diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
index 0f92c2bbd8..5eacf443c4 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
@@ -40,7 +40,7 @@ The **Maximum password age** policy setting determines the period of time (in da
 Set **Maximum password age** to a value between 30 and 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to compromise a user's password and have access to your network resources.
 
 > [!NOTE]
-> Security baseline recommended by Microsoft doesn't contain the password-expiration policy, as this mitigation is less effective than modern ones. However, companies that didn't implement Azure AD Password Protection, multifactor authentication or other modern mitigations of password-guessing attacks, should leave this policy effective.
+> The security baseline recommended by Microsoft doesn't contain the password-expiration policy, as it is less effective than modern mitigations. However, companies that didn't implement Azure AD Password Protection, multifactor authentication, or other modern mitigations of password-guessing attacks, should leave this policy in effect.
 
 ### Location