diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
index ada9e29197..39bf267fdf 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
@@ -140,7 +140,7 @@ $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath <binary_to_block>
  ```
 
 ### Adding Allow All Rules
-If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or by merging with the Allow All xml present on the client system in the WDAC template folder: 
+If required, as in the cases listed above, [Allow All Rules](#adding-allow-rules) may need to be added to the policy. The Allow All rules can be manually added to the policy xml or added by merging with the Allow All xml present on the client system in the WDAC template folder: 
 
 ```PowerShell
 $DenyPolicy = <path_to_deny_policy>