Standardize 'applies to' section

windows/security/threat-protection/windows-defender-application-control/TOC.md

@@ -1,6 +1,6 @@
 # [Application Control for Windows](windows-defender-application-control.md)
 ## [WDAC and AppLocker Overview](plan-windows-defender-application-control-management.md)
-## [WDAC and AppLocker Feature Availability](understand-windows-defender-application-control-policy-design-decisions.md)
+### [WDAC and AppLocker Feature Availability](understand-windows-defender-application-control-policy-design-decisions.md)
 
 
 ## [WDAC design guide](windows-defender-application-control-design-guide.md)

windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md

@@ -69,6 +69,7 @@ Add-SignerRule -FilePath <string> -CertificatePath <string> [-Kernel] [-User] [-
 ### Supplemental policy creation
 
 In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format as shown above. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands. You can use either SupplementsBasePolicyID or BasePolicyToSupplementPath to specify the base policy.
+
 - "SupplementsBasePolicyID": GUID of base policy that the supplemental policy applies to
 - "BasePolicyToSupplementPath": path to base policy file that the supplemental policy applies to
 

windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md

@@ -20,9 +20,10 @@ ms.date: 11/15/2019
 
 # Windows Defender Application Control example base policies
 
-**Applies to**
+**Applies to:**
--   Windows 10
+
--   Windows Server 2016 and above
+- Windows 10
+- Windows Server 2016 and above
 
 When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start from an existing base policy and then add or remove rules to build your own custom policy XML files. Windows includes several example policies which can be used, or organizations which use the Device Guard Signing Service can download a starter policy from that service.
 

windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md

@@ -19,10 +19,10 @@ ms.date: 04/09/2019
 
 # Microsoft recommended block rules
 
-**Applies to**
+**Applies to:**
--   Windows 10
+
--   Windows Server 2016
+- Windows 10
--   Windows Server 2019
+- Windows Server 2016 and above
 
 Members of the security community<sup>\*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. 
 

windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md

@@ -24,7 +24,6 @@ ms.date: 06/13/2018
 - Windows 10
 - Windows Server 2016 and above
 
-
 Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC).
 This is especially true for enterprises with large, ever changing software catalogs.
 
@@ -144,6 +143,7 @@ An example of the managed installer option being set in policy is shown below.
     </Rule>  
   </Rules>  
 ```
+
 ## Set the AppLocker filter driver to autostart
 
 To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it. 
@@ -155,7 +155,6 @@ appidtel.exe start [-mionly]
 
 Specify `-mionly` if you will not use the Intelligent Security Graph (ISG).
 
-
 ## Security considerations with managed installer
 
 Since managed installer is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do.