Merge pull request #5378 from MicrosoftDocs/dh-windows-pr-repo-health

Dh windows pr repo health

windows/security/identity-protection/credential-guard/credential-guard-manage.md

@@ -63,7 +63,7 @@ To enforce processing of the group policy, you can run ```gpupdate /force```.
     > It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
 
 > [!TIP]
-> You can also configure Credential Guard by using an account protection profile in endpoint security. See [Account protection policy settings for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-account-protection-profile-settings).
+> You can also configure Credential Guard by using an account protection profile in endpoint security. See [Account protection policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
 
 ### Enable Windows Defender Credential Guard by using the registry
 

windows/security/identity-protection/hello-for-business/hello-deployment-issues.md

@@ -76,12 +76,13 @@ Applies to:
 Windows Hello for Business uses smart card based authentication for many operations. Smart card has special guidelines when using a third-party CA for certificate issuance, some of which apply to the domain controllers. Not all Windows Hello for Business deployment types require these configurations. Accessing on-premises resources from an Azure AD Joined device does require special configuration when using a third-party CA to issue domain controller certificates.
 
 For more information, read [Guidelines for enabling smart card logon with third-party certification authorities](
-https://docs.microsoft.com/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities).
+/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities).
 
 ### Identifying On-premises Resource Access Issues with Third-Party CAs
 
 This issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client will fail to place a TGS_REQ request when a user attempts to access a resource. On the client, this can be observed in the Kerberos operation event log under **Application and Services/Microsoft/Windows/Security-Kerberos/Operational**. These logs are default disabled. The failure event for this case will include the following information:
 
+```console
 Log Name:      Microsoft-Windows-Kerberos/Operational
 Source:        Microsoft-Windows-Security-Kerberos
 Event ID:      107
@@ -93,9 +94,9 @@ This issue can be identified using network traces or Kerberos logging from the c
 Description:
 
 The Kerberos client received a KDC certificate that does not have a matched domain name.
-    
 Expected Domain Name: ad.contoso.com
 Error Code: 0xC000006D
+ ```
 
 ### Resolving On-premises Resource Access Issue with Third-Party CAs
 
@@ -144,6 +145,7 @@ AD FS running on Windows Server 2019 fails to complete device authentication pro
 
 The provisioning experience for Windows Hello for Business will launch if a set of prerequisite checks done by the client are successful. The result of the provisioningAdmin checks is available in event logs under Microsoft-Windows-User Device Registration. If provisioning is blocked because device authentication has not successfully occurred, there will be an event ID 362 in the logs that states that *User has successfully authenticated to the enterprise STS: No*.
 
+```console
 Log Name:      Microsoft-Windows-User Device Registration/Admin
 Source:        Microsoft-Windows-User Device Registration
 Date:          <Date and time>
@@ -167,11 +169,13 @@ The provisioning experience for Windows Hello for Business will launch if a set
 User has successfully authenticated to the enterprise STS: No
 Certificate enrollment method: enrollment authority
 See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
+```
 
 If a device has recently been joined to a domain, then there may be a delay before the device authentication occurs. If the failing state of this prerequisite check persists, then it can indicate an issue with the AD FS configuration.
 
 If this AD FS scope issue is present, event logs on the AD FS server will indicate an authentication failure from the client. This error will be logged in event logs under AD FS/Admin as event ID 1021 and the event will specify that the client is forbidden access to resource 'http<span>://schemas.microsoft.com/ws/2009/12/identityserver/selfscope</span>' with scope 'ugs':
 
+```console
 Log Name:      AD FS/Admin
 Source:        AD FS
 Date:          <Date and time>
@@ -188,6 +192,7 @@ If this AD FS scope issue is present, event logs on the AD FS server will indica
 Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthUnauthorizedClientException: MSIS9368: Received invalid OAuth request. The client '38aa3b87-a06d-4817-b275-7a316988d93b' is forbidden to access the resource 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' with scope 'ugs'.
        at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthProtocolContext.ValidateScopes(String scopeParameter, String clientId, String relyingPartyId)
        at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()
+```
 
 ### Resolving Certificate Trust with AD FS 2019 Enrollment Issue
 

windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md

@@ -26,9 +26,8 @@ This article depicts the BitLocker deployment comparison chart.
 
 ## BitLocker deployment comparison chart
 
-|  |Microsoft Intune  |Microsoft Endpoint Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
+| Requirements |Microsoft Intune  |Microsoft Endpoint Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
 |---------|---------|---------|---------|
-|**Requirements**||||
 |Minimum client operating system version     |Windows 10     | Windows 10 and Windows 8.1  | Windows 7 and later        |
 |Supported Windows 10 SKUs     |    Enterprise, Pro, Education     |    Enterprise, Pro, Education     |     Enterprise    |
 |Minimum Windows 10 version     |1909   |    None     |    None     |