diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 89c574f14d..0d2841c46b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -40,7 +40,7 @@ Entities are the starting point for Automated investigations. When an alert cont
 >- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464)) or later
 >- Later versions of Windows 10
 
-The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
+The Automated investigation starts by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
 
 ### Details of an Automated investigation
 
@@ -85,4 +85,4 @@ The default machine group is configured for semi-automatic remediation. This mea
 When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
 
 ## Related topic
-- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
\ No newline at end of file
+- [Learn about the automated investigations dashboard](manage-auto-investigation.md)