From 667bdfe3ed40c3655ede4cde1cae30f2d1d57a60 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 13:56:23 -0800
Subject: [PATCH 1/3] added Failure audit recommendation for security group
 management

---
 .../auditing/audit-security-group-management.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 6f5966a3e8..20caac1504 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -31,9 +31,9 @@ This subcategory allows you to audit events generated by changes to security gro
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                         |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
 
 **Events List:**
 

From 68c0ed8af8ebefc736d8a48eb7d9c5757afea3e5 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 14:04:05 -0800
Subject: [PATCH 2/3] added change history

---
 .../threat-protection/change-history-for-threat-protection.md    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 4fd99aa471..3355ac2827 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 New or changed topic | Description
 ---------------------|------------
 [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
+[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
 
 ## January 2018
 |New or changed topic |Description |

From 4d52270ef7bf28272a70dbc31d23344ff55500c1 Mon Sep 17 00:00:00 2001
From: Justin Hall <Justinha@microsoft.com>
Date: Wed, 21 Feb 2018 14:25:00 -0800
Subject: [PATCH 3/3] added change history

---
 .../threat-protection/change-history-for-threat-protection.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 3355ac2827..4c10382574 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -17,7 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 New or changed topic | Description
 ---------------------|------------
 [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
-[Audi security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
+[Audit security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
 
 ## January 2018
 |New or changed topic |Description |