auditing -> audit

windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md

@@ -1,6 +1,6 @@
 ---
 title: Test how the features will work in your organization
-description: Auditing mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
+description: Audit mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
 keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -14,30 +14,30 @@ ms.author: iawilt
 ---
 
 
-# Use auditing mode to evaluate Windows Defender Exploit Guard features
+# Use audit mode to evaluate Windows Defender Exploit Guard features
 
 
-You can enable each of the features of Windows Defender Explot Guard in auditing mode. This lets you see a record of what *would* have happened if you had enabled the feature.
+You can enable each of the features of Windows Defender Explot Guard in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
 
 You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious file modification attempts generally occur over a certain period.
 
-While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable auditing mode and then review the event log to see what impact the feature would have had were it enabled.
+While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled.
 
 You can use Windows Defender Advanced Threat Protection to get greater granularity into each event, especially for investigating Attack Surface Reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection).
 
-This topic links to topics that describe how to enable the auditing functionality for each feature and how to view events in the Windows Event Viewer. 
+This topic links to topics that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. 
 
-You can use Group Policy, PowerShell, and configuration servicer providers (CSPs) to enable auditing mode.
+You can use Group Policy, PowerShell, and configuration servicer providers (CSPs) to enable audit mode.
 
 
 
 
-Auditing options | How to enable auditing mode | How to view events
+Audit options | How to enable audit mode | How to view events
 - | - | -
-Auditing applies to all events | [Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled Folder Access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
+Audit applies to all events | [Enable Controlled Folder Access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled Folder Access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
-Auditing applies to individual rules | [Enable Attack Surface Reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack Surface Reduction events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
+Audit applies to individual rules | [Enable Attack Surface Reduction rules](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules) | [Attack Surface Reduction events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
-Auditing applies to all events | [Enable Network Protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network Protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
+Audit applies to all events | [Enable Network Protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network Protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
-Auditing applies to individual mitigations | [Enable Exploit Protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit Protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
+Audit applies to individual mitigations | [Enable Exploit Protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit Protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
 
 
 ## Related topics

windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md

@@ -41,7 +41,7 @@ Attack Surface Reduction is a feature that is part of Windows Defender Exploit G
 
 You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.
 
-For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
 
 Attack Surface Reduction rules are identified by their unique rule ID. 
 
@@ -109,7 +109,7 @@ See the [Evaluate Attack Surface Reduction rules](evaluate-attack-surface-reduct
 >Not sure if this is right. What does AttackSurfaceReductionRules_Actions do? Do you need to add $TRUE/$FALSE or 1/0 at the end to enable it? Does the rule need to go in " or {}? Some examples would be handy here I think
 
 
-You can enable the feauting in auditing mode using the following cmdlet:
+You can enable the feauting in audit mode using the following cmdlet:
 
 ```PowerShell
 Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode

windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -44,7 +44,7 @@ This topic describes how to enable Controlled Folder Access with the Windows Def
 
 You can enable Controlled Folder Access with the Windows Defender Security Center app, Group Policy, PowerShell, or MDM CSPs. You can also set the feature to audit mode. Audit mode allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
 
-For further details on how audit mode works, and when you might want to use it, see the [auditing Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
+For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
 
 
 ### Use the Windows Defender Security app to enable Controlled Folder Access
@@ -89,7 +89,7 @@ For further details on how audit mode works, and when you might want to use it,
     Set-MpPreference -EnableControlledFolderAccess Enabled
     ```
 
-You can enable the feauting in auditing mode by specifying `AuditMode` instead of `Enabled`.
+You can enable the feauting in audit mode by specifying `AuditMode` instead of `Enabled`.
 
 Use `Disabled` to turn the feature off.