Merge branch 'master' into Ashok-Lobo-5499114-files-26to38

browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml

@@ -24,9 +24,6 @@ summary: |
 sections:
   - name: Ignored
     questions:
-      - question: |
-          Frequently Asked Questions
-        answer: |
       - question: |
           What operating system does IE11 run on?
         answer: |
@@ -250,4 +247,4 @@ additionalContent: |
 
   - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
   - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
+  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)

education/includes/education-content-updates.md

@@ -2,6 +2,15 @@
 
 
 
+
+## Week of November 29, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added |
+| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added |
+
 
 ## Week of November 15, 2021
 
@@ -12,13 +21,3 @@
 | 11/16/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
-
-
-## Week of October 25, 2021
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |

windows/security/threat-protection/auditing/audit-registry.md

@@ -44,4 +44,8 @@ If success auditing is enabled, an audit entry is generated each time any accoun
 
 -   [5039](event-5039.md)(-): A registry key was virtualized.
 
--   [4670](event-4670.md)(S): Permissions on an object were changed.
+-   [4670](event-4670.md)(S): Permissions on an object were changed.
+
+> [!NOTE]
+> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe.
+

windows/security/threat-protection/auditing/basic-audit-logon-events.md

@@ -45,7 +45,7 @@ You can configure this security setting by opening the appropriate policy under
 | 4779          | A user disconnected a terminal server session without logging off.                                                                                                                                              |
  
 
-When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type.
+When event 4624 (Legacy Windows Event ID 528) is logged, a logon type is also listed in the event log. The following table describes each logon type.
 
 | Logon type | Logon title | Description |
 | - | - | - |

windows/security/threat-protection/index.md

@@ -29,23 +29,24 @@ In Windows client, hardware and software work together to help protect you from
 
 See the following articles to learn more about the different areas of Windows threat protection:
 
-- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md)
+- [Application Control](/windows-defender-application-control/windows-defender-application-control.md)
-- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md)
+- [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
-- [Application control](/windows-defender-application-control/windows-defender-application-control.md)
+- [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders)
+- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
+- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md)
 - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-- [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)
+- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
-- [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
+- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
-- [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md)
+- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md)
-- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
+- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
-- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
+- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md)
-- [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
+- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md)
-- [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md)
 
 ### Next-generation protection
 Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. 
 
+- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
 - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
 - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
 - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
 - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
-- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)