diff --git a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
index d5234e9dd3..aff2ad1cd4 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
@@ -47,17 +47,17 @@ The Network Unlock process follows these phases:
 
 :::row:::
   :::column span="2":::
-1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration
-1. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address
-1. The client computer broadcasts a vendor-specific DHCP request that contains:
-    1. A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server
-    1. An AES-256 session key for the reply
-1. The Network Unlock provider on the WDS server recognizes the vendor-specific request
-1. The provider decrypts the request by using the WDS server's BitLocker Network Unlock certificate RSA private key
-1. The WDS provider returns the network key encrypted with the session key by using its own vendor-specific DHCP reply to the client computer. This key is an intermediate key
-1. The returned intermediate key is combined with another local 256-bit intermediate key. This key can be decrypted only by the TPM
-1. This combined key is used to create an AES-256 key that unlocks the volume
-1. Windows continues the boot sequence
+    1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration
+    1. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address
+    1. The client computer broadcasts a vendor-specific DHCP request that contains:
+        - A network key (a 256-bit intermediate key) that is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server
+        - An AES-256 session key for the reply
+    1. The Network Unlock provider on the WDS server recognizes the vendor-specific request
+    1. The provider decrypts the request by using the WDS server's BitLocker Network Unlock certificate RSA private key
+    1. The WDS provider returns the network key encrypted with the session key by using its own vendor-specific DHCP reply to the client computer. This key is an intermediate key
+    1. The returned intermediate key is combined with another local 256-bit intermediate key. This key can be decrypted only by the TPM
+    1. This combined key is used to create an AES-256 key that unlocks the volume
+    1. Windows continues the boot sequence
   :::column-end:::
   :::column span="2":::
     :::image type="content" source="images/network-unlock-diagram.png" alt-text="Diagram of the Network Unlock sequence." lightbox="images/network-unlock-diagram.png" border="false":::