diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index 98835fdcfd..325b6119b3 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 ms.author: justinha
 author: brianlic-msft
-ms.date: 08/08/2018
+ms.date: 11/15/2018
 ---
 
 # Enable virtualization-based protection of code integrity 
@@ -42,7 +42,7 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP]
 1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
 2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.  
 3. Double-click **Turn on Virtualization Based Security**.
-4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be enabled remotely or select **Enabled without UEFI lock**.
+4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**.
 
    ![Enable HVCI using Group Policy](images\enable-hvci-gp.png)