From 4e1e3b3e89f1f49b52b676b8527006f09dac0616 Mon Sep 17 00:00:00 2001
From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com>
Date: Mon, 15 Oct 2018 14:56:06 -0700
Subject: [PATCH] Incorp tech review

---
 ...face-reduction-rules-in-windows-10-enterprise-e3.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
index fa933afc36..4cc8fbd9f5 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
@@ -20,17 +20,13 @@ ms.date: 10/15/2018
 
 - Windows 10 Enterprise E3
 
-Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. 
+Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. 
 
-Attack surface reduction rules work best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which requires a Windows 10 Enterprise E5 license. Windows Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
-
-However, you can use a limited subset of attack surface reduction rules in Windows 10 Enterprise E3 if you are able to either develop your own reporting, monitoring, and analytics or hook into an existing solution in your environment.
+A limited subset of basic attack surface reduction rules can technically be used with Windows 10 Enterprise E3. They can be used without the benefits of reporting, monitoring, and analytics, which provide the ease of deployment and management capabilities necessary for enterprises. 
 
 Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
 
-## Attack surface reduction rules
-
-The following attack surface reduction rules are available with a Windows 10 Enterprise E3 license:
+The limited subset of rules that can be used in Windows 10 Enterprise E3 include:
 
 - Block executable content from email client and webmail
 - Block all Office applications from creating child processes