asr changes

windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md

@@ -108,8 +108,6 @@ See the [Evaluate Attack Surface Reduction rules](evaluate-attack-surface-reduct
 >[!NOTE]
 >Not sure if this is right. What does AttackSurfaceReductionRules_Actions do? Do you need to add $TRUE/$FALSE or 1/0 at the end to enable it? Does the rule need to go in " or {}? Some examples would be handy here I think
 
->[!IMPORTANT]
->Use `Add-MpPreference` to append or add rules. Using the `Set-MpPreference` cmdlet will overwrite the existing list.
 
 You can enable the feauting in auditing mode using the following cmdlet:
 
@@ -117,7 +115,7 @@ You can enable the feauting in auditing mode using the following cmdlet:
 Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
 ```
 
-Use `Disabled` insead of AuditMode to turn the feature off.
+Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
 
 >[!NOTE]
 >We need to walk through this so I understand how it works

windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md

@@ -222,7 +222,7 @@ You can also review the Windows event log to see the events there were created w
 
 5. This will create a custom view that filters to only show the following events related to Attack Surface Reduction:
 
- Event ID | Description
+Event ID | Description
 -|-
 5007 | Event when settings are changed
 1122 | Event when rule fires in Audit-mode