diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
index 26a3b3fd6a..e0c8044cf1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
@@ -29,7 +29,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 ## Microsoft Windows CodeIntegrity Operational log event IDs
 
 | Event ID | Explanation |
-|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 3076 | Audit executable/dll file |
 | 3077 | Block executable/dll file |
 | 3089 | Signing information event correlated with either a 3076 or 3077 event. One 3089 event is generated for each signature of a file. Contains the total number of signatures on a file and an index as to which signature it is. Unsigned files will generate a single 3089 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". |
@@ -38,7 +38,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 ## Microsoft Windows Applocker MSI and Script log event IDs
 
 | Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 8028 | Audit script/MSI file generated by Windows LockDown Policy (WLDP) being called by the scripthosts themselves. Note: there is no WDAC enforcement on 3rd party scripthosts. |
 | 8029 | Block script/MSI file |
 | 8038 | Signing information event correlated with either a 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files will generate a single 8038 event with TotalSignatureCount 0. Correlated in the "System" portion of the event data under "Correlation ActivityID". | |
@@ -48,7 +48,7 @@ A Windows Defender Application Control (WDAC) policy logs events locally in Wind
 If either the ISG or MI is enabled in a WDAC policy, you can optionally choose to enable 3090, 3091, and 3092 events to provide additional diagnostic information.
 
 | Event ID | Explanation |
-|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | 3090 | Allow executable/dll file |
 | 3091 | Audit executable/dll file |
 | 3092 | Block executable/dll file |
@@ -60,7 +60,7 @@ If either the ISG or MI is enabled in a WDAC policy, you can optionally choose t
 Below are the fields which help to diagnose what a 3090, 3091, or 3092 event indicates.
 
 | Name | Explanation |
-|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|---|----------|
 | StatusCode | STATUS_SUCCESS indicates a binary passed the active WDAC policies. If so, a 3090 event is generated. If not, a 3091 event is generated if the blocking policy is in audit mode, and a 3092 event is generated if the policy is in enforce mode. |
 | ManagedInstallerEnabled | Policy trusts a MI |
 | PassesManagedInstaller | File originated from a trusted MI |