netwrix · jth-nw · Feb 19, 2026 · Feb 10, 2026 · Feb 10, 2026 · Feb 11, 2026
@@ -46,6 +46,12 @@ This file is located within the following directory: `…\STEALTHbits\StealthAUD
 
 - FSAAAppletServer.exe
 
+## SharePoint Agent Server
+
+This file is located within the following directory: `...\Program Files\STEALTHbits\StealthAUDIT\SPAA\`
+
+- Stealthbits.StealthAUDIT.Agent.Service.exe
+
 ## Access Information Center
 
 This file is located within the following directory: `…\STEALTHbits\Access Information Center\`

@@ -45,10 +45,7 @@ Ensure the following prerequisites are met before configuring AIP scanning:
 
 The Rights Management Service Client must be installed on the applet servers where FSAA is running. This may be the local Access Analyzer server, a Proxy server, or a File Server running in applet mode.
 
-* To install the Rights Management Service Client 2.1 on the server where the scan is taking place, go to the Microsoft download center:
-
-  [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=38396)
-
+* To install the Rights Management Service Client 2.1 on the server where the scan is taking place, go to the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=38396):
 
 :::info
 **info**
@@ -60,13 +57,10 @@ Read the System Requirements and Install Instructions provided by Microsoft to c
 ## Create a Service Principal Account
 
 
-1. Open the Azure Portal and sign in with an administrator account
-
+1. Open the [Azure Portal](https://portal.azure.com/) and sign in with an administrator account.
+2. Create a new app registration.
 
-   1. [Azure Portal](https://portal.azure.com/)
-2. Create a new app registration
 
-
    1. Navigate to Microsoft Entra ID → App registrations → New registration
    2. Give the new application a distinguishable name
 3. Create a client secret
@@ -90,6 +84,9 @@ Read the System Requirements and Install Instructions provided by Microsoft to c
    2. Click “Add a permission”
    3. Select the **Microsoft Graph API** permission set > Application permissions
    4. Add the “InformationProtectionPolicy.Read.All” permission
+
+![Azure App Permissions](/images/accessanalyzer/11.6/requirements/target/config/AIP_APP_Permissions.webp)
+
 5. After adding the required API permission, select “Grant admin consent”
 6. Record the AppID (from the Overview Page) and the tenantID with the secret value
 

@@ -46,6 +46,12 @@ This file is located within the following directory: `…\STEALTHbits\StealthAUD
 
 - FSAAAppletServer.exe
 
+## SharePoint Agent Server
+
+This file is located within the following directory: `...\Program Files\STEALTHbits\StealthAUDIT\SPAA\`
+
+- Stealthbits.StealthAUDIT.Agent.Service.exe
+
 ## Access Information Center
 
 This file is located within the following directory: `…\STEALTHbits\Access Information Center\`

@@ -45,10 +45,7 @@ Ensure the following prerequisites are met before configuring AIP scanning:
 
 The Rights Management Service Client must be installed on the applet servers where FSAA is running. This may be the local Access Analyzer server, a Proxy server, or a File Server running in applet mode.
 
-* To install the Rights Management Service Client 2.1 on the server where the scan is taking place, go to the Microsoft download center:
-
-  [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=38396)
-
+* To install the Rights Management Service Client 2.1 on the server where the scan is taking place, go to the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=38396):
 
 :::info
 **info**
@@ -60,13 +57,11 @@ Read the System Requirements and Install Instructions provided by Microsoft to c
 ## Create a Service Principal Account
 
 
-1. Open the Azure Portal and sign in with an administrator account
+1. Open the [Azure Portal](https://portal.azure.com/) and sign in with an administrator account.
 
-
-   1. [Azure Portal](https://portal.azure.com/)
 2. Create a new app registration
 
-   
+
    1. Navigate to Microsoft Entra ID → App registrations → New registration
    2. Give the new application a distinguishable name
 3. Create a client secret
@@ -90,6 +85,9 @@ Read the System Requirements and Install Instructions provided by Microsoft to c
    2. Click “Add a permission”
    3. Select the **Microsoft Graph API** permission set > Application permissions
    4. Add the “InformationProtectionPolicy.Read.All” permission
+
+![Azure App Permissions](/images/accessanalyzer/12.0/requirements/target/config/AIP_APP_Permissions.webp)
+
 5. After adding the required API permission, select “Grant admin consent”
 6. Record the AppID (from the Overview Page) and the tenantID with the secret value
 

@@ -13,6 +13,10 @@ Information Center user. See the
 [Results Pane](/docs/accessinformationcenter/11.6/resourceaudit/navigate/overview.md#results-pane)
 topic for information on filter options.
 
+:::note
+Users must be assigned permissions directly to an object to appear in this report. Users who receive access as part of an AD group membership will only be reflected in the [Effective Access Report](/docs/accessinformationcenter/11.6/resourceaudit/user/effectiveaccess.md)
+:::
+
 ![Permissions report](/images/accessinformationcenter/11.6/resourceaudit/user/permissions.webp)
 
 This report is comprised of the following columns:

@@ -12,6 +12,10 @@ means the report displays both direct and inherited permissions unless modified
 Information Center user. See the [Results Pane](/docs/accessinformationcenter/12.0/resourceaudit/navigate/overview.md#results-pane) topic for
 information on filter options.
 
+:::note
+Users must be assigned permissions directly to an object to appear in this report. Users who receive access as part of an AD group membership will only be reflected in the [Effective Access Report](/docs/accessinformationcenter/12.0/resourceaudit/user/effectiveaccess.md)
+:::
+
 ![Permissions report](/images/accessinformationcenter/12.0/resourceaudit/user/permissions.webp)
 
 This report is comprised of the following columns:

@@ -33,17 +33,8 @@ information:
 | Working hours    | Limits your search results to entries that occurred within the specified hours. You can use this filter together with When if you need, for example, to search for activity in the non-business hours during the last week.                                                             | You are investigating an incident and want to know who accessed sensitive data outside business hours. You can set this filter as Not equal to and specify the time interval from 8:00 AM to 6:00 PM. Filtered data will include only operations that occurred outside this interval, that is, during non-business hours.                                                                                                     |
 | Data categories  | Limits your search results to entries that contain sensitive data complying with a classification rule. You can use this filter together with Equal to PCIDSS to, for example, search for sensitive files that contain data regulated by the PCIDSS.                                     | You are searching all documents containing cardholder data that can potentially be mapped with the PCIDSS compliance standard. You can set this filter as equal to and specify the value as PCIDSS. Filtered data will contain only files that match this criteria. This filter shows activity records collected from the following data sources: Windows File Servers, SharePoint, SharePoint Online.                |
 | Details          | Limits your search results to entries that contain the specified information in the Details column. The Details column normally contains data specific to your target, e.g., assigned permissions, before and after values, start and end dates. This filter can be helpful when you are looking for a unique entry.                | You discovered that a registry key was updated to "242464". Now you want to investigate who made the change and what the value was before. You can set the Details filter to 242464 to find this change faster.                                                                                                                                                                                                           |
-| Before*          | Limits your search results to entries that contain the specified before value in the Details column.                                                                                                                                                                                      | You are investigating an incident in which the SAM-account-name attribute was changed for an account in your Active Directory domain. You can set the Before filter to the previous name (e.g., John2000) to find the new name faster.                                                                                                                                                                                     |
-| After*           | Limits your search results to entries that contain the specified after value in the Details column.                                                                                                                                                                                       | You are investigating a security incident and want to know who enabled a local Administrator account on your Windows Server. You can set the After filter to this account's current state (e.g., Enabled) to find this change faster.                                                                                                                                                                                    |
 | Everywhere       | Limits your search results to entries that contain the specified value in any column.                                                                                                                                                                                                     | You are investigating a security incident. You have already identified the intruder (e.g., BadActor) and now you want to see all actions made by the intruder's account or with it. Since the intruder can be the actor (Who), the object (What), or can even show up in details, set the Everywhere filter to the intruder's name.                                                                                                                       |
 
-\* If you plan to audit an SQL Server for data changes and browse the results using 'Before' and
-'After' filter values, make sure that the audited SQL database tables have a primary key (or a
-unique column). Otherwise, 'Before' and 'After' values will not be reported.
-
-\* – If you plan to audit an SQL Server for data changes and browse the results using 'Before' and
-'After' filter values, make sure that the audited SQL database tables have a primary key (or a
-unique column). Otherwise, 'Before' and 'After' values will not be reported.
 
 ## Search Conditions
 

@@ -8,17 +8,14 @@ sidebar_position: 90
 
 The Licenses tab allows you to review the status of your current licenses, update them and add new
 licenses. To learn about Netwrix Auditor licenses, refer to the following Netwrix Knowledge Base
-article: [Netwrix Auditor Licensing FAQs](https://www.netwrix.com/kb/2113).
+article: [Netwrix Auditor Licensing FAQs]([https://www.netwrix.com/kb/2113](https://docs.netwrix.com/docs/kb/auditor/features-and-operations/glossaries-and-faqs/netwrix-auditor-licensing-faqs).
 
 Follow the steps to update or add a license.
 
-**Step 1 –** Click **Update**.
+**Step 1 –** Click **Upload License File**.
 
-**Step 2 –** In the dialog that opens, do one of the following:
+**Step 2 –** In the dialog that opens, point to a license file received from your sales representatives and click the Open button
 
-- Select Load from file, click Browse and point to a license file received from your sales
-  representative.
-- Select Enter manually and type in your company name, license count and license codes.
 
 ## Notes for Managed Service Providers
 

@@ -37,23 +37,6 @@ you plan to export or print such reports, check the requirements below.
 **NOTE:** Please note that if you are going to use SQL Express plan, do not install SSRS and Auditor
 on the domain controller.
 
-Export SSRS-based reports
-
-To export SSRS-based reports, it is recommended Internet Explorer is installed on the machine where
-Auditor client runs. If IE is not available, you can use the **Print** function or click the button
-**Open in browser** and export the report directly from Netwrix Auditor.
-
-See the following Microsoft article for the full list of the supported browsers:
-[Browser Support for Reporting Services and Power View](https://learn.microsoft.com/en-us/sql/reporting-services/browser-support-for-reporting-services-and-power-view?view=sql-server-ver16).
-
-Follow the steps to configure Internet Options to allow file downloads for the Local intranet zone.
-
-**Step 1 –** Select **Internet Options** and click **Security**.
-
-**Step 2 –** Select **Local intranet** zone and click **Custom level**.
-
-**Step 3 –** In the Settings list, locate **Downloads** > **File download** and make sure the
-**Enabled** option is selected.
 
 Printing
 

@@ -59,7 +59,7 @@ following
 
 :::note
 
-[https://www.policypak.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html](http://www.policypak.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html).
+[Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?](/docs/endpointpolicymanager/components/applicationsettingsmanager/technotes/preconfiguredappsets/certificates_1.md).
 :::
 
 

@@ -36,7 +36,7 @@ see it open as an IE tab in Edge. We say should because the rule will not work r
 a detail called the 65 second rule, which you can read more about here
 [https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility](https://www.policypak.com/video/endpointpolicymanager-troubleshooting-with-admx-files.html).
 From the first time a user accesses
-[www.policypak.com](https://www.policypak.com/knowledge-base/browser-router-troubleshooting/how-to-quickly-troubleshoot-endpointpolicymanager-browser-router.html),
+[www.policypak.com](https://www.policypak.com/),
 a period of 65 seconds or so has to transpire until the rule comes fully into effect. Here you can
 see that the Endpoint Policy Manager website now appears in IE mode within the Edge browser itself:
 

@@ -1,27 +1,7 @@
 ---
-description: >-
-  This article describes how to configure Netwrix Endpoint Policy Manager to
-  integrate with Netwrix Privilege Secure so users can launch a specified
-  program with on-demand elevated privileges. The example uses dbeaver.exe but
-  you can configure any executable.
-keywords:
-  - Netwrix Endpoint Policy Manager
-  - Netwrix Privilege Secure
-  - SbPAM
-  - elevated privileges
-  - GPO
-  - ADMX
-  - dbeaver
-  - executable policy
-  - launch policy
-products:
-  - endpointpolicymanager
-sidebar_label: Configuring PolicyPak to Run Programs with Elevate
-tags: []
-title: >-
-  Configuring Netwrix Endpoint Policy Manager to Run Programs with Elevated
-  Privileges via Privilege Secure
-knowledge_article_id: kA04u000000PoLbCAK
+title: "Configuring Netwrix Endpoint Policy Manager to Run Programs with Elevated Privileges via Privilege Secure"
+description: "This article describes how to configure Netwrix Endpoint Policy Manager to integrate with Netwrix Privilege Secure so users can launch a specified program with on-demand elevated privileges."
+sidebar_position: 40
 ---
 
 # Configuring Netwrix Endpoint Policy Manager to Run Programs with Elevated Privileges via Privilege Secure

@@ -1,18 +1,7 @@
 ---
-description: >-
-  This article explains how to disable the Optional Connected Experiences feature in Office 365 apps such as Word and Excel using registry settings or PowerShell scripts.
-keywords:
-  - Office 365
-  - Optional Connected Experiences
-  - registry settings
-  - PowerShell
-  - Endpoint Policy Manager
-sidebar_label: Disabling Optional Connected Experiences
-tags: []
 title: "Disabling Optional Connected Experiences in Office 365 Apps"
-knowledge_article_id: kA0Qk0000002WyHKAU
-products:
-  - endpointpolicymanager
+description: "This article explains how to disable the Optional Connected Experiences feature in Office 365 apps such as Word and Excel using registry settings or PowerShell scripts."
+sidebar_position: 20
 ---
 
 # Disabling Optional Connected Experiences in Office 365 Apps
@@ -61,4 +50,4 @@ If you are using **Netwrix Endpoint Policy Manager**, you can deploy the above P
 ## Related Links
 
 - [How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager](https://docs.netwrix.com/docs/endpointpolicymanager/)
-- [Policy Setting for Optional Connected Experiences ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/microsoft-365-apps/privacy/manage-privacy-controls#policy-setting-for-optional-connected-experiences)
+- [Policy Setting for Optional Connected Experiences ⸱ Microsoft 🡥](https://learn.microsoft.com/en-us/microsoft-365-apps/privacy/manage-privacy-controls#policy-setting-for-optional-connected-experiences)
@@ -9,6 +9,8 @@ If you want to know which GROUPS your Users or Computers are in within Azure AD,
 Endpoint Policy Manager (formerly PolicyPak) and these scripts. Then after that, you can use Item
 Level Targeting to check group membership and trigger actions and policies.
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/UOImq3pFxvI" title="Determine the Azure AAD Group Membership for User or Computers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
 Hi. This is Jeremy Moskowitz. In this video, I'm going to show you how to use a couple of scripts in
 order to figure out which Azure AD groups the user or computer is a member of.  
 Now I'm going to stress a couple of things right at the front of this video. These scripts are

@@ -10,6 +10,8 @@ Endpoint Policy Manager (formerly PolicyPak) and these scripts with your MDM ser
 Workspace ONE or MobileIron.. Then after that, you can use Item Level Targeting to check group
 membership and trigger actions and policies.
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/w5HXpv4F4DY" title="Use PP MDM to determine the Azure AAD Group Membership for User or Computers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
 Hi. This is Jeremy Moskowitz. This is part three of how to use Endpoint Policy Manager Scripts to
 query Azure AD to then do interesting things like apply Group Policy Preferences or Endpoint Policy
 Manager items depending on if a user or a computer is a member of an Azure AD group.

@@ -9,4 +9,6 @@ If you have Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud \*AND\* A
 this technique to query the User or Computer groups. Then use Item Level Targeting to trigger when
 GPPrefs or Endpoint Policy Manager items will apply.
 
+<iframe width="560" height="315" src="https://www.youtube.com/embed/T7_dP_7OjRg" title="Use Endpoint Policy Manager cloud + Azure AAD Group Membership for User or Computers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -59,7 +59,7 @@ following @@
     :::note
-    [https://www.policypak.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html](http://www.policypak.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html).
+    [Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?](/docs/endpointpolicymanager/components/applicationsettingsmanager/technotes/preconfiguredappsets/certificates_1.md).
     :::
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,4 +9,6 @@ If you have Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud \AND\ A
		this technique to query the User or Computer groups. Then use Item Level Targeting to trigger when
		GPPrefs or Endpoint Policy Manager items will apply.

		<iframe width="560" height="315" src="https://www.youtube.com/embed/T7_dP_7OjRg" title="Use Endpoint Policy Manager cloud + Azure AAD Group Membership for User or Computers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>