diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 238b8d7a79..90dcfbad85 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -244,7 +244,7 @@ Microsoft Endpoint Configuration Manager name: `Block executable content from em
 GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550`
 
 > [!Note]
-> The rule **Block executable content from email client and webmail** is also reffered as following. 
+> The rule **Block executable content from email client and webmail** has the following separate descriptions, depending on which application you use:
 > Intune (Configuration Profiles): Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions)
 > Endpoint Manager: Block executable content download from email and webmail clients
 > Group Policy: Block executable content from email client and webmail