From 2426c06108ec57f3e49c53d3bef908fa7775ab5f Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 25 Jul 2022 11:50:35 -0400
Subject: [PATCH] Fixed markup based on 9924

---
 .../hello-hybrid-key-whfb-settings-pki.md              | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index a43a8e5673..6606eca9ed 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -79,11 +79,11 @@ The certificate template is configured to supersede all the certificate template
 
 > [!NOTE]
 > The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail.
->you can view
+>To see all certificates in the NTAuth store, use the following command:
 >
->'''powershell
->Certutil -view
->Publish Certificate Templates to a Certificate Authority
+> `Certutil -viewstore -enterprise NTAuth`
+
+### Publish Certificate Templates to a Certificate Authority
 
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
@@ -95,7 +95,7 @@ Sign-in to the certificate authority or management workstations with an _enterpr
 4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
 5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)** template you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
 6. If you published the **Domain Controller Authentication (Kerberos)** certificate template, then you should unpublish the certificate templates you included in the superseded templates list.
-    * To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation.
+    - To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation.
 7. Close the console.
 
 ### Unpublish Superseded Certificate Templates