Apply suggestions from code review

Co-authored-by: Mike F. Robbins <[email protected]>

Author: sdwheeler

reference/docs-conceptual/security/app-control/application-control.md

@@ -16,7 +16,7 @@ based on unique properties of the files.
 **WDAC**, introduced with Windows 10, allows you to control which drivers and applications are
 allowed to run on Windows.
 
-PowerShell detects both AppLocker and WDAC system wide policies. AppLocker is a deprecated. WDAC is
+PowerShell detects both AppLocker and WDAC system wide policies. AppLocker is deprecated. WDAC is
 the preferred application control system for Windows. WDAC is designed as a security feature under
 the servicing criteria defined by the Microsoft Security Response Center (MSRC).
 
@@ -31,7 +31,7 @@ For more information about AppLocker and WDAC, see [Application Controls for Win
 
 ## WDAC policy enforcement
 
-When PowerShell runs under a WDAC policy, it changes its behavior based on the defined security
+When PowerShell runs under a WDAC policy, its behavior changes based on the defined security
 policy. Under a WDAC policy, PowerShell runs trusted scripts and modules allowed by the policy in
 `FullLanguage` mode. All other scripts and script blocks are untrusted and run in
 `ConstrainedLanguage` mode. PowerShell throws errors when the untrusted scripts attempt to perform
@@ -42,28 +42,27 @@ failed to run correctly in `ConstrainedLanguage` mode.
 
 PowerShell 7.4 added a new feature to support WDAC policies in **Audit** mode. In audit mode,
 PowerShell runs the untrusted scripts in `ConstrainedLanguage` mode without errors, but logs messages
-to the event log instead. The log messages describe what restrictions would apply if the policy was
+to the event log instead. The log messages describe what restrictions would apply if the policy were
 in **Enforce** mode.
 
 ## History of changes
 
 Windows PowerShell 5.1 was the first version of PowerShell to support WDAC. The security features of
 WDAC and AppLocker improve with each new release of PowerShell. The following sections describe how
 this support changed in each version of PowerShell. The changes are cumulative, so the features
-described in the later versions include the features from the earlier versions.
+described in the later versions include those from earlier versions.
 
 ### Changes in PowerShell 7.4
 
-On Windows, when PowerShell runs under a Windows Defender Application Control (WDAC) policy, it
-changes its behavior based on the defined security policy. Under a WDAC policy, PowerShell runs
+On Windows, when PowerShell runs under a Windows Defender Application Control (WDAC) policy, its behavior changes based on the defined security policy. Under a WDAC policy, PowerShell runs
 trusted scripts and modules allowed by the policy in `FullLanguage` mode. All other scripts and
 script blocks are untrusted and run in `ConstrainedLanguage` mode. PowerShell throws errors when the
 untrusted scripts attempt to perform disallowed actions. It's difficult to know why a script fails
 to run correctly in `ConstrainedLanguage` mode.
 
 PowerShell 7.4 now supports WDAC policies in **Audit** mode. In audit mode, PowerShell runs the
 untrusted scripts in `ConstrainedLanguage` mode but logs messages to the event log instead of
-throwing errors. The log messages describe what restrictions would apply if the policy was in
+throwing errors. The log messages describe what restrictions would apply if the policy were in
 **Enforce** mode.
 
 ### Changes in PowerShell 7.3
@@ -87,7 +86,7 @@ throwing errors. The log messages describe what restrictions would apply if the
 
 - For more information about how WDAC works and what restrictions it enforces, see
   [How WDAC works with PowerShell][06].
-- For more information about using securing PowerShell with WDAC, see [How to use WDAC][05].
+- For more information about securing PowerShell with WDAC, see [How to use WDAC][05].
 
 <!-- link references -->
 [01]: /windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker

reference/docs-conceptual/security/app-control/how-to-use-wdac.md

@@ -21,7 +21,7 @@ approved files are allowed to load and run. PowerShell either blocks unapproved
 running or runs them in `ConstrainedLanguage` mode, depending on policy options.
 
 You create and manipulate WDAC policy using the **ConfigCI** module, which is available on all
-supported Windows version. This Windows PowerShell module that can be used in Windows PowerShell 5.1
+supported Windows versions. This Windows PowerShell module can be used in Windows PowerShell 5.1
 or in PowerShell 7 through the **Windows Compatibility** layer. It's easier to use this module in
 Windows PowerShell. The policy you create can be applied to any version of PowerShell.
 
@@ -44,7 +44,7 @@ For testing, you just need to create a default policy and a self signed code sig
 1. Disable Audit Mode in default policy
 
    A new policy is always created in `Audit` mode. To test policy enforcement, you need to disable
-   Audit mode when you apply the the policy. Edit the `SystemCIPolicy.xml` file using text editor
+   Audit mode when you apply the policy. Edit the `SystemCIPolicy.xml` file using a text editor
    like `notepad.exe` or Visual Studio Code (VS Code). Comment out the `Audit mode` option.
 
    ```XML
@@ -115,7 +115,7 @@ For testing, you just need to create a default policy and a self signed code sig
 PowerShell 7.4 added a new feature to support WDAC policies in **Audit** mode. In audit mode,
 PowerShell runs the untrusted scripts in `ConstrainedLanguage` mode without errors, but logs
 messages to the event log instead. The log messages describe what restrictions would apply if the
-policy was in **Enforce** mode.
+policy were in **Enforce** mode.
 
 ### Viewing audit events
 

reference/docs-conceptual/security/app-control/how-wdac-works.md

@@ -44,21 +44,21 @@ PowerShell can run in both interactive and non-interactive modes.
 
 - In interactive mode, PowerShell is a command-line application that takes users command-line input
   as commands or scripts to run. Results are displayed back to the user.
-- In non-interactive mode, PowerShell is used to load modules and run script files without user
-  input. Result data streams are either ignored or redirected to file.
+- In non-interactive mode, PowerShell loads modules and runs script files without user
+  input. Result data streams are either ignored or redirected to a file.
 
 ### Interactive mode running under policy enforcement
 
 PowerShell runs commands in `ConstrainedLanguage` mode. This mode prevents interactive users from
 running certain commands or executing arbitrary code. For more information about the restrictions in
-this mode, see the [PowerShell restrictions under lockdown policy][02] of this article.
+this mode, see the [PowerShell restrictions under lockdown policy][02] section of this article.
 
 ### Noninteractive mode running under policy enforcement
 
 When PowerShell runs a script or loads a module, it uses the WDAC API to get the policy enforcement
 for the file.
 
-PowerShell version 7.3 or higher uses the `WldpCanExecuteFile` API if available. This API return one
+PowerShell version 7.3 or higher uses the `WldpCanExecuteFile` API if available. This API returns one
 of the following results:
 
 - `WLDP_CAN_EXECUTE_ALLOWED`: The file is approved by policy and is used in `FullLanguage` mode
@@ -85,19 +85,18 @@ lockdown policy enforces the following restrictions:
 
 - Module dot-sourcing with wildcard function export restriction
 
-  Any module that uses script dot-sourcing and also exports functions using wildcard names results
+  Any module that uses script dot-sourcing and exports functions using wildcard names results
   in an error. Blocking wildcard exports prevents script injection from a malicious user who can
-  plant an untrusted script that gets dot-sourced into a trusted module. The malicious script could
-  get access to private functions of the trusted module.
+  plant an untrusted script that gets dot-sourced into a trusted module. The malicious script could then gain access to the trusted module's private functions.
 
-  **Security recommendation:** Never use script dot-sourcing in a module and to always export module
+  **Security recommendation:** Never use script dot-sourcing in a module and always export module
   functions with explicit names (no wildcard characters).
 
 - Nested module with wildcard function export restriction
 
-  If a parent module exports functions using function name wildcard characters, then PowerShell
-  removes any function name in a nested module from the function export list. Block wildcard exports
-  from nested modules prevents accidental exporting of dangerous nested functions through wildcards
+  If a parent module exports functions using function name wildcard characters, PowerShell
+  removes any function name in a nested module from the function export list. Blocking wildcard exports
+  from nested modules prevents accidental exporting of dangerous nested functions through wildcard
   name matching.
 
   **Security recommendation:** Always export module functions with explicit names (no wildcard
@@ -135,7 +134,7 @@ command, PowerShell either blocks the command from running (new behavior) or run
 
 - `Add-Type` cmdlet disallowed
 
-  Blocking `Add-Type` prevents the execution arbitrary .NET code.
+  Blocking `Add-Type` prevents the execution of arbitrary .NET code.
 
 - `Import-LocalizedData` cmdlet restricted
 
@@ -224,7 +223,7 @@ command, PowerShell either blocks the command from running (new behavior) or run
 
 - Type method invocation not allowed
 
-  `ConstrainedLanguage` mode doesn't allow method invocation on unapproved types. Blocking method on
+  `ConstrainedLanguage` mode doesn't allow method invocation on unapproved types. Blocking methods on
   unapproved types prevents invocation of .NET type methods that might be dangerous or allow code
   injection.
 

reference/docs-conceptual/security/security-features.md

@@ -48,7 +48,7 @@ For more information, see the following articles:
 
 ## AMSI Support
 
-The Windows Antimalware Scan Interface (AMSI) is an API that allows application to pass actions to
+The Windows Antimalware Scan Interface (AMSI) is an API that allows applications to pass actions to
 an antimalware scanner, such as Windows Defender, to scan for malicious payloads. Beginning
 with PowerShell 5.1, PowerShell running on Windows 10 (and higher) passes all script blocks to AMSI.
 
@@ -59,7 +59,7 @@ For more information about AMSI, see [How AMSI helps][09].
 
 ## Constrained language mode
 
-**ConstrainedLanguage** mode protects your system by limiting the cmdlets and .NET types that are
+**ConstrainedLanguage** mode protects your system by limiting the cmdlets and .NET types
 allowed in a PowerShell session. For a full description, see [about_Language_Modes][04].
 
 ## Application Control
@@ -79,7 +79,7 @@ For more information about how PowerShell supports AppLocker and WDAC, see
 ## Software Bill of Materials (SBOM)
 
 Beginning with PowerShell 7.2, all install packages contain a Software Bill of Materials (SBOM). The
-PowerShell team is also producing SBOMs for modules that they own but ship independently from
+PowerShell team also produces SBOMs for modules that they own but ship independently from
 PowerShell.
 
 You can find SBOM files in the following locations:
@@ -88,7 +88,7 @@ You can find SBOM files in the following locations:
 - For modules, find the SBOM in the module's folder under `_manifest/spdx_2.2/manifest.spdx.json`.
 
 The creation and publishing of the SBOM is the first step to modernize Federal Government
-cybersecurity and enhance software supply chain security.For more information about this initiative,
+cybersecurity and enhance software supply chain security. For more information about this initiative,
 see the blog post [Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft][11].
 
 ## Security Servicing Criteria