Microsoft Ignite 2023 - "Windows App" revelead

Microsoft just announced at Ignite 2023 a new app called..."Windows app". This new app, still in preview, that you can get right now, is available for iOS, the web and Windows.

It enables users to connect to various types of Windows "machines" like Windows 365, Azure Virtual Desktop, Microsoft Dev Box, or a personal Remote Desktop PC.

At the moment, there's no much information about the app but screenshots in Windows Store shows PCs and also a list of apps, which may indicate that users will be able to launch apps remotely installed on other devices.

If you're curious about this new app, go ahead and installed it from the Windows Store:
Windows Store - Windows App

Powershell - Exchange Online - Shared Mailboxes - Enable automatic copy of sent items

 

When you create a shared mailbox in Exchange Online (EXO) by default the sent items will end up in your main mailbox sent items.

That's a bit annoying since if you want others, that have access to the shared mailbox, to see your replies, you'll need to manually copy, or create a rule for it.

But there's a solution, and you just need to follow these steps using PowerShell:

1. Connect to Exchange Online:
   Connect-ExchangeOnline -UserPrincipalName yourusername@upn.com
   
   
2. Next, if you what check the current status for sent items:
   Get-Mailbox sharedmailbox | select MessageCopyForSentAsEnabled
   
   
3. To enable automatic sent items copy:
   Set-Mailbox sharedmailbox -MessageCopyForSentAsEnabled $True

And you're done! :)

Windows 11 23H2 - How to enable/access Copilot in Europe

 

So, you've already using the new Windows 11 23H2 Feature Update and you notice that on of the most awaited features is nowhere to be found?
If your living in Europe, you can give many thanks to Digital Markets Act (DMA) for blocking it in EU.

Well, but this is technology so...there's always workarounds...here's one while we wait for DMA to unblock Copilot:

1. Create a shortcut (Right-click > New > Shortcut)
2. For the item location write down "microsoft-edge://?ux=copilot&tcp=1&source=taskbar" and click Next
3. Now type your preferred name for the shortcut, Copilot for example and click Finish

Now just try it out. Copilot will open exactly like other guys have outside EU.

If you want to have a nice Windows Copilot icon, just download this one:

Windows Copilot Icon

Windows 11 23H2 - How to force upgrade with Enterprise SKU

 
If you're using a Windows 11 Enterprise SKU, you may not automatically receive 23H2 update right now. Even if you enable the "Get the latest updates as soon as they're available" and then check for updates, the Feature Update may not be available today.

This was the easiest and fastest way to upgrade my machine from 22H2 to 23H2 and for obvious reasons it's fine for an isolated upgrade, and not for an enterprise-wide rollout. For that kind of scenario you should use Windows Update for Business; VLSC; etc.

So, just follow these steps:

1. Download Windows 11 Installation Assistant from here
2. Double-click, next, next next
3. Wait....
4. Done!

Don't be afraid because this will upgrade your Windows version and not wipe out your disk.

After the upgrade, open Windows update and install the latest quality update, which for the moment I'm writing this article is this one: 
2023-10 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5031455)

VBScript to R.I.P. Soon

 

It seems like that after 30 years, the good old favorite scripting language for sysadmins is going to rest in peace.

VBScript aka Visual Basic Script was introduced in 1996 and integrates active scripting into Windows environments, and communicates with host applications through Windows Script.This was one of the favorites scripting languages for system administrators.

Microsoft announced VBScript's deprecation October 9th on it's "Deprecated features for Windows Client" article following the September announcement of WordPad end of life.

So, the plan to retire VBScript starts with it being preinstalled via Features on Demand (FoD), and in the "near future" remove it from the OS and only available has a FoD.

It had a been a long and fantastic life for VBScript. For those that never tested PowerShell, now is time to really dig into it. 

Long live VBScript. :)

M365 Defender - Get Email Notifications for Incidents

 

Because nowadays you've to look for a lot of information, it's important that the information you really need, comes to you and not the other way around.

That's why I believe it's important to have the least possible endpoints where you get your information about your infrastructure. And if your giving support to more than one tenant this is even more important.

So, instead of going to Microsoft 365 Defender all the time, you can create email notifications for what you need, and receive everything in one place.

To do so, follow these steps:

1. Open Microsoft 365 Defender (https://security.microsoft.com)
2. Go to Settings > Email Notifications
3. And from there create a new rule or edit an existing one
4. Select which products you want to receive email notifications
5. Next select the recipients
6. Done! :)

Intune - Expedite Updates - Expedite Client Missing - Solved

 

One of the recent functionalities in Microsoft Intune, is the "Expedite Updates".
This allows you to "force" clients to receive Windows Updates as soon as possible. In addition to rely on Microsoft Windows Update service, it also relies on Microsoft Update Health Tools.

Microsoft Update Health Tools as a service called...Microsoft Update Health Service or "uhssvc".

After created the policy to update devices with latest Windows quality update, some devices were reporting "Expedite client missing". 

Although the most common issue is that the device don't really have Microsoft Update Health Tools installed correctly, and you can download it here: Update Health Tools, in this case I found how a different cause.

The Microsoft Update Health Service was Disabled. So it was has easy as enable and start the service and everything just started working right away.

Intune - Tamper Protection not Enabled - Solved!

 

So, for the last day I was trying to figure out why I couldn't enable Tamper Protection on some lab devices.

To enable Tamper Protection, you need the follow theses steps:

1. Open Intune Microsoft Intune admin center
2. Go to Endpoint Security > Antivirus
3. Edit or create a policy:
• Platform: WIndows 10, Windows 11, and Windows Server
• Profile: Windows Security Experience
4. From there set the option "TamperProtection (Device)" to "On"

But...for some reason, devices keep setting the option to "Off". After long time trying to understand this, I finally found the issue.

M365 Defender Settings takes precedence! 

What this means, is that you don't allow Tamper Protection in M365 Defender Advanced Features, you'll never be able to control it with Intune.

So, first and for most, enable Tamper Protection in Advanced Features, using these steps:

1. Open Microsoft 365 Defender Endpoints Advanced Features (or Settings > Endpoints > Advanced Features)
2. Enable "Tamper Protection" and "Save Preferences"

No you just need to wait some minutes to the option to be available and you can control it via Intune.

Windows 11 September 2023 Update (23H2) Available

Today, our next major #Windows11 update begins rolling out, with over 150 new features, new modernized apps, and Copilot on Windows! Learn more: https://t.co/aZONKZU59W pic.twitter.com/0YFSufSn6K

— Yusuf Mehdi (@yusuf_i_mehdi) September 26, 2023

With more than 150 new features, Microsoft Windows 11 22H3 is now available.

There's a lot going on with this new update, and here's the Microsoft's summary about the most notorious changes and news:
The most personal Windows 11 experience begins rolling out today | Windows Experience Blog

Obviously, AI its the most prominent feature, embedded everywhere in the system, but here are some that I think can really help and give the OS even more day to day added value:

• AI in Paint
• This one it's a cool one, and may give Paint a new live. You'll know be able to remove backgrounds directly from Paint
  
  
  
  
  
  
• Windows Backup
• The new tool will allow you to effortlessly bakcup your folders, apps, settings and credentials, and get them back when you reinstall or get a new computer.
  
  
• Passkeys
• This is a new evolution on Hello for Business. It's now integrated by default in the OS. Passkeys are the cross-platform future of secure sign-in management and eliminate the need for passwords. A passkey creates a unique, unguessable credential and allows you to sign in using your face, fingerprint or device PIN. On Windows 11, passkeys will work with Edge, Chrome, Firefox and other browsers.
  
  
  
• Mobile Application Management (MAM) for Windows
• After long time with MAM for Android and iOS, now it come to Windows where you can now allow your employees to user their personal Windows device but, with controlled access to company information.
  
  

 There's a lot more about Windows 11 23H2, so please don't forget to review the official Microsoft post.

M365 Copilot - Generally Available for Enterprise on November 1st

 

Although Microsoft announced Microsoft 365 Copilot last September 21st, for Enterprise the "revolution" of AI will come later this year. For Enterprise customers, Copilot will be generally available starting 1st November.

To know more about what Microsoft AI can do, take a look to their Microsoft 365 blog post where they talk about everything that is coming:

Announcing Microsoft 365 Copilot general availability and Microsoft 365 Chat | Microsoft 365 Blog

Panos Panay leaves Microsoft after 19 years

 

Iconic Panos Panay announced today that he's leaving Microsoft after 19 years.
The Microsoft veteran and passionate manager that was in charge for Surface, and more recently Windows client leaves the company has announced by Rajesh Jha, Microsoft's EVP of Experiences & Devices in an internal email this morning:

"After nearly 20 years at the company, Panos Panay has decided to leave Microsoft. Panos has had an incredible impact on our products and culture as well as the broader devices ecosystem. Under Panos’ leadership, the team created the iconic Surface brand with loved products. More recently, as the leader of Windows, the team has brought amazing services and experiences to hundreds of millions with Windows 11 on innovative devices including those from our OEM partners. He will be missed, and I am personally very grateful for his many contributions over the years. Please join me in wishing him well. 

Moving forward, we will double down on our strategy. These changes will be effective immediately with Panos’ help in the transition. 

Build silicon, systems and devices that span Windows, client and cloud for an AI world. This team will be led by Pavan Davuluri, who will report directly to me. Brett Ostrum, Nino Storniolo, Linda Averett, Ken Pan, Ralf Groene, Aidan Marcuss, Carlos Picoto, Stevie Bathiche, Robin Seiler, Ruben Caballero and Anuj Gosalia will move to report to Pavan with their teams intact. Windows planning and release management will continue to be in this team. Our commitment to Surface and MR remains unchanged.

Build experiences that blend web, services and Windows for an AI world. To this end, Shilpa Ranganathan, Jeff Johnson and Ali Akgun will directly report to Mikhail Parakhin and form a new Windows and Web Experiences Team, moving with their teams intact. 

Yusuf Mehdi will take on the responsibility of leading the Windows and Surface businesses with our OEM and Retail partners. In addition, Charles Simonyi, Terri Chudzik and Erin Kolb will join the E+D management teams and Ralf Groene and Mike Davidson will work together on the best alignment on design teams. We will set up time for an AMA in the coming days to answer questions. Let’s continue to stay focused on executing on our existing plans. Thank you for all that you do, and the impact that you have for our customers and partners. "

With all is passion and charismatic presentations, Panos made Windows cool again. Let's hope that who substitutes him can deliver the same feeling.

Intune - Switching MDM Authority from O365 to Intune

 

So for some strange reason, when you navigate to your Tenant Status Details, you notice that your MDM authority is Microsoft Office 365 instead of Microsoft Intune?

This can happen for a variety of reasons:

• You may have enabled "Basic security and mobility" a long time ago and you don't remember
• When you first time opened Intune you selected O365 as the MDM Autorithy
• etc.

Now...you have purchased a Microsoft 365 plan that have an Intune license and you want to change the MDM Authority to Microsoft Intune.

At least for me, the easiest way to do it asap, is like this:

1. Open the Intune for Education with a global admin (https://intuneeducation.portal.azure.com/)
2. Next go to "Tenant Settings" and from there select "Microsoft Intune" as the MDM Authority.

Quick and easy. And...you're done! :)

Exchange Online - Enable auditing for DiscoverySearchMailbox

In my last post, I've talked about how to identify and enable auditing for specific mailboxes.

One mailbox that you probably going to identify, it's the eDiscovery Mailbox. Usually it's "name" is something like "DiscoverySearchMailbox{alotofnumbers}@yourdomain.com".

For this one, my previous posted command does not work.
So, to be able to enable auditing for this mailbox, the easiest way that I found is this one:

And...you're done! :)

Exchange Online - Identify mailboxes with audit disabled

 

One of the Microsoft Secure Score recommendations is to ensure mailbox auditing for all users is enabled.
Although within the recommendation implementation there's a powershell command to do it organization wide, there's always the need to do it individually for resource mailboxes for example.

So, to enable auditing organization wide command is this one:

Now, to identify which mailboxes still aren't enabled, just run this command:

Finally, to enable auditing in that mailboxes, run this command for each one:

And you're done! :)

Autopilot - Manually register devices with automatic upload

 

This can be very useful for everyone that have a test lab where you want to register your virtual machine in Intune.

Here's the quick step on how to register your machine from the OOBE:

1. When you get to OOBE, press "Shift + F10" to open a command-prompt:
   
   
2. Now, all you need to do is run this commands:


3. After running the commands, you'll be prompt for valid credentials for adding the device to Intune.
   
   

And...you're done! The device information (hardware hash, etc.) gets registered and if you boot up your device again, you'll enter the autopilot process.

OneDrive Getting Customized Folder Colors

 

Microsoft announced that later this year, OneDrive will allow customizing folders color.
This has been a recurrent users request, that wanted to give different aspect to different types of content inside the folders.

You asked for ways to customize your OneDrive and were delivering. Later this year you’ll be able to change the colors of folders. pic.twitter.com/uGUNFiyd2L

— OneDrive (@onedrive) July 31, 2023

Personal and Enterprise Big Chat Dark Mode Available

 

In this week's update for Bing, Microsoft made generally available the option to use Bing Chat in Dark Mode. This update is available for both personal and enterprise versions of Microsoft's AI Chat.

To enable dark mode just follow these steps:

1. Open Bing Chat (bing.com/chat)
   
   
2. Then click the "hamburger" menu in the top right corner
   
   
3. In the Appearance, select "Dark" or "System Default" if you want it to adapt to your system preferences

Done! :)

Get Windows Information and Resources How You Want

 

Here's a nice Windows IT blog post of various ways to stay informed about Windows world.
From websites, blogs, X accounts, podcasts, it's a nice backed list of link to have Windows information the way it suits you best.

Take a look here:
Skilling snack: Windows information and resources for IT pros

New Microsoft Teams Preview - How to Enable

 

The new Microsoft Teams is coming and you can preview it right now!

Rolling out in September 2023 for new and existing installations of Microsoft 365 Apps for Windows, currently, users can install the new Teams by using the "Try the new Teams" switch in classic Teams or having administrators bulk deploy directly to the computers in theirs organization.

To enable the switch for specific users or groups, follow the instructions here:
Deploy the new Teams client using policies - Microsoft Teams | Microsoft Learn

If you want to bulk deploy in your organization, you should follow this instructions:
Bulk deploy the new Microsoft Teams desktop client - Microsoft Teams | Microsoft Learn

The option to opt-out will be available in early August 2023.

For a complete list of what's new and improved in the new Teams experience, here's the Microsoft Blog announcement:
Introducing the new Microsoft Teams, now in preview - Microsoft Community Hub

BitLocker - Recovery Keys from Company Portal

 
Generally available today, it's now possible to retrieve the BitLocker recovery keys of your devices, directly from the Company Portal.

To do so, you just need to follow these steps:

1. Open Company Portal ( in another device since you're locked up in your own...)
   Microsoft Company Portal
   
   
2. Next, in the "My Apps" menu select "My Account"
   
   
3. Now select "Manage Devices"
   
   
4. Click the device you want to recover and click "View BitLocker Keys"
   
   

And there you go!

Azure AD is Becoming Microsoft Entra ID - New Names

 

Microsoft Azure Active Directory (AAD) is becoming Microsoft Entra ID.

"To simplify our prodcut naming and unify our product family, we're changing the name of Azure AD to Microsoft Entra ID," Microsoft president Joy Chik says in the announment post.

So here are the corresponding names of Azure AD to Entra ID:

Goodbye Twitter, Say Hello to X!

 

"Soon we shall bid adieu to the Twitter brand and, gradually, all the birds."
This was what Musk wrote yesterday and it seems it's going to happen really soon.

It seems the platform will be run of x.com domain name also.
In another tweet: "If a good enough X logo is posted tonight, we’ll make [it] go live worldwide tomorrow."
And it seems he already chose the new X logo.

pic.twitter.com/IwcbqMnQtA

— Elon Musk (@elonmusk) July 23, 2023

In April 2023, the company disclosed that Musk had changed the company’s name from Twitter Inc. to X Corp., which is incorporated in Nevada with its main place of business San Francisco. 

Microsoft 365 Backup and Microsoft 365 Archive

 

Were you approached by some backup vendors this week? Was that approach about M365 backup?

There's probably a good reason for that. First of all, because it's largely known that there's a "Microsoft 365 Shared Responsibility Model" where users and organization data it's your responsibility.
Something very well represented in this Veeam example:

Well, it seems now that Microsoft changed the game a little bit. In the last week Microsoft Inspire 2023 event, they showed "Microsoft 365 Backup" and "Microsoft 365 Archive".

Microsoft 365 Backup

Microsoft 365 Archive

There's not yet information about licensing/costs but take a look at the available links:
Microsoft Inspire 2023 - Microsoft 365 Backup and Microsoft 365 Archive

Microsoft Blog - https://techcommunity.microsoft.com/t5/microsoft-syntex-blog/welcome-to-microsoft-inspire-2023-introducing-microsoft-365/ba-p/3874887

How to Enable Bing Chat for Enterprise - Before General Availability (August)

 
Microsoft just announced the availability of Bing Chat for Enterprise.

Although this will only be automatically available mid-august, you can activate it in advance....right now!
To do so, just navigate to the following link and enable it: Enable Bing Chat for Enterprise

This can take about 4 hours to activate.

Bing Chat Enterprise Revealead

 
Microsoft announced today Bing Chat Enterprise.

Although still in preview, Bing Chat Enterprise is available now when you login in Microsoft Edge with your work profile account.

Just like Bing Chat, Bing Chat Enterprise is grounded in web data and provides complete, verifiable answers with citations, along with visual answers that include graphs, charts and images.

Bing Chat Enterprise start rolling out in preview today with no additional cost in Microsoft 365 E3, E5, Business Standard and Business Premium.

To access Bing Chat Enterprise, just make sure you're logged-in in Edge with your work account and go to https://bing.com/chat.

Aptos Will Be The New Microsoft Default Font

 
After 15 years of Calibri, Microsoft is changing the default font in Microsoft Office/365 suite.

In 2021 (!)  Microsoft started testing 5 new fonts (Bierstadt, Grandview, Seaford, Skeena and Tenorite).
All this fonts were available through the various Microsoft 365 products like Word or Excel, and now they have a winner.

It seems like Bierstadt was the one with more positive feedback. In its final version, it will be renamed to Aptos. In the next few months Microsoft will roll-out Aptos and make it the default font across Microsoft 365 products replacing Calibri (which will still be available).

Take a look to the official Microsoft post:
Microsoft - A change of typeface: Microsoft’s new default font has arrived

The New Microsoft Store after Store for Business Retirement

 

With the retirement of Microsoft Store for Business, Microsoft decided to integrate Windows Package Manager with Intune and Microsoft Store. With this integration, Microsoft Store now has the ability to deploy Win32 Applications (*.exe and *.msi).

This way, Intune can take advantage of new and easy ways to deploy applications without a lot of steps achieve that.

In a Windows IT Pro Blog post, there's great and extensive resources from videos to articles about this change and how to take advantage from it.

Take a look:
Windows IT Pro Blog - Microsoft Store apps and app migration

90-Day Reminder: End of support for Windows Server 2012 and Windows Server 2012 R2

 

Just a quick reminder about the EoS for Microsoft Windows Server 2012 and Windows Server 2012 R2.

In less that 90 days (next October 10th 2023) as previously announced, all editions of Windows Server 2012 and Windows Server 2012 R2 will reach end of support on October, 2023. The October 10, 2023 security update is be the last update available for these products. After this date, these versions of Windows Server will no longer receive updates containing protections from security threats, bug fixes, or technical support.

Here's the official Microsoft announcement and guidance:
Windows Server 2012 and 2012 R2 reaching end of support

Evaluate your Zero Trust security posture

 

I think Zero Trust Security will be one of the most important and discussed subjects in the next years.
Everything got so ubiquitous and all the enterprise services and resources expanded outside of the organization in the last couple of years, that securit it more important than ever and...will be even more important as users workplace is literally everywhere, anywhere, any device, etc.

Microsoft has an interesting page with quizzes to evaluate the zero trust posture:
Evaluate your Zero Trust security posture

Microsoft Fabric - Understanding Licensing and Cost

 

This is almost a "Microsoft Rule". Every enterprise grade product licensing is a nightmare to understand.
The new Microsoft Fabric keeps the tradition and again, every sys admin gets scratching their head, trying to understand which is the best option to choose for their scenario.

I found this video from "Guy in a Cube" that really narrows everything in a very nice way, explaining the different licensing types and options.

Take a look:

Live kernel memory dump from Task Manager

 

Here's another nice Windows 11 Moment 3 features.

You're now able to create live kernel dump files from Task Manager.
This is specially interesting for developers to collect information that they can then use to troubleshoot problems and improve their apps without having to force crash the system.

To create a live kernel dump:

1. Open Task Manager
2. Then Details
3. Right-click the process and then select "Create live kernel memory dump file"

Adding seconds to the clock on Windows 11

 

You now have the ability to add seconds to your Windows 11 clock in the taskbar.

Just keep in my that to achieve this, will need to have already installed WIndows 11 May 2023 update (aka Moment 3).

To achieve that, just follow these steps:

1. Open Settings
   
   
2. Click on Personalization
   
   
3. Then click the Taskbar option on the right side
   
   
4. Expand the option Taskbar behaviors
   
   
5. Check the option "Show seconds in system tray clock"
   
   

And that's it! 

PS Scripts - Remove Windows Inbox Apps

 

Here's a nice script to remove all or specific Windows Inbox Apps like Xbox App, Skype, Bing Weather, etc.

PS Scripts - Set Windows Registered User and Organization

Here's a quick and easy PowerShell script to set Windows registered owner and organization. The script will automatically set the owner as the logged user.

Tip: Use it during Autopilot deployment so you can have this information automatically added after the assigned user sign-in.

Drivers and Firmware updates coming to Intune soon!

 

I think this may be one of the most requested features for Intune, and will be generally available during June 2023!

Microsoft will rollout a new feature that allows Intune admins to manage drivers and firmware updates for enrolled devices.

Microsoft 365 Roadmap | Microsoft 365

Acording to the roadmap, you'll soon get this feature and it allows a lot of customization, like selecting automatic drivers update, manual driver update with approving, etc.

Take a look at Microsoft presentation here:

Commercial driver and firmware servicing with the Windows Update for Business deployment service - Microsoft Community Hub

Windows Autopilot Ultimate Guide by Robin Hobo

 

If you're looking for the most comprehensive step-by-step guide for Windows Autopilot, I strongly recommend you to take a look to Robin Hobo's "Windows Autopilot – The ultimate step-by-step deployment guide".

It's just so simple, accessible and straight forward that you will start using Autopilot in a couple of hours.

So, go ahead and take a look to Robin Hobo's post:
Robin Hobo - Windows Autopilot – The ultimate step-by-step deployment guide

Windows Deployment Services (WDS) - Issues after upgrade OS (Solved)

 

This is just a quick guide of something that happened me last week.

After upgrading a server from Windows 2012 to Windows 2019, I got some issues with Windows Deployment Services (WDS).

Basically, the service was up and running but no MMC console, no clients could find the boot file, etc.

After some research, I found out 2 easy command-lines that solved the issue:

1. Open an elevated command-line
   
   
2. Run the following command:
   wdsutil /Verbose /Progress /Uninitialize-Server
   wdsutil /Verbose /Progress /Initialize-Server /REMINST:"c:\RemoteInstall"
   
   
3. Reboot the server

Just keep in mind that you should point the /REMINST to the folder where you have your WDS installed.

Windows 11 - How to bypass Internet connection install requirement

 

Starting with version 22H2 of Windows 11, Microsoft requires an Internet connection to install the OS. But...does it really?

Here's a quick step guide to bypass this requirement:

1. Through the OOBE experience, you'll get to a screen that will say:
   "Oops, you've lost internet connection" or "Let's connect you to a network"
   
   
2. Press "Shift+F10" to open a command-prompt
   
   
3. In the cmd run the following command:
   OOBE\BYPASSNRO
   
   
4. Your computer will restart and the OOBE will start again, but...now we have a new option called "I don't have Internet"
   
   
   
   
   
   
5. And...it's done!

ControlUp - How to reset Real-time console to factory default

 

Here's how to quickly reset to factory default, the machine you're running ControlUp Real-time Console:

1. Login in the machine you run the console
   
   
2. Start > Run > %appdata%
   
   
3. Delete the ControlUp folder
   
   
4. Open Registry (regedit.exe)
   
   
5. Delete or rename the following registry key:
   HKEY_CURRENT_USER\Software\Smart-X\ControlUp

Now, just launch the console again and...there you go!

WDAC - Event IDs + Advanced Hunting Quick Reference

 

Here's just a quick reference for Windows Defender Application Guard Event IDs and the correspondent string (ActionType) for Defender Advanced Hunting:

ActionType	EventID	Description
AppControlCodeIntegrityDriverRevoked	3023	The driver file under validation didn't meet the requirements to pass the application control policy.
AppControlCodeIntegrityImageRevoked	3036	The signed file under validation is signed by a code signing certificate that has been revoked by Microsoft or the certificate issuing authority.
AppControlCodeIntegrityPolicyAudited	3076	This event is the main Windows Defender Application Control block event for audit mode policies. It indicates the file would have been blocked if the WDAC policy was enforced.
AppControlCodeIntegrityPolicyBlocked	3077	This event is the main Windows Defender Application Control block event for enforced policies. It indicates the file didn't pass your WDAC policy and was blocked.
AppControlExecutableAudited	8003	Applied only when the Audit only enforcement mode is enabled. Specifies the .exe or .dll file would be blocked if the Enforce rules enforcement mode were enabled.
AppControlExecutableBlocked	8004	The .exe or .dll file can't run.
AppControlPackagedAppAudited	8021	Applied only when the Audit only enforcement mode is enabled. Specifies the packaged app would be blocked if the Enforce rules enforcement mode were enabled.
AppControlPackagedAppBlocked	8022	The packaged app was blocked by the policy.
AppControlScriptAudited	8006	Applied only when the Audit only enforcement mode is enabled. Specifies the script or .msi file would be blocked if the Enforce rules enforcement mode were enabled.
AppControlScriptBlocked	8007	Access to file name restricted by administrator. Applied when the Enforce rules enforcement mode is set directly or indirectly through GPO inheritance. The script or .msi file can't run.
AppControlCIScriptAudited	8028	Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the script hosts themselves.
AppControlCIScriptBlocked	8029	Block script/MSI file generated by Windows LockDown Policy (WLDP) being called by the script hosts themselves.
AppControlCodeIntegrityOriginAllowed	3090	File was allowed due to good reputation (ISG) or installation source (managed installer).
AppControlCodeIntegrityOriginAudited	3091	Reputation (ISG) and installation source (managed installer) information for an audited file.
AppControlCodeIntegrityOriginBlocked	3092	Reputation (ISG) and installation source (managed installer) information for a blocked file.
AppControlCodeIntegrityPolicyLoaded	3099	Indicates a policy has been successfully loaded.
AppControlCodeIntegritySigningInformation	3089	Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file.
AppControlPolicyApplied	8001	Indicates the AppLocker policy was successfully applied to the computer.