diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 0200a973b4..878ac369c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -81,7 +81,7 @@ You can configure the following levels of automation:
 |---|---|
 |**Full - remediate threats automatically** | All remediation actions are performed automatically. Remediation actions that were taken can be viewed in the [Action Center](auto-investigation-action-center.md), on the **History** tab.<br/><br/>**This option is recommended** and is selected by default for tenants that were created on or after August 16, 2020 with Microsoft Defender for Endpoint, with no device groups defined yet. <br/><br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**. |
 |**Semi - require approval for core folders remediation** | Approval is required for remediation actions on files or executables that are in core folders. These pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md). <br/><br/>Remediation actions can be taken automatically on files or executables that are in other (non-core) folders. Core folders include operating system directories, such as the **Windows** and **Program files** folders (`'System': ['?:\windows\*']`). |
-|**Semi - require approval for non-temp folders remediation** | Approval is required for remediation actions on files or executables that are not in temporary folders. These pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md).<br/><br/> Remediation actions can be taken automatically on files or executables that are in temporary folders. Temporary folder locations can include the following: <br/>- `\users\*\appdata\local\temp\*`<br/>- `\documents and settings\*\local settings\temp\*` <br/>- `\documents and settings\*\local settings\temporary\*`<br/>- `\windows\temp\*`<br/>- `\users\*\downloads\*', \downloads\*`<br/>- `\program files\*', r'?:\program files (x86)\*`<br/>- `\documents and settings\*\users\*` |
+|**Semi - require approval for non-temp folders remediation** | Approval is required for remediation actions on files or executables that are not in temporary folders. These pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md).<br/><br/> Remediation actions can be taken automatically on files or executables that are in temporary folders. Temporary folder locations can include the following: <br/>- `\users\*\appdata\local\temp\*`<br/>- `\documents and settings\*\local settings\temp\*` <br/>- `\documents and settings\*\local settings\temporary\*`<br/>- `\windows\temp\*`<br/>- `\users\*\downloads\*`<br/>- `\program files\` <br/>- `\program files (x86)\*`<br/>- `\documents and settings\*\users\*` |
 |**Semi - require approval for any remediation** | Approval is required for any remediation action. <br/><br/>This option is selected by default for tenants that were created before August 16, 2020 with Microsoft Defender ATP, with no device groups defined.<br/><br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.|
 |**No automated response** | Automated investigation does not run on your organization's devices. As a result, no remediation actions are taken or pending as a result of automated investigation. <br/><br/>**This option is not recommended**, because it reduces the security posture of your organization's devices. |