diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 0e1190ada9..ff9bf8c522 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -437,7 +437,7 @@ Sign-in to the certificate authority or management workstations with an *Enterpr
 
    ![NDES Confirmation.](images/aadjcert/ndesconfig05.png)
 
-1. Select **Close** after the configuration completes.
+1. Select **Close** after the configuration completes
 
 #### Configure Certificate Templates on NDES
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 8db996de37..39aab4b17e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -217,6 +217,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 1. In the navigation pane, expand **Personal**. Select **Certificates**. In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**
 1. Select the **Details** tab. Scroll down the list until **CRL Distribution Points** is visible in the **Field** column of the list. Select **CRL Distribution Point**
 1. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate. Select **OK**
+
     ![New Certificate with updated CDP.](images/aadj/dc-cert-with-new-cdp.png)
 
 ## Deploy the root CA certificate to Microsoft Entra joined devices