diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 7ce77ac37a..66dbdee966 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: Mir0sh
-ms.date: 04/19/2017
+ms.date: 02/28/2019
---
# Audit Security Group Management
@@ -32,9 +32,9 @@ This subcategory allows you to audit events generated by changes to security gro
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
-| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
-| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|
+| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|
+| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.|
**Events List:**
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index 61a5bb0ce0..ea2b3fa6af 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: tedhardyMSFT
-ms.date: 02/16/2018
+ms.date: 02/28/2019
ms.localizationpriority: medium
---
@@ -338,7 +338,7 @@ If your organizational audit policy enables additional auditing to meet its need
| Category | Subcategory | Audit settings |
|--------------------|---------------------------------|---------------------|
| Account Logon | Credential Validation | Success and Failure |
-| Account Management | Security Group Management | Success and Failure |
+| Account Management | Security Group Management | Success |
| Account Management | User Account Management | Success and Failure |
| Account Management | Computer Account Management | Success and Failure |
| Account Management | Other Account Management Events | Success and Failure |