revised requirements

windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md

@@ -194,15 +194,12 @@ With this rule, admins can prevent unsigned or untrusted executable files from r
 
 ## Requirements
 
-The following requirements must be met before Attack surface reduction will work:
+Attack surface reduction requires Microsoft 365 E5 and Windows Defender AV real-time protection.
 
 Windows 10 version | Windows Defender Antivirus
 - | -
 Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled
 
-
-
-
 ## Review Attack surface reduction events in Windows Event Viewer
 
 You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited):

windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -59,7 +59,13 @@ You can use the Windows Defender ATP console to obtain detailed reporting into e
 
 ## Requirements
 
-Each of the features in Windows Defender EG have slightly different requirements:
+The following table lists requirements for each feature in Windows Defender EG. 
+
+**Legend**<br/>
+![not supported](./images/ball_empty.png) Not supported<br/>
+![supported](./images/ball_50.png) Supported<br/>
+![supported, enhanced](./images/ball_75.png) Includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity)<br/>
+![supported, full reporting](./images/ball_full.png) Includes automated reporting into the Windows Defender ATP console<br/>
 
 | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
 | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
@@ -68,20 +74,14 @@ Each of the features in Windows Defender EG have slightly different requirements
 | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
 
-> [!NOTE]
+The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus. 
-> ![supported, enhanced](./images/ball_75.png) Exploit Protection - On Windows 10 E3, includes advanced exploit protection for the kernel mode via [HVCI] (https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).<br/>
-> ![supported, full reporting](./images/ball_full.png) On Windows 10 E5, includes automated reporting into the Windows Defender ATP console.
 
-
+| Feature | Real-time protection |
-| Feature | [Windows Defender Antivirus](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 |-----------------| ------------------------------------ |
 | Exploit protection | No requirement |
-| Attack surface reduction | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Attack surface reduction | Must be enabled |
-| Network protection | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Network protection | Must be enabled |
-| Controlled folder access | [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled |
+| Controlled folder access | Must be enabled |
-
-> [!NOTE]
-> Each feature's requirements are further described in the individual topics in this library.
 
  ## In this library