Microsoft-Windows-EDP-AppLearning

2 events across 1 channel

Event ID 401: An application tried to access enterprise resources

#
Provider
Microsoft-Windows-EDP-AppLearning
Channel
Admin

Description

An application tried to access enterprise resources.

Message #

An application tried to access enterprise resources

Fields #

NameDescription
ApplicationName UnicodeString
Action UInt32
IdType UInt32

Event ID 402: An enterprise resource was shared to a website

#
Provider
Microsoft-Windows-EDP-AppLearning
Channel
Admin

Description

An enterprise resource was shared to a website.

Message #

An enterprise resource was shared to a website

Fields #

NameDescription
WebSite UnicodeString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID 9803daa0-81ba-483a-986c-f0e395b9f8d1

Defined in edpauditapi.dll, which carries the event manifest.

Observed on:

  • WS2022-20348.4893 · schema read from the registered manifest · binary version 10.0.20348.2849 · captured 2026-06-02
  • Win11-26200.6584 · schema read from the registered manifest · binary version 10.0.26100.1882 · captured 2026-06-02

Downloads

Credits

  • Microsoft - authored the ETW manifests and PDBs the schema comes from
  • jdu2600 - the event-schema TSV format this catalog adopted
  • nasbench - the tool that dumps registered providers and manifests