From 004918d137384f87cd0b4404b4da561c682c08a3 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Fri, 21 Jan 2022 09:56:05 -0600
Subject: [PATCH 1/4] Update security-compliance-toolkit-10.md
Update outdated version (part of overall SCT clean-up effort)
---
.../security-compliance-toolkit-10.md | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 2d66169700..fc362eccef 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -30,27 +30,26 @@ The Security Compliance Toolkit consists of:
- Windows 11 security baseline
- Windows 10 security baselines
- - Windows 10 Version 1909 (November 2019 Update)
- - Windows 10 Version 1903 (April 2019 Update)
- - Windows 10 Version 1809 (October 2018 Update)
- - Windows 10 Version 1803 (April 2018 Update)
- - Windows 10 Version 1709 (Fall Creators Update)
- - Windows 10 Version 1703 (Creators Update)
- - Windows 10 Version 1607 (Anniversary Update)
- - Windows 10 Version 1511 (November Update)
+ - Windows 10 Version 21H2
+ - Windows 10 Version 21H1
+ - Windows 10 Version 20H2
+ - Windows 10 Version 1909
+ - Windows 10 Version 1809
+ - Windows 10 Version 1607
- Windows 10 Version 1507
- Windows Server security baselines
+ - Windows Server 2022
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Microsoft Office security baseline
- - Office 365 Pro Plus
+ - Microsoft 365 Apps for Enterprise Version 2112
- Office 2016
- Microsoft Edge security baseline
- - Edge Browser Version 93
+ - Edge Browser Version 97
- Tools
- Policy Analyzer tool
From b5f291349dc85d3f84fdfc1b5c04ee4d2f69fe47 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 24 Jan 2022 20:38:07 +0500
Subject: [PATCH 2/4] Document Formatting
There were a few document formatting issue that has been addressed in the document. I
---
.../threat-protection/auditing/event-4688.md | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 0ab8daa3e3..3b40aac946 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -25,7 +25,8 @@ ms.technology: windows-sec
This event generates every time a new process starts.
-> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
+> [Note]
+> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@@ -96,7 +97,8 @@ This event generates every time a new process starts.
- **Security ID** \[Type = SID\]**:** SID of account that requested the "create process" operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> [Note]
+> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the "create process" operation.
@@ -116,11 +118,13 @@ This event generates every time a new process starts.
**Target Subject** \[Version 2\]**:**
-> **Note** This event includes the principal of the process creator, but this is not always sufficient if the target context is different from the creator context. In that situation, the subject specified in the process termination event does not match the subject in the process creation event even though both events refer to the same process ID. Therefore, in addition to including the creator of the process, we will also include the target principal when the creator and target do not share the same logon.
+> [Note]
+> This event includes the principal of the process creator, but this is not always sufficient if the target context is different from the creator context. In that situation, the subject specified in the process termination event does not match the subject in the process creation event even though both events refer to the same process ID. Therefore, in addition to including the creator of the process, we will also include the target principal when the creator and target do not share the same logon.
- **Security ID** \[Type = SID\] \[Version 2\]**:** SID of target account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
+> [Note]
+> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
- **Account Name** \[Type = UnicodeString\] \[Version 2\]**:** the name of the target account.
From dc4a88748a51134c2975e1abcc6a7f8eee01786c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 24 Jan 2022 09:38:44 -0800
Subject: [PATCH 3/4] Update event-4688.md
---
windows/security/threat-protection/auditing/event-4688.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 3b40aac946..866d555375 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
-ms.date: 09/07/2021
+ms.date: 01/24/2022
ms.reviewer:
manager: dansimp
ms.author: dansimp
From 1bd2edccad1103b4d52efb0e73861fb5083d84c5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 24 Jan 2022 09:49:43 -0800
Subject: [PATCH 4/4] Update security-compliance-toolkit-10.md
---
.../security-compliance-toolkit-10.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index fc362eccef..eac63f1ad2 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -11,8 +11,8 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 11/26/2018
-ms.reviewer:
+ms.date: 01/24/2022
+ms.reviewer: rmunck
ms.technology: windows-sec
---