diff --git a/.github/workflows/claude-documentation-reviewer.yml b/.github/workflows/claude-documentation-reviewer.yml
index e570d326dc..d6c6602d28 100644
--- a/.github/workflows/claude-documentation-reviewer.yml
+++ b/.github/workflows/claude-documentation-reviewer.yml
@@ -108,7 +108,7 @@ jobs:
Then fix ALL issues directly in the files using the Write and Edit tools. Do not post a PR comment. Do not commit or push.
claude_args: |
- --model claude-sonnet-4-5-20250929
+ --model claude-opus-4-6
--allowedTools "Read,Write,Edit,Bash(gh pr view:*),Bash(gh pr diff:*)"
--append-system-prompt "${{ steps.read-prompt.outputs.prompt }}"
diff --git a/docs/accessanalyzer/12.0/install/application/reports/okta.md b/docs/accessanalyzer/12.0/install/application/reports/okta.md
index 6d1492972b..4d3ffa765f 100644
--- a/docs/accessanalyzer/12.0/install/application/reports/okta.md
+++ b/docs/accessanalyzer/12.0/install/application/reports/okta.md
@@ -82,7 +82,7 @@ Access Analyzer Okta application.
Analyzer server and port into the **Webserver.exe.config** file as:
```
-
+
```
**Step 4 –** Restart the Access Analyzer Web Server.
diff --git a/docs/auditor/10.8/api/activityrecordreference.md b/docs/auditor/10.8/api/activityrecordreference.md
index c7e30d4c70..4d19baaa7a 100644
--- a/docs/auditor/10.8/api/activityrecordreference.md
+++ b/docs/auditor/10.8/api/activityrecordreference.md
@@ -18,9 +18,9 @@ Records.
| Who | Yes | nvarchar 255 | A specific user who made the change (e.g., _Enterprise\ Administrator_, _Admin@enterprise.onmicrosoft.com_). |
| Action | Yes | — | Activity captured by Auditor (varies depending on the data source). |
| What | Yes | nvarchar max | A specific object that was changed (e.g., _NewPolicy_). |
-| When | Yes | dateTime | The moment when the change occurred. When supports the following datetime formats. |
-| Where | Yes | nvarchar 255 | A resource where the change was made (e.g., _Enterprise-SQL_, _FileStorage.enterprise.local_). The resource name can be a FQDN or NETBIOS server name, Active Directory domain or container, SQL Server instance, SharePoint farm, VMware host, etc. |
-| ObjectType | Yes | nvarchar 255 | A type of affected object or its class (e.g., user, mailbox). |
+| When | Yes | dateTime | The moment when the change occurred. This field supports the following datetime formats: `YYYY-MM-DDTHH:mm:ssZ` (UTC), `YYYY-MM-DDTHH:mm:ss+HH:mm` (positive UTC offset), and `YYYY-MM-DDTHH:mm:ss-HH:mm` (negative UTC offset). |
+| Where | Yes | nvarchar 255 | A resource where the change was made (e.g., _Enterprise-SQL_, _FileStorage.enterprise.local_). The resource name can be a FQDN or NetBIOS server name, Active Directory domain or container, SQL Server instance, SharePoint farm, VMware host, etc. |
+| ObjectType | Yes | nvarchar 255 | A type of affected object or its class (e.g., _user_, _mailbox_). |
| Monitoring Plan | No | nvarchar 255 | The Auditor object that is responsible for monitoring a given data source and item. Sub-elements: Name and ID. If you provide a monitoring plan name for input Activity Records, ensure the plan is created in Auditor, the Netwrix API data source is added to the plan, and enabled for monitoring. This ensures data is written to the database associated with this plan. |
| DataSource | No | nvarchar max | IT infrastructure monitored with Auditor (e.g., _Active Directory_). For input Activity Records, the data source is automatically set to Netwrix API. |
| Item | No | nvarchar max | The exact object that is monitored (e.g., a domain name, SharePoint farm name) or integration name. Sub-element: Name. The item type is added inside the name value in brackets (e.g., _enterprise.local (Domain)_). For input Activity Records, the type is automatically set to Integration, you do not need to provide it. The output Activity Records may contain various item types depending on the monitoring plan configuration: - AD container
- NetApp
- Computer
- Office 365 tenant
- Domain
- Oracle Database instance
- EMC Isilon
- SharePoint farm
- Dell VNX/VNXe
- SQL Server instance
- Integration
- VMware ESX/ESXi/vCenter
- IP range
- Windows file share. If you provide an item name for input Activity Records, ensure this item is included in the monitoring plan within the Netwrix API data source. If you specify an item that does not exist, data will be written to the plan's database anyway but will not be available for search using the Item filter.
|
diff --git a/docs/passwordpolicyenforcer/11.1/index.md b/docs/passwordpolicyenforcer/11.1/index.md
index 6fd85f1a74..8a9e6208d5 100644
--- a/docs/passwordpolicyenforcer/11.1/index.md
+++ b/docs/passwordpolicyenforcer/11.1/index.md
@@ -44,6 +44,8 @@ Here are the requirements for both the full and evaluation Password Policy Enfor
- 10
- 11
+- PowerShell 7.4 or higher
+
## Password Policy Enforcer Client
Here are the requirements for both the full and evaluation Password Policy Enforcer installations.
diff --git a/docs/passwordpolicyenforcer/11.1/installation/hibpupdater.md b/docs/passwordpolicyenforcer/11.1/installation/hibpupdater.md
index be4a454227..71ff406f5e 100644
--- a/docs/passwordpolicyenforcer/11.1/installation/hibpupdater.md
+++ b/docs/passwordpolicyenforcer/11.1/installation/hibpupdater.md
@@ -23,10 +23,21 @@ against the HIBP database.
Prior to deploying the HIBP database, consider the pros and cons when choosing its deployment
location.
-- The HIBP database takes up additional space on the machine where it is copied (approximately 13
- GB, but subject to change)
-- A network connection to the application server is not required to check passwords against the HIBP
- database
+If the HIBP database is copied to and stored local on the Domain Controllers:
+
+- The HIBP database takes up additional space on the machine where it is copied. (Aproximetly 13GB but subject to change)
+- If doing local the database needs to be on every Domain Controller in the same location as specified in the Rule.
+- A network connection does not come into play and possibly affect performance of checking the password against the HIBP database
+- The pending password candidate is checked against the archived hash file at the local level. If a password hash is matched, the pending password change is rejected.
+
+
+If the HIBP database is kept on a Network Share:
+
+- The database takes up space only on the Network Share, not on each Domain Controller.
+- Requires a working network connection from the Domain Controllers to the Network Share with Read permissions to check:
+- The pending password candidate from Domain Controller against the HIBP Database stored on the Network Share, this could affect LSASS/Password Change performance depending on the environment.
+- HIBP database space is not required on the domain controllers but on one Network Location.
+- At the time of a password change, if the Network Share is not available, the Domain Controller must assume the hash is okay and the possibility of a known compromised password being accepted.
## Installation and Configuration