/threat-protection/auditing/event-4945.md

@@ -2,7 +2,7 @@
 title: 4945(S) A rule was listed when the Windows Firewall started. (Windows 10)
 description: Describes security event 4945(S) A rule was listed when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4945(S): A rule was listed when the Windows Firewall started.

windows/security/threat-protection/auditing/event-4946.md

@@ -2,7 +2,7 @@
 title: 4946(S) A change has been made to Windows Firewall exception list. A rule was added. (Windows 10)
 description: Describes security event 4946(S) A change has been made to Windows Firewall exception list. A rule was added.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4946(S): A change has been made to Windows Firewall exception list. A rule was added.

windows/security/threat-protection/auditing/event-4947.md

@@ -2,7 +2,7 @@
 title: 4947(S) A change has been made to Windows Firewall exception list. A rule was modified. (Windows 10)
 description: Describes security event 4947(S) A change has been made to Windows Firewall exception list. A rule was modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified.

windows/security/threat-protection/auditing/event-4948.md

@@ -2,7 +2,7 @@
 title: 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted. (Windows 10)
 description: Describes security event 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted.

windows/security/threat-protection/auditing/event-4949.md

@@ -2,7 +2,7 @@
 title: 4949(S) Windows Firewall settings were restored to the default values. (Windows 10)
 description: Describes security event 4949(S) Windows Firewall settings were restored to the default values.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4949(S): Windows Firewall settings were restored to the default values.

windows/security/threat-protection/auditing/event-4950.md

@@ -2,7 +2,7 @@
 title: 4950(S) A Windows Firewall setting has changed. (Windows 10)
 description: Describes security event 4950(S) A Windows Firewall setting has changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4950(S): A Windows Firewall setting has changed.

windows/security/threat-protection/auditing/event-4951.md

@@ -2,7 +2,7 @@
 title: 4951(F) A rule has been ignored because its major version number wasn't recognized by Windows Firewall. (Windows 10)
 description: Describes security event 4951(F) A rule has been ignored because its major version number wasn't recognized by Windows Firewall.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4951(F): A rule has been ignored because its major version number wasn't recognized by Windows Firewall.

windows/security/threat-protection/auditing/event-4952.md

@@ -2,7 +2,7 @@
 title: 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. (Windows 10)
 description: Security event 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.

windows/security/threat-protection/auditing/event-4953.md

@@ -2,7 +2,7 @@
 title: 4953(F) Windows Firewall ignored a rule because it couldn't be parsed. (Windows 10)
 description: Describes security event 4953(F) Windows Firewall ignored a rule because it couldn't be parsed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4953(F): Windows Firewall ignored a rule because it couldn't be parsed.

windows/security/threat-protection/auditing/event-4954.md

@@ -2,7 +2,7 @@
 title: 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied. (Windows 10)
 description: Describes security event 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied.

windows/security/threat-protection/auditing/event-4956.md

@@ -2,7 +2,7 @@
 title: 4956(S) Windows Firewall has changed the active profile. (Windows 10)
 description: Describes security event 4956(S) Windows Firewall has changed the active profile.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4956(S): Windows Firewall has changed the active profile.

windows/security/threat-protection/auditing/event-4957.md

@@ -2,7 +2,7 @@
 title: 4957(F) Windows Firewall did not apply the following rule. (Windows 10)
 description: Describes security event 4957(F) Windows Firewall didn't apply the following rule.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4957(F): Windows Firewall did not apply the following rule.

windows/security/threat-protection/auditing/event-4958.md

@@ -2,7 +2,7 @@
 title: 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
 description: Describes security event 4958(F) Windows Firewall didn't apply the following rule because the rule referred to items not configured on this computer.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.

windows/security/threat-protection/auditing/event-4964.md

@@ -2,7 +2,7 @@
 title: 4964(S) Special groups have been assigned to a new logon. (Windows 10)
 description: Describes security event 4964(S) Special groups have been assigned to a new logon.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4964(S): Special groups have been assigned to a new logon.

windows/security/threat-protection/auditing/event-4985.md

@@ -2,7 +2,7 @@
 title: 4985(S) The state of a transaction has changed. (Windows 10)
 description: Describes security event 4985(S) The state of a transaction has changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 4985(S): The state of a transaction has changed.

windows/security/threat-protection/auditing/event-5024.md

@@ -2,7 +2,7 @@
 title: 5024(S) The Windows Firewall Service has started successfully. (Windows 10)
 description: Describes security event 5024(S) The Windows Firewall Service has started successfully.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5024(S): The Windows Firewall Service has started successfully.

windows/security/threat-protection/auditing/event-5025.md

@@ -2,7 +2,7 @@
 title: 5025(S) The Windows Firewall Service has been stopped. (Windows 10)
 description: Describes security event 5025(S) The Windows Firewall Service has been stopped.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5025(S): The Windows Firewall Service has been stopped.

windows/security/threat-protection/auditing/event-5027.md

@@ -2,7 +2,7 @@
 title: 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. (Windows 10)
 description: Details on security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.

windows/security/threat-protection/auditing/event-5028.md

@@ -2,7 +2,7 @@
 title: 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. (Windows 10)
 description: Describes security event 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.

windows/security/threat-protection/auditing/event-5029.md

@@ -2,7 +2,7 @@
 title: 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. (Windows 10)
 description: Describes security event 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.

windows/security/threat-protection/auditing/event-5030.md

@@ -2,7 +2,7 @@
 title: 5030(F) The Windows Firewall Service failed to start. (Windows 10)
 description: Describes security event 5030(F) The Windows Firewall Service failed to start.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5030(F): The Windows Firewall Service failed to start.

windows/security/threat-protection/auditing/event-5031.md

@@ -5,13 +5,13 @@ manager: aaroncz
 ms.author: vinpa
 description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/08/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network.

windows/security/threat-protection/auditing/event-5032.md

@@ -2,7 +2,7 @@
 title: 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. (Windows 10)
 description: Describes security event 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

windows/security/threat-protection/auditing/event-5033.md

@@ -2,7 +2,7 @@
 title: 5033(S) The Windows Firewall Driver has started successfully. (Windows 10)
 description: Describes security event 5033(S) The Windows Firewall Driver has started successfully.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5033(S): The Windows Firewall Driver has started successfully.

windows/security/threat-protection/auditing/event-5034.md

@@ -2,7 +2,7 @@
 title: 5034(S) The Windows Firewall Driver was stopped. (Windows 10)
 description: Describes security event 5034(S) The Windows Firewall Driver was stopped.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5034(S): The Windows Firewall Driver was stopped.

windows/security/threat-protection/auditing/event-5035.md

@@ -2,7 +2,7 @@
 title: 5035(F) The Windows Firewall Driver failed to start. (Windows 10)
 description: Describes security event 5035(F) The Windows Firewall Driver failed to start.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5035(F): The Windows Firewall Driver failed to start.

windows/security/threat-protection/auditing/event-5037.md

@@ -2,7 +2,7 @@
 title: 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating. (Windows 10)
 description: Describes security event 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating.

windows/security/threat-protection/auditing/event-5038.md

@@ -2,7 +2,7 @@
 title: 5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10)
 description: Describes security event 5038(F) Code integrity determined that the image hash of a file isn't valid.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

windows/security/threat-protection/auditing/event-5039.md

@@ -2,7 +2,7 @@
 title: 5039(-) A registry key was virtualized. (Windows 10)
 description: Describes security event 5039(-) A registry key was virtualized. This event is generated when a registry key is virtualized using LUAFV.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5039(-): A registry key was virtualized.

windows/security/threat-protection/auditing/event-5051.md

@@ -2,7 +2,7 @@
 title: 5051(-) A file was virtualized. (Windows 10)
 description: Describes security event 5051(-) A file was virtualized. This event is generated when a file is virtualized using LUAFV.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5051(-): A file was virtualized.

windows/security/threat-protection/auditing/event-5056.md

@@ -2,7 +2,7 @@
 title: 5056(S) A cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5056(S) A cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5056(S): A cryptographic self-test was performed.

windows/security/threat-protection/auditing/event-5057.md

@@ -2,7 +2,7 @@
 title: 5057(F) A cryptographic primitive operation failed. (Windows 10)
 description: Describes security event 5057(F) A cryptographic primitive operation failed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5057(F): A cryptographic primitive operation failed.

windows/security/threat-protection/auditing/event-5058.md

@@ -2,7 +2,7 @@
 title: 5058(S, F) Key file operation. (Windows 10)
 description: Describes security event 5058(S, F) Key file operation. This event is generated when an operation is performed on a file that contains a KSP key.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5058(S, F): Key file operation.

windows/security/threat-protection/auditing/event-5632.md

@@ -127,7 +127,7 @@ You can see interface’s GUID using the following commands:
 
 -   **Error Code** \[Type = HexInt32\]**:** there's no information about this field in this document.
 
--   **EAP Reason Code** \[Type = HexInt32\]**:** there's no information about this field in this document. See additional information here: <https://technet.microsoft.com/library/dd197570(v=ws.10).aspx>.
+-   **EAP Reason Code** \[Type = HexInt32\]**:** there's no information about this field in this document. See [EAP Related Error and Information Constants](/windows/win32/eaphost/eap-related-error-and-information-constants) for additional information.
 
 -   **EAP Root Cause String** \[Type = UnicodeString\]**:** there's no information about this field in this document.
 

windows/security/threat-protection/auditing/event-6407.md

@@ -2,7 +2,7 @@
 title: 6407(-) 1%. (Windows 10)
 description: Describes security event 6407(-) 1%. This event is a BranchCache event, which is outside the scope of this document.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6407(-): 1%.

windows/security/threat-protection/auditing/event-6408.md

@@ -2,7 +2,7 @@
 title: 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. (Windows 10)
 description: Describes security event 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.

windows/security/threat-protection/auditing/event-6409.md

@@ -2,7 +2,7 @@
 title: 6409(-) BranchCache A service connection point object could not be parsed. (Windows 10)
 description: Describes security event 6409(-) BranchCache A service connection point object could not be parsed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6409(-): BranchCache: A service connection point object could not be parsed.

windows/security/threat-protection/auditing/event-6410.md

@@ -2,7 +2,7 @@
 title: 6410(F) Code integrity determined that a file doesn't meet the security requirements to load into a process. (Windows 10)
 description: Describes security event 6410(F) Code integrity determined that a file doesn't meet the security requirements to load into a process.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.

windows/security/threat-protection/auditing/event-6416.md

@@ -2,7 +2,7 @@
 title: 6416(S) A new external device was recognized by the System. (Windows 10)
 description: Describes security event 6416(S) A new external device was recognized by the System.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6416(S): A new external device was recognized by the System.

windows/security/threat-protection/auditing/event-6419.md

@@ -2,7 +2,7 @@
 title: 6419(S) A request was made to disable a device. (Windows 10)
 description: Describes security event 6419(S) A request was made to disable a device.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6419(S): A request was made to disable a device.

windows/security/threat-protection/auditing/event-6420.md

@@ -2,7 +2,7 @@
 title: 6420(S) A device was disabled. (Windows 10)
 description: Describes security event 6420(S) A device was disabled. This event is generated when a specific device is disabled.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6420(S): A device was disabled.

windows/security/threat-protection/auditing/event-6421.md

@@ -2,7 +2,7 @@
 title: 6421(S) A request was made to enable a device. (Windows 10)
 description: Describes security event 6421(S) A request was made to enable a device.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6421(S): A request was made to enable a device.

windows/security/threat-protection/auditing/event-6422.md

@@ -2,7 +2,7 @@
 title: 6422(S) A device was enabled. (Windows 10)
 description: Describes security event 6422(S) A device was enabled. This event is generated when a specific device is enabled.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6422(S): A device was enabled.

windows/security/threat-protection/auditing/event-6423.md

@@ -2,7 +2,7 @@
 title: 6423(S) The installation of this device is forbidden by system policy. (Windows 10)
 description: Describes security event 6423(S) The installation of this device is forbidden by system policy.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6423(S): The installation of this device is forbidden by system policy.

windows/security/threat-protection/auditing/event-6424.md

@@ -2,7 +2,7 @@
 title: 6424(S) The installation of this device was allowed, after having previously been forbidden by policy. (Windows 10)
 description: Describes security event 6424(S) The installation of this device was allowed, after having previously been forbidden by policy.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.

windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md

@@ -4,7 +4,7 @@ description: The policy setting, File System (Global Object Access Auditing), en
 ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # File System (Global Object Access Auditing)

windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md

@@ -1,7 +1,7 @@
 ---
 title: How to get a list of XML data name elements in <EventData> (Windows 10)
 description: This reference article for the IT professional explains how to use PowerShell to get a list of XML data name elements that can appear in <EventData>.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # How to get a list of XML data name elements in EventData

windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md

@@ -4,7 +4,7 @@ description: Learn how to use advanced security auditing options to monitor chan
 ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor central access policy and rule definitions

windows/security/threat-protection/auditing/monitor-claim-types.md

@@ -4,7 +4,7 @@ description: Learn how to monitor changes to claim types that are associated wit
 ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor claim types

windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md

@@ -4,7 +4,7 @@ description: Learn how to monitor changes to resource attribute definitions when
 ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor resource attribute definitions

windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md

@@ -4,7 +4,7 @@ description: Monitor changes to central access policies associated with files an
 ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor the central access policies associated with files and folders

windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md

@@ -4,7 +4,7 @@ description: Learn how to monitor changes to the central access policies that ap
 ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor the central access policies that apply on a file server

windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md

@@ -4,7 +4,7 @@ description: Learn how to use advanced security auditing options to monitor atte
 ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor the resource attributes on files and folders

windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md

@@ -4,7 +4,7 @@ description: Learn how advanced security auditing options can be used to monitor
 ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor the use of removable storage devices

windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md

@@ -4,7 +4,7 @@ description: Learn how to monitor user and device claims that are associated wit
 ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Monitor user and device claims during sign-in

windows/security/threat-protection/auditing/other-events.md

@@ -2,7 +2,7 @@
 title: Other Events (Windows 10)
 description: Describes the Other Events auditing subcategory, which includes events that are generated automatically and enabled by default.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: medium
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Other Events

windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md

@@ -4,7 +4,7 @@ description: Learn to deploy an effective security audit policy in a network tha
 ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Plan and deploy advanced security audit policies

windows/security/threat-protection/auditing/registry-global-object-access-auditing.md

@@ -4,7 +4,7 @@ description: The Advanced Security Audit policy setting, Registry (Global Object
 ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Registry (Global Object Access Auditing)

windows/security/threat-protection/auditing/security-auditing-overview.md

@@ -4,7 +4,7 @@ description: Learn about security auditing features in Windows, and how your org
 ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Security auditing

windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md

@@ -4,7 +4,7 @@ description: Domain admins can set up advanced security audit options in Windows
 ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Using advanced security auditing options to monitor dynamic access control objects

windows/security/threat-protection/auditing/view-the-security-event-log.md

@@ -4,7 +4,7 @@ description: The security log records each event as defined by the audit policie
 ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # View the security event log

windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md

@@ -4,7 +4,7 @@ description: This reference topic for the IT professional describes which versio
 ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/09/2021
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Which editions of Windows support advanced audit policy configuration

windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

@@ -1,7 +1,7 @@
 ---
 title: Enable virtualization-based protection of code integrity
 description: This article explains the steps to opt in to using HVCI on Windows devices.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: vinpa
@@ -12,7 +12,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 12/16/2021
 ms.reviewer: 
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Enable virtualization-based protection of code integrity

windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md

@@ -1,14 +1,14 @@
 ---
 title: Windows Defender Application Control and virtualization-based code integrity
 description: Hardware and software system integrity-hardening capabilities that can be deployed separately or in combination with Windows Defender Application Control (WDAC).
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Windows Defender Application Control and virtualization-based protection of code integrity

windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md

@@ -2,7 +2,7 @@
 title: Deployment guidelines for Windows Defender Device Guard (Windows 10)
 description: Plan your deployment of Hypervisor-Protected Code Integrity (also known as Memory Integrity). Learn about hardware requirements, deployment approaches, code signing and code integrity policies.
 keywords: virtualization, security, malware
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: vinaypamnani-msft
@@ -13,7 +13,7 @@ ms.topic: conceptual
 ms.date: 10/20/2017
 ms.reviewer: 
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Baseline protections and other qualifications for virtualization-based protection of code integrity

windows/security/threat-protection/fips-140-validation.md

@@ -2,9 +2,9 @@
 title: Federal Information Processing Standard (FIPS) 140 Validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
 manager: aaroncz
+ms.author: paoloma
+author: paolomatarazzo
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium

windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md

@@ -1,7 +1,7 @@
 ---
 title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows)
 description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,7 +12,7 @@ ms.date: 08/22/2022
 ms.reviewer: 
 manager: aaroncz
 ms.custom: sasr
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Configure Microsoft Defender Application Guard policy settings

windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md

@@ -1,7 +1,7 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge (Windows)
 description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,7 +12,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Prepare to install Microsoft Defender Application Guard

windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard Extension
 description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
@@ -9,7 +9,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Microsoft Defender Application Guard Extension

windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender Application Guard (Windows 10 or Windows 11)
 description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -12,7 +12,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.custom: asr
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Microsoft Defender Application Guard overview

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md

@@ -1,7 +1,7 @@
 ---
 title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows)
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
@@ -11,7 +11,7 @@ ms.date: 09/28/2020
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 **Applies to:**

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md

@@ -1,13 +1,13 @@
 ---
 title: Microsoft Defender SmartScreen overview
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-ms.prod: m365-security
+ms.prod: windows-client
 author: vinaypamnani-msft
 ms.author: vinpa
 ms.localizationpriority: high
 ms.reviewer: 
 manager: aaroncz
-ms.technology: windows-sec
+ms.technology: itpro-security
 adobe-target: true
 ---