Microsoft has released out-of-band (OOB) Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy.

As the company explained, these local policy issues might only manifest as a reporting inconsistency since it’s possible that logon and logoff events are correctly being audited on some of the affected devices.

“Microsoft has identified an issue where audit logon/logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected,” Microsoft said in a Microsoft 365 message center update.

“This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the ‘Audit logon events’ policy with security setting of ‘No auditing’.”

When enabled, the “Audit logon events” policy setting lets admins decide whether to audit logon and logoff events and generate new entries in the audit logs. These logs record all user and service activity and help security teams and systems admins during breach investigations and for compliance purposes.

Microsoft released the following updates on Friday to address this Active Directory audit logon policy issue:

• Windows 11, versions 23H2 and 22H2 (KB5058919)
• Windows Server 2022 (KB5058920)
• Windows 10 Enterprise LTSC 2019 and Windows Server 2019 (KB5058922)
• Windows 10 LTSB 2016 and Windows Server 2016 (KB5058921)
• Azure Stack HCI, version 22H2 (KB5058920)

These emergency updates are non-security releases that should only be installed by affected organizations. The OOB updates can also be downloaded and installed on affected Windows versions only via the Microsoft Update Catalog.

They are also cumulative, and you do not need to install any previous updates before applying them since they replace all prior updates. The company also added that home users are unlikely to be affected by this known issue since logon auditing is mainly necessary in enterprise environments.

On Friday, Microsoft warned admins that some domain controllers running Windows Server 2025 might become inaccessible after a restart, which would cause apps and services to fail.

Last week, it also released a set of emergency Office 2016 updates to fix Word, Excel, and Outlook crashes triggered by the April 2025 security updates.

One day earlier, it said that some Windows users would have issues logging into their accounts using Windows Hello after installing this month’s security updates.