Pencil edit

aditisrivastava07 · web-flow · commit aafff4eeecb4 · 2025-07-10T17:56:08.000+05:30
diff --git a/ATPDocs/health-alerts.md b/ATPDocs/health-alerts.md
@@ -71,12 +71,12 @@ Sensor-specific health issues are displayed in the **Sensor health issues** tab
 |**Sensor has issues with packet capturing component**|The Defender for Identity sensor is using WinPcap drivers instead of Npcap drivers. All customers should be using Npcap drivers instead of the WinPcap drivers. Starting with Defender for Identity version 2.184, the installation package installs Npcap 1.0 OEM.|Install Npcap according to the guidance as described in: <https://aka.ms/mdi/npcap>|High|Sensors health issues tab|2.x|
 |**Sensor has issues with packet capturing component**|The Defender for Identity sensor is running an Npcap version older than the minimum required version. The minimum Npcap version supported is 1.0. Starting with Defender for Identity version 2.184, the installation package installs Npcap 1.0 OEM.|Upgrade Npcap according to the guidance as described in: <https://aka.ms/mdi/npcap>|Medium|Sensors health issues tab|2.x|
 |**Sensor has issues with packet capturing component**|The Defender for Identity sensor is running an Npcap component that is not configured as required. The Npcap installation is missing the required configuration options.|Install Npcap according to the guidance as described in: <https://aka.ms/mdi/npcap>|High|Sensors health issues tab|2.x|
-|**NTLM Auditing is not enabled**|NTLM Auditing (for event ID 8004) isn't enabled on the server, (This configuration is validated once a day, per sensor).|Enable NTLM Auditing events according to the guidance as described at the [Event ID 8004](configure-windows-event-collection.md#configure-ntlm-auditing) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Sensors health issues tab|2.x|
-|**Directory Services Advanced Auditing is not enabled as required**|The Directory Services Advanced Auditing configuration doesn't include all the categories and subcategories as required, (This configuration is validated once a day, per sensor).|Enable the Directory Services Advanced Auditing events. For more information, see [Configure audit policies for Windows event logs](configure-windows-event-collection.md).|Medium|Sensors health issues tab|2.x|
-|**Directory Services Object Auditing is not enabled as required**|The Directory Services Object Auditing configuration doesn't include all the object types and permissions as required, (This configuration is validated once a day, per domain).|Enable the Directory Services Object Auditing events according to the guidance as described in the [Configure domain object auditing](configure-windows-event-collection.md#configure-domain-object-auditing) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
-|**Auditing on the Configuration container is not enabled as required**|The Directory Services Auditing on the Domain's Configuration container is not enabled as required, (This configuration is validated once a day, per domain).|Enable the Directory Services Auditing on the Domain's Configuration container according to the guidance as described in the [Configure Audit Policies](configure-windows-event-collection.md#enable-auditing-on-an-exchange-object) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
-|**Auditing on the ADFS container is not enabled as required**|The Directory Services Auditing on the ADFS container isn't enabled as required, (This configuration is validated once a day, per domain).|Enable the Directory Services Auditing on the ADFS container according to the guidance as described in the [Configure auditing on an Active Directory Federation Services (AD FS)](configure-windows-event-collection.md#configure-auditing-on-an-active-directory-federation-services-ad-fs) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
-|**Power mode isn't configured for optimal processor performance**|The operating system's power mode isn't configured to the optimal processor performance settings, (This configuration is validated once a day, per sensor). This issue can affect the server's performance and the sensors' ability to detect suspicious activities.|Do one of the following: <br><br>- Configure the power option of the machine running the Defender for Identity sensor to *High Performance*<br>- Set both the minimum and maximum processor state to *100*<br><br>For more information, see the [Sensor requirements and recommendations](deploy/prerequisites-sensor-version-2.md#sensor-requirements-and-recommendations) section in the [Defender for Identity prerequisites](deploy/prerequisites-sensor-version-2.md) page.|Low|Sensors health issues tab|2.x|
+|**NTLM Auditing is not enabled**|NTLM Auditing (for event ID 8004) isn't enabled on the server. (This configuration is validated once a day, per sensor.)|Enable NTLM Auditing events according to the guidance as described at the [Event ID 8004](configure-windows-event-collection.md#configure-ntlm-auditing) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Sensors health issues tab|2.x|
+|**Directory Services Advanced Auditing is not enabled as required**|The Directory Services Advanced Auditing configuration doesn't include all the categories and subcategories as required. (This configuration is validated once a day, per sensor.)|Enable the Directory Services Advanced Auditing events. For more information, see [Configure audit policies for Windows event logs](configure-windows-event-collection.md).|Medium|Sensors health issues tab|2.x|
+|**Directory Services Object Auditing is not enabled as required**|The Directory Services Object Auditing configuration doesn't include all the object types and permissions as required. (This configuration is validated once a day, per domain.)|Enable the Directory Services Object Auditing events according to the guidance as described in the [Configure domain object auditing](configure-windows-event-collection.md#configure-domain-object-auditing) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
+|**Auditing on the Configuration container is not enabled as required**|The Directory Services Auditing on the Domain's Configuration container is not enabled as required. (This configuration is validated once a day, per domain.)|Enable the Directory Services Auditing on the Domain's Configuration container according to the guidance as described in the [Configure Audit Policies](configure-windows-event-collection.md#enable-auditing-on-an-exchange-object) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
+|**Auditing on the ADFS container is not enabled as required**|The Directory Services Auditing on the ADFS container isn't enabled as required. (This configuration is validated once a day, per domain.)|Enable the Directory Services Auditing on the ADFS container according to the guidance as described in the [Configure auditing on an Active Directory Federation Services (AD FS)](configure-windows-event-collection.md#configure-auditing-on-an-active-directory-federation-services-ad-fs) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Global health issues tab|2.x|
+|**Power mode isn't configured for optimal processor performance**|The operating system's power mode isn't configured to the optimal processor performance settings. (This configuration is validated once a day, per sensor.) This issue can affect the server's performance and the sensors' ability to detect suspicious activities.|Do one of the following: <br><br>- Configure the power option of the machine running the Defender for Identity sensor to *High Performance*<br>- Set both the minimum and maximum processor state to *100*<br><br>For more information, see the [Sensor requirements and recommendations](deploy/prerequisites-sensor-version-2.md#sensor-requirements-and-recommendations) section in the [Defender for Identity prerequisites](deploy/prerequisites-sensor-version-2.md) page.|Low|Sensors health issues tab|2.x|
 |**Sensor failed to write to the custom log path**|The custom log path provided in the sensor configuration can't be created.|1. Stop the `AATPSensorUpdater` and `AATPSensor` services. <br>2. Change the `SensorCustomLogLocation` in the sensor configuration file to a valid path or set it to null. <br>3. Start the `AATPSensorUpdater` and `AATPSensor` services again.|Low|Sensors health issues tab|2.x|
 |**Radius accounting (VPN integration) data ingestion failures**|The listed Defender for Identity sensors have radius accounting (VPN integration) data ingestion failures.|Validate that the shared secret in the Defender for Identity configuration settings matches your VPN server, according to the guidance described [Configure VPN in Defender for Identity](vpn-integration.md#configure-vpn-in-defender-for-identity) section, in the [Defender for Identity VPN integration](vpn-integration.md) page.|Low|Health issues page|2.x|
 |**Auditing for AD CS servers isn't enabled as required**|The Advanced Auditing Policy Configuration or AD CS auditing isn't enabled as required, (This configuration is validated once a day, per sensor).|Enable the Advanced Auditing Policy Configuration and AD CS auditing according to the guidance as described in the [Configure auditing on AD CS](configure-windows-event-collection.md#configure-auditing-on-ad-cs) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Sensors health issues tab|2.x|
