From 4c5b1b0c82307958cfcacc8f344cd30a0703c324 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 14 Mar 2018 18:36:55 -0700
Subject: [PATCH] update file uploads

---
 ...-uploads-windows-defender-advanced-threat-protection.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
index 01446c2e40..e803e9bb77 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
@@ -31,10 +31,11 @@ You can submit suspicious files identified by automated investigation to the clo
 
 1. In the navigation pane, select **Settings** > **Rules** > **Automation file uploads**. 
 
-2. Toggle the content analysis setting to **On**.
-
-3. Configure the file extension and email attachment extensions that will be submitted for analysis.
+2. Toggle the content analysis setting between **On** and **Off**.
 
+3. Configure the following extension names and separate extension names with a comma:
+   - **File extension names** -  Suspicious files except email attachments will be submitted for additional inspection
+   - **Attachment extension names** - Suspicious email attachments with these extension names will be submitted for additional inspection