diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
index 01446c2e40..e803e9bb77 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
@@ -31,10 +31,11 @@ You can submit suspicious files identified by automated investigation to the clo
 
 1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**. 
 
-2. Toggle the content analysis setting to **On**.
-
-3. Configure the file extension and email attachment extensions that will be submitted for analysis.
+2. Toggle the content analysis setting between **On** and **Off**.
 
+3. Configure the following extension names and separate extension names with a comma:
+   - **File extension names** -  Suspicious files except email attachments will be submitted for additional inspection
+   - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection