Note addition to the Countermeasure section

As requested in issue ticket #9523 (**Please add a note**), the aim of this PR 
is to add a note to the Countermeasure section of the document article
"Deny access to this computer from the network".

Thanks to Daniele Bona (dbona75) for the request.

Proposed change:
- Add a Note blob explaining the required Network Logon rights to the domain controllers.

Codestyle & whitespace changes:
- Remove any redundant end-of-line (EOL) blanks.

Closes #9523

windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md

@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 05/19/2021
 ms.technology: mde
 ---
 
@@ -100,6 +100,10 @@ Assign the **Deny access to this computer from the network** user right to the f
 
 An important exception to this list is any service accounts that are used to start services that must connect to the device over the network. For example, let’s say you have configured a shared folder for web servers to access, and you present content within that folder through a website. You may need to allow the account that runs IIS to log on to the server with the shared folder from the network. This user right is particularly effective when you must configure servers and workstations on which sensitive information is handled because of regulatory compliance concerns.
 
+> [!NOTE]
+> If the service account is configured in the logon properties of a Windows Service,
+> it requires Network Logon rights to the domain controllers to start properly.
+
 ### Potential impact
 
 If you configure the **Deny access to this computer from the network** user right for other accounts, you could limit the abilities of users who are assigned to specific administrative roles in your environment. You should verify that delegated tasks are not negatively affected.