From c58754b5220cf7adaa84d60d8200919a96242406 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 30 Mar 2023 16:22:09 -0700
Subject: [PATCH] Update event-id-explanations.md

---
 .../event-id-explanations.md                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 5151709c18..e82c78d118 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -34,7 +34,7 @@ WDAC events are generated under two locations in the Windows Event Viewer:
 Most app and script failures that occur when WDAC is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding Application Control event tags](event-tag-explanations.md).
 
 > [!NOTE]
-> These event IDs are not included on Windows Server Core edition.
+> **Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script** events are not included on Windows Server Core edition.
 
 ## WDAC block events for executables, dlls, and drivers