diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index a493995334..49c542d7ef 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -58,12 +58,12 @@ Follow these steps to create a certificate template:
| Tab Name | Configurations |
| --- | --- |
- | *Compatibility* | - Clear the **Show resulting changes** check box
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Authority list*
- Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Recipient list*
|
- | *General* | - Specify a Template display name, for example *WHfB Certificate Authentication*
- Set the validity period to the desired value
- Take note of the Template name for later, which should be the same as the Template display name minus spaces (*WHfBCertificateAuthentication* in this example)
|
+ | *Compatibility* | Clear the **Show resulting changes** check boxSelect **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Authority list*Select **Windows Server 2012 or Windows Server 2012 R2** from the *Certification Recipient list*|
+ | *General* | Specify a Template display name, for example *WHfB Certificate Authentication*Set the validity period to the desired valueTake note of the Template name for later, which should be the same as the Template display name minus spaces (*WHfBCertificateAuthentication* in this example)|
| *Extensions* | Verify the **Application Policies** extension includes **Smart Card Logon**|
- | *Subject Name* | - Select the **Build from this Active Directory** information button if it is not already selected
- Select **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selected
- Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**
|
- |*Request Handling*|- Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purpose
- Select the **Renew with same key** check box
- Select **Prompt the user during enrollment**
|
- |*Cryptography*|- Set the Provider Category to **Key Storage Provider**
- Set the Algorithm name to **RSA**
- Set the minimum key size to **2048**
- Select **Requests must use one of the following providers**
- Select **Microsoft Software Key Storage Provider**
- Set the Request hash to **SHA256**
|
+ | *Subject Name* | Select the **Build from this Active Directory** information button if it is not already selectedSelect **Fully distinguished name** from the **Subject name format** list if Fully distinguished name is not already selectedSelect the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**|
+ |*Request Handling*|Set the Purpose to **Signature and smartcard logon** and select **Yes** when prompted to change the certificate purposeSelect the **Renew with same key** check boxSelect **Prompt the user during enrollment**|
+ |*Cryptography*|Set the Provider Category to **Key Storage Provider**Set the Algorithm name to **RSA**Set the minimum key size to **2048**Select **Requests must use one of the following providers**Select **Microsoft Software Key Storage Provider**Set the Request hash to **SHA256**|
|*Security*|Add the security group that you want to give **Enroll** access to. For example, if you want to give access to all users, select the **Authenticated** users group, and then select Enroll permissions for them|
1. Select **OK** to finalize your changes and create the new template. Your new template should now appear in the list of Certificate Templates