MC1053627 – Take Action: Out-of-band updates to address issues with local policy events in Active Directory group policy

Admin impact, Major update, Prevent Or Fix Issue, Windows

check before: 2025-04-11

Product:

Windows, Windows Server

Platform:

Online, Windows Desktop, World tenant

Status:

Change type:

Admin impact

Links:

Details:

Microsoft has identified an issue where audit logon/logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with security setting of "No auditing". An out-of-band (OOB) update has been released today, April 11, 2025, to address this issue.

Windows home users are unlikely to be affected by this issue, as logon auditing is generally only necessary in enterprise environments. This OOB update is a non-security release, and organizations that are not affected by this issue don't need to install this update.

The OOB updates available only on the Microsoft Update Catalog for the Window versions affected by this issue. They are cumulative, so you do not need to apply any previous update before installing them, and they supersede all previous updates. If you haven't deployed the April 2025 Windows security update yet and you utilize Active Directory Group Policy, we recommend you apply this OOB update instead for the Windows versions listed below:

Windows 11, versions 23H2 and 22H2 (KB5058919)
Windows Server 2022 (KB5058920)
Windows 10 Enterprise LTSC 2019 and Windows Server 2019 (KB5058922)
Windows 10 LTSB 2016 and Windows Server 2016 (KB5058921)
Azure Stack HCI, version 22H2 (KB5058920)

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-04-12

updated:
2025-04-12

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft released an out-of-band update to fix an issue with Active Directory Group Policy where logon and logoff events were not being recorded, and it's available through the Microsoft Update Catalog for certain Windows and Windows Server versions.

Direct effects for Operations**

Audit Logon Events Not Recorded
If the OOB update is not applied, audit logon/logoff events may not be recorded correctly, leading to potential security oversight.
   - roles: System Administrator, Security Officer
   - references: https://support.microsoft.com/help/5058919, https://support.microsoft.com/help/5058920 " target="_blank" rel="nofollow noopener noreferrer">https://support.microsoft.com/help/5058920

Increased Security Risks
Failure to implement the update may leave systems vulnerable to unauthorized access due to lack of proper auditing.
   - roles: System Administrator, Compliance Officer
   - references: https://support.microsoft.com/help/5058921, https://support.microsoft.com/help/5058922 " target="_blank" rel="nofollow noopener noreferrer">https://support.microsoft.com/help/5058922

User Experience Degradation
Users may experience delays or issues in logging in or out if the audit policies are not functioning as intended.
   - roles: End User, Help Desk Support
   - references: https://catalog.update.microsoft.com" target="_blank" rel="nofollow noopener noreferrer">https://catalog.update.microsoft.com/, https://support.microsoft.com/help/5058919 " target="_blank" rel="nofollow noopener noreferrer">https://support.microsoft.com/help/5058919

Compliance Issues
Organizations may face compliance challenges if they cannot demonstrate proper auditing of logon events due to the issue.
   - roles: Compliance Officer, IT Manager
   - references: https://support.microsoft.com/help/5058920, https://support.microsoft.com/help/5058921 " target="_blank" rel="nofollow noopener noreferrer">https://support.microsoft.com/help/5058921

Operational Disruptions
Without the update, IT operations may face disruptions in monitoring and responding to security incidents effectively.
   - roles: IT Operations Manager, Security Analyst
   - references: https://support.microsoft.com/help/5058922, https://catalog.update.microsoft.com" target="_blank" rel="nofollow noopener noreferrer">https://catalog.update.microsoft.com/

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Get a Plan

Last updated 11 months ago ago

You must be logged in to post a comment.

Share to MS Teams

MC1053627 – Take Action: Out-of-band updates to address issues with local policy events in Active Directory group policy

check before: 2025-04-11

Leave a Reply

cloudscout.one

Schierding.one GmbH

become an evergreen hero

Hey there! We've got some great news - our Basic Plus plan has everything you need to succeed, and it's completely free! So, don't hesitate - take advantage of this amazing opportunity today!

Welcome Back, We Missed You!