diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index e0c8044cf1..57043da075 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -35,17 +35,17 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 | 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
 | 3099 | Indicates that a policy has been loaded |
 
-## Microsoft Windows Applocker MSI and Script log event IDs
+## Microsoft Windows AppLocker MSI and Script log event IDs
 
 | Event ID | Explanation |
 |---|----------|
-| 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
+| 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the script hosts themselves. Note: there is no WDAC enforcement on third-party script hosts. |
 | 8029 | Block script/MSI file |
-| 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
+| 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
 
 ## Optional Intelligent Security Graph (ISG) or Managed Installer (MI) diagnostic events
 
-If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
+If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide more diagnostic information.
 
 | Event ID | Explanation |
 |---|----------|
@@ -53,11 +53,11 @@ If either the ISG or MI is enabled in a WDAC policy, you can optionally choose t
 | 3091 | Audit executable/dll file |
 | 3092 | Block executable/dll file |
 
-3090, 3091, and 3092 events are generated based on the status code of whether a binary passed the policy, regardless of what reputation it was given or whether it was allowed by a designated MI. The SmartLocker template which appears in the event should indicate why the binary passed/failed. Only one event is generated per binary pass/fail. If both ISG and MI are disabled, 3090, 3091, and 3092 events will not be generated.
+3090, 3091, and 3092 events are generated based on the status code of whether a binary passed the policy, regardless of what reputation it was given or whether it was allowed by a designated MI. The SmartLocker template that appears in the event should indicate why the binary passed/failed. Only one event is generated per binary pass/fail. If both ISG and MI are disabled, 3090, 3091, and 3092 events will not be generated.
 
 ### SmartLocker template
 
-Below are the fields which help to diagnose what a 3090, 3091, or 3092 event indicates.
+Below are the fields that help to diagnose what a 3090, 3091, or 3092 event indicates.
 
 | Name | Explanation |
 |---|----------|
@@ -76,7 +76,7 @@ In order to enable 3091 audit events and 3092 block events, you must create a Te
 reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x100
 ```
 
-In order to enable 3090 allow events as well as 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
+To enable 3090 allow events, and 3091 and 3092 events, you must instead create a TestFlags regkey with a value of 0x300. You can do so using the following PowerShell command:
 
 ```powershell
 reg add hklm\system\currentcontrolset\control\ci -v TestFlags -t REG_DWORD -d 0x300