From bc1ff0b0bf2f81936bd2153367f7c11328708f8a Mon Sep 17 00:00:00 2001
From: martyav <v-maave@microsoft.com>
Date: Tue, 30 Jul 2019 12:24:06 -0400
Subject: [PATCH] linted and cleaned audit windows defender

---
 .../audit-windows-defender.md                 | 29 +++++++++----------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender.md
index dd9c960c79..8635669975 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender.md
@@ -16,12 +16,11 @@ ms.reviewer:
 manager: dansimp
 ---
 
-
-# Use audit mode 
+# Use audit mode
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. This lets you see a record of what *would* have happened if you had enabled the feature.
 
@@ -33,25 +32,23 @@ To find the audited entries, go to **Applications and Services** > **Microsoft**
 
 You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. 
+This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
 
 You can use Group Policy, PowerShell, and configuration service providers (CSPs) to enable audit mode.
 
 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
 
-
-|Audit options | How to enable audit mode | How to view events |
-|- | - | - |
-|Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer) |
-|Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer) |
-|Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer) |
-|Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer) |
-
+ Audit options | How to enable audit mode | How to view events
+-|-|-
+Audit applies to all events | [Enable controlled folder access](enable-controlled-folders.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer)
+Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer)
+Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
+|Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
 
 ## Related topics
 
-- [Protect devices from exploits](exploit-protection-exploit-guard.md) 
-- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) 
-- [Protect your network](network-protection-exploit-guard.md) 
-- [Protect important folders](controlled-folders-exploit-guard.md)
+* [Protect devices from exploits](exploit-protection.md)
+* [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md)
+* [Protect your network](network-protection.md)
+* [Protect important folders](controlled-folders.md)