Update configure-an-applocker-policy-for-audit-only.md

windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md

@@ -1,27 +1,24 @@
 ---
 title: Configure an AppLocker policy for audit only
-description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
+description: This article for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 06/08/2018
+ms.date: 12/21/2023
 ---
 
 # Configure an AppLocker policy for audit only
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This article for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
 
-This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
+After AppLocker rules are created within the rule collection, you can configure the enforcement mode setting to **Enforce rules** or **Audit only**.
 
-After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only**.
+When AppLocker policy enforcement mode is set to **Enforce rules**, rules are enforced for the rule collection and all events are logged to the AppLocker event logs for that rule collection. When AppLocker policy enforcement mode is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker event logs.
 
-When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
- 
-You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins).
+To create an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To create an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker).
 
-**To audit rule collections**
+## To audit rule collections
 
-1.  From the AppLocker console, right-click **AppLocker**, and then click **Properties**.
-2.  On the **Enforcement** tab, select the **Configured** check box for the rule collection that you want to enforce, and then verify that **Audit only** is selected in the list for that rule collection.
-3.  Repeat the above step to configure the enforcement setting to **Audit only** for additional rule collections.
-4.  Click **OK**.
+1. From the AppLocker console, right-click **AppLocker**, and then select **Properties**.
+2. On the **Enforcement** tab, select the **Configured** check box for the rule collection that you want to enforce, and then verify that **Audit only** is selected in the list for that rule collection.
+3. Repeat the above step to configure the enforcement setting to **Audit only** for other rule collections.
+4. Select **OK**.