Merge pull request #7786 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)

windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

@@ -334,7 +334,7 @@ Value type is integer.
 
 Supported operation is Get.
 
-- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode.
+- Bit 0 - Set to 1 when Application Guard is enabled into Windows Isolated environment mode.
 - Bit 1 - Set to 1 when the client machine is Hyper-V capable.
 - Bit 2 - Reserved for Microsoft.
 - Bit 3 - Set to 1 when Application Guard is installed on the client machine.

windows/configuration/find-the-application-user-model-id-of-an-installed-app.md

@@ -111,3 +111,41 @@ listAumids("CustomerAccount")
 # Get a list of AUMIDs for all accounts on the device:
 listAumids("allusers")
 ```
+
+## Example
+
+The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
+
+```powershell
+function Get-AppAUMID {
+param (
+[string]$AppName
+)
+$Apps = (New-Object -ComObject Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items()
+if ($AppName){
+    $Result = $Apps | Where-Object { $_.name -like "*$AppName*" } | Select-Object name,@{n="AUMID";e={$_.path}}
+        if ($Result){
+            Return $Result
+        }
+    else {"Unable to locate {0}" -f $AppName}
+}
+else {
+    $Result = $Apps | Select-Object name,@{n="AUMID";e={$_.path}}
+    Return $Result
+}
+}
+```
+
+The following Windows PowerShell commands demonstrate how you can call the Get-AppAUMID function after you've created it.
+
+```powershell
+# Get the AUMID for OneDrive
+Get-AppAUMID -AppName OneDrive
+
+# Get the AUMID for Microsoft Word
+Get-AppAUMID -AppName Word
+
+# List all apps and their AUMID in the Start menu
+Get-AppAUMID
+```
+

windows/deployment/windows-10-subscription-activation.md

@@ -40,7 +40,7 @@ This article covers the following information:
 For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
 > [!NOTE]
-> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy using **Select Excluded Cloud Apps**.
+> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications), from their device compliance policy using **Select Excluded Cloud Apps**. For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
 
 ## Subscription activation for Enterprise
 

windows/security/threat-protection/auditing/audit-audit-policy-change.md

@@ -49,13 +49,13 @@ Changes to audit policy that are audited include:
 
 The following events will be enabled with Success auditing in this subcategory:
 
--   4902(S): The Per-user audit policy table was created.
+-   [4902](event-4902.md)(S): The Per-user audit policy table was created.
 
--   4907(S): Auditing settings on object were changed.
+-   [4907](event-4907.md)(S): Auditing settings on object were changed.
 
--   4904(S): An attempt was made to register a security event source.
+-   [4904](event-4904.md)(S): An attempt was made to register a security event source.
 
--   4905(S): An attempt was made to unregister a security event source.
+-   [4905](event-4905.md)(S): An attempt was made to unregister a security event source.
 
 All other events in this subcategory will be logged regardless of the "Audit Policy Change" setting.
 
@@ -79,4 +79,4 @@ All other events in this subcategory will be logged regardless of the "Audit Pol
 
 -   [4904](event-4904.md)(S): An attempt was made to register a security event source.
 
--   [4905](event-4905.md)(S): An attempt was made to unregister a security event source.
+-   [4905](event-4905.md)(S): An attempt was made to unregister a security event source.

windows/security/threat-protection/auditing/audit-authorization-policy-change.md

@@ -20,6 +20,8 @@ ms.topic: reference
 
 Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
 
+**Event volume**: Medium to High.
+
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Domain Controller | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
@@ -40,5 +42,3 @@ Audit Authorization Policy Change allows you to audit assignment and removal of
 
 -   [4913](event-4913.md)(S): Central Access Policy on the object was changed.
 
-**Event volume**: Medium to High.
-