You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/device-control-policies.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -204,8 +204,12 @@ There are two types of entries: enforcement entries (Allow/Deny) and audit entr
204
204
205
205
### Audit entries
206
206
207
-
Audit events control the behavior when device control enforces a rule (allow/deny). Device control can display a notification to the end-user. The user gets a notification that contains the name of the device control policy and the name of the device. The notification appears once every hour after initial access is denied. Device control can also create an event that is available in Advanced Hunting.
207
+
Audit events control the behavior when device control enforces a rule (allow/deny). Device control can display a notification to the end-user. The user gets a notification that contains the name of the device control policy and the name of the device. The notification appears once every hour after initial access is denied.
208
208
209
+
Device control can also create an event that is available in Advanced Hunting.
210
+
211
+
> [!IMPORTANT]
212
+
> There is a limit of 300 events per device per day
209
213
Audit entries are processed after the enforcement decision has been made. All corresponding audit entries are evaluated.
0 commit comments