diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index db25071667..1f7820db7b 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1055,6 +1055,7 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in
| | Notify the students and faculty about the deployment. |
+
### Perform the deployment
Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index bccfcac237..61c8be02a4 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -428,7 +428,7 @@ The body of the deployment configuration file includes two sections:
```
-User Configuration: see [Dynamic User Configuration](appv-dynamic-configuration.md#dynamic-user-configuration) for more information about this section.
+User Configuration: see [Dynamic User Configuration](#dynamic-user-configuration-file) for more information about this section.
Machine Configuration: The Machine Configuration section of the Deployment Configuration File configures information that can only be set for an entire machine, not a specific user on the computer, like the HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. This element can have the following four subsections.
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 7540be3f00..b44da942dd 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -43,7 +43,7 @@ Defines restrictions for applications.
Additional information:
- [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
-- [Whitelist example](#whitelist-example) - example for Windows 10 Mobile that denies all apps except the ones listed.
+- [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.
**EnterpriseDataProtection**
Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in **./Device/Vendor/MSFT/EnterpriseDataProtection** in [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md).
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index 52f529971f..2f914399ba 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1078,7 +1078,7 @@ Specifies the properties of the publisher details.
architectures |
-collection of ProductArchitecture |
+collection of ProductArchitectures |
diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
index 262c5c270b..81b663c8f4 100644
--- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md
+++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md
@@ -41,7 +41,7 @@ Supported operations are Add, Delete, Get and Replace.
The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
-> [!IMPORTANT]
+> [!IMPORTANT]
> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
@@ -518,7 +518,7 @@ Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, ti
The following sample file contains configuration for enabling tile manipulation.
-> [!NOTE
+> [!NOTE]
> Tile manipulation is disabled when you don’t have a `` node in lockdown XML, or if you have a `` node but don’t have the `` node.
``` syntax
@@ -1665,16 +1665,4 @@ The following table lists the product ID and AUMID for each app that is included
Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp |
-
-
-
-
-
-
-
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index f2adf6237a..afa621b450 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -44,7 +44,7 @@ When a product key is pushed from an MDM server to a user's device, **changepk.e
After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
-> [!IMPORTANT]
+> [!IMPORTANT]
> If another policy requires a system reboot that occurs when **changepk.exe** is running, the edition upgrade will fail.
@@ -55,7 +55,7 @@ After the device restarts, the edition upgrade process completes. The user will
This node can also be used to activate or change a product key on a particular edition of Windows 10 desktop device by entering a product key. Activation or changing a product key does not require a reboot and is a silent process for the user.
-> [!IMPORTANT]
+> [!IMPORTANT]
> The product key entered must be 29 characters (that is, it should include dashes), otherwise the activation, edition upgrade, or product key change on Windows 10 desktop devices will fail. The product key is acquired from Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
@@ -106,7 +106,7 @@ The date type is XML.
The supported operation is Execute.
-> [!IMPORTANT]
+> [!IMPORTANT]
> The XML license file contents must be properly escaped (that is, it should not simply be a copied XML), otherwise the edition upgrade on Windows 10 mobile devices will fail. For more information on proper escaping of the XML license file, see Section 2.4 of the [W3C XML spec](http://www.w3.org/TR/xml/) . The XML license file is acquired from the Microsoft Volume Licensing Service Center. Your organization must have a Volume Licensing contract with Microsoft to access the portal.
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index ec6ba68c0d..cf26bea3e6 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -23,7 +23,7 @@ This topic describes how to install the Volume Activation Management Tool (VAMT)
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
->[!IMPORTANT]
+>[!IMPORTANT]
>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator.
>[!NOTE]
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
index 26fd5e8431..144180cd40 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
@@ -39,7 +39,7 @@ For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-sett
The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information; however, BitLocker does not automatically manage this process. The manage-bde command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the C: drive to AD DS, you would use the following command from an elevated command prompt: **manage-bde -protectors -adbackup C:**.
-> [!IMPORTANT]
+> [!IMPORTANT]
> Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
## Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
index 349af8295f..fa1f49ee5d 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md
@@ -58,7 +58,7 @@ For older hardware, where a PIN may be needed, it’s recommended to enable [enh
BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
-> [!IMPORTANT]
+> [!IMPORTANT]
> Store the recovery information in AD DS, along with your Microsoft Account, or another safe location.
## Can the USB flash drive that is used as the startup key also be used to store the recovery key?
diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
index 8b29741543..f981d9c12a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md
@@ -176,6 +176,7 @@ Event ID | Message | Resolution steps
There are additional components on the machine that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
+
### Ensure the diagnostic data service is enabled
If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the machine. The service might have been disabled by other programs or user configuration changes.
diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
index 51660a31fe..3f70c13716 100644
--- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
@@ -81,7 +81,7 @@ The following procedure describes how to configure a security policy setting for
4. Modify the security policy setting, and then click **OK**.
-> [!IMPORTANT]
+> [!IMPORTANT]
> - Always test a newly created policy in a test organizational unit before you apply it to your network.
> - When you change a security setting through a GPO and click **OK**, that setting will take effect the next time you refresh the settings.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index 6f9408675c..3c8c01c7e8 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -135,7 +135,7 @@ Block at first sight is automatically enabled as long as **Cloud-based protectio
### Validate block at first sight is working
-You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-windows-defender-antivirus.md#validate).
+You can validate that the feature is working by following the steps outlined in [Validate connections between your network and the cloud](configure-network-connections-windows-defender-antivirus.md#validate-connections-between-your-network-and-the-cloud).
## Disable block at first sight