updated the broken links

windows/security/threat-protection/auditing/audit-sam.md

@@ -42,8 +42,6 @@ Changes to user and group objects are tracked by the Account Management audit ca
 
 **Event volume**: High on domain controllers.
 
-For information about reducing the number of events generated in this subcategory, see [KB841001](https://support.microsoft.com/kb/841001).
-
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                    |
 |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Domain Controller | -               | -               | -                | -                | There is no recommendation for this subcategory in this document, unless you know exactly what you need to monitor at [Security Account Manager](/previous-versions/windows/it-pro/windows-server-2003/cc756748(v=ws.10)) level. |

windows/security/threat-protection/auditing/event-4826.md

@@ -120,9 +120,9 @@ This event is always logged regardless of the "Audit Other Policy Change Events"
 
 -   **HyperVisor Load Options** \[Type = UnicodeString\]**:** shows hypervisor **loadoptions**. See more information here: <https://msdn.microsoft.com/library/windows/hardware/ff542202(v=vs.85).aspx>.
 
--   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/library/windows/hardware/ff538138(v=vs.85).aspx). Information about [Hyper-V](/windows/deployment/deploy-whats-new) technology is available on Microsoft TechNet web site.
+-   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](/windows-hardware/drivers/debugger/setting-up-network-debugging-of-a-virtual-machine-host). Information about [Hyper-V](/windows/deployment/deploy-whats-new) technology is available on Microsoft TechNet web site.
 
--   **HyperVisor Debugging** \[Type = UnicodeString\]**:** shows whether the hypervisor debugger is enabled or not (**Yes** or **No**). For information about hypervisor debugging, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/library/windows/hardware/ff538138(v=vs.85).aspx).
+-   **HyperVisor Debugging** \[Type = UnicodeString\]**:** shows whether the hypervisor debugger is enabled or not (**Yes** or **No**). For information about hypervisor debugging, see [Attaching to a Target Computer Running Hyper-V](/windows-hardware/drivers/debugger/setting-up-network-debugging-of-a-virtual-machine-host).
 
 ## Security Monitoring Recommendations
 

windows/security/threat-protection/auditing/event-4911.md

@@ -23,7 +23,7 @@ ms.technology: windows-sec
 
 ***Event Description:***
 
-This event generates when [resource attributes](https://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx) of the file system object were changed.
+This event generates when [resource attributes](/windows-server/identity/solution-guides/dynamic-access-control--scenario-overview) of the file system object were changed.
 
 Resource attributes for file or folder can be changed, for example, using Windows File Explorer (object’s Properties->Classification tab).
 

windows/security/threat-protection/auditing/event-4964.md

@@ -23,7 +23,7 @@ ms.technology: windows-sec
 
 ***Event Description:***
 
-This event occurs when an account that is a member of any defined [Special Group](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) logs in.
+This event occurs when an account that is a member of any defined [Special Group](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/special-groups-auditing-via-group-policy-preferences/ba-p/395095) logs in.
 
 > **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
 

windows/security/threat-protection/auditing/event-5056.md

@@ -25,8 +25,6 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
 
 -   <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
 
--   <https://www.microsoft.com/download/details.aspx?id=1251>
-
 -   <https://www.microsoft.com/download/details.aspx?id=30688>
 
 This event is mainly used for CNG troubleshooting.

windows/security/threat-protection/auditing/event-5057.md

@@ -25,8 +25,6 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
 
 -   <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
 
--   <https://www.microsoft.com/download/details.aspx?id=1251>
-
 -   <https://www.microsoft.com/download/details.aspx?id=30688>
 
 This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

windows/security/threat-protection/auditing/event-5060.md

@@ -25,8 +25,6 @@ For more information about CNG, visit these pages:
 
 -   <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
 
--   <https://www.microsoft.com/download/details.aspx?id=1251>
-
 -   <https://www.microsoft.com/download/details.aspx?id=30688>
 
 This event is mainly used for CNG troubleshooting.