Event ID 813 — MDM PolicyManager: Set policy int, Policy: (Message1), Area: (Message2), EnrollmentID requesting merge: (Message3), Current User: (Message4), Int: (HexInt1), Enrollment Type.
Description
MDM PolicyManager: Set policy int, Policy: (Message1), Area: (Message2), EnrollmentID requesting merge: (Message3), Current User: (Message4), Int: (HexInt1), Enrollment Type: (HexInt2), Scope: (HexInt3).
Message #
Fields #
| Name | Description |
|---|---|
Message1 UnicodeString | — |
Message2 UnicodeString | — |
Message3 UnicodeString | — |
Message4 UnicodeString | — |
HexInt1 HexInt32 | — |
HexInt2 HexInt32 | — |
HexInt3 HexInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider",
"guid": "3DA494E4-0FE2-415C-B895-FB5265C5C83B",
"event_source_name": "",
"event_id": 813,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-05T22:26:45.437445+00:00",
"event_record_id": 172,
"correlation": {
"ActivityID": "F590C418-1079-0002-E8EA-90F57910DA01"
},
"execution": {
"process_id": 3584,
"thread_id": 3588
},
"channel": "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"Message1": "Power/Policy/Settings/Processor/SchemePersonality/381b4222-f694-41f0-9685-ff5bb260df2e/0aabb002-a307-447e-9b81-1d819df6c6d0/PerfIncreaseThreshold/DcValue",
"Message2": "knobs",
"Message3": "fc01e91f-914c-45af-9d7c-0b2e5fbedf62",
"Message4": "device",
"HexInt1": "0x1e",
"HexInt2": "0x1",
"HexInt3": "0x0"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline