| Microsoft-Windows-HostGuardianService-Admin | 1000 | Info | Host Guardian Service started successfully |
| Microsoft-Windows-HostGuardianService-Admin | 1001 | Info | Host Guardian Service stopped |
| Microsoft-Windows-HostGuardianService-Admin | 1010 | Medium | HGS configuration changed |
| Microsoft-Windows-HostGuardianService-Admin | 1015 | High | HGS initialization failed |
| Microsoft-Windows-HostGuardianService-Admin | 1017 | Info | HGS service listening endpoint created |
| Microsoft-Windows-HostGuardianService-Attestation | 2000 | Info | Attestation request received from host |
| Microsoft-Windows-HostGuardianService-Attestation | 2001 | Info | Attestation succeeded |
| Microsoft-Windows-HostGuardianService-Attestation | 2002 | High | Attestation failed (TPM or policy mismatch) |
| Microsoft-Windows-HostGuardianService-Attestation | 2003 | High | Host not registered or untrusted |
| Microsoft-Windows-HostGuardianService-Attestation | 2005 | Critical | Attestation service unavailable |
| Microsoft-Windows-HostGuardianService-KeyProtection | 3000 | Info | Key release request from host |
| Microsoft-Windows-HostGuardianService-KeyProtection | 3001 | Info | Key released to trusted host |
| Microsoft-Windows-HostGuardianService-KeyProtection | 3002 | High | Key release denied (untrusted host) |
| Microsoft-Windows-HostGuardianService-KeyProtection | 3004 | High | Key release service failed |
| Microsoft-Windows-HostGuardianService-KeyProtection | 3006 | Medium | Shielded VM unseal failure reported |
| Microsoft-Windows-HostGuardianService-Admin | 4000 | Info | HGS certificate renewal succeeded |
| Microsoft-Windows-HostGuardianService-Admin | 4001 | High | HGS certificate renewal failed |
| Microsoft-Windows-HostGuardianService-Admin | 4002 | High | AD trust validation with domain controller failed |
| Microsoft-Windows-HostGuardianService-Admin | 4003 | High | Root or intermediate certificate missing |
| Microsoft-Windows-HostGuardianService-Admin | 4004 | Medium | TPM or attestation policy modified |
| Security | 4624 | Info | Successful HGS service account logon |
| Security | 4625 | High | Failed HGS authentication attempt |
| Security | 4670 | Medium | Permissions on HGS registry or files changed |
| Microsoft-Windows-HostGuardianService-Admin | 5001 | High | Unauthorized configuration attempt detected |
| Microsoft-Windows-HostGuardianService-Admin | 5003 | Critical | Policy integrity violation detected |