diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 725d0aaed2..0e0c392215 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -53,7 +53,7 @@ When you enable this audit policy, it functions in the same way as the **Network
 
 - **Enable all**
     
-    The domain controlleron which this policy is set will log all events for incoming NTLM traffic.
+    The domain controller on which this policy is set will log all events for incoming NTLM traffic.
 
 ### Best practices