diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
index acb9b5e5e1..072119d7ce 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@@ -43,9 +43,12 @@ Here's a list of requiremets to enable RDP sign-in with Windows Hello for Busine
 > * A PKI infrastructure based on AD CS or third-party
 > * Windows Hello for Business deployed to the clients
 > * If you plan to support Microsoft Entra joined devices, the domain controllers must have a certificate, which serves as a *root of trust* for the clients. The certificate ensures that clients don't communicate with rogue domain controllers
-> * If you plan to deploy certificates using Microsoft Intune:
-    > * Ensure you have the required infrastructure to support either [SCEP][MEM-1] or [PKCS][MEM-2] deployments
-    > * Deploy the root CA certificate (and any other intermediate certificate authority certificates) to Microsoft Entra joined Devices using a *Trusted root certificate* policy with Intune. For guidance, refer to [Create trusted certificate profiles in Microsoft Intune][MEM-5]
+
+If you plan to deploy certificates using Microsoft Intune, here are additional requiremets:
+
+> [!div class="checklist"]
+> * Ensure you have the infrastructure to support either [SCEP][MEM-1] or [PKCS][MEM-2] deployment
+> * Deploy the root CA certificate and any other intermediate certificate authority certificates to Microsoft Entra joined Devices using a [Trusted root certificate policy][MEM-5]
 
 ## Create a Windows Hello for Business certificate template