diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
index b3a718ead0..e12b58d2c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
@@ -34,23 +34,24 @@ For information on other tables in the advanced hunting schema, see [the advance
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
-| `Timestamp` | datetime | Date and time when the event was recorded
-| `DeviceId` | string | Unique identifier for the machine in the service
-| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
-| `SHA1` | string | SHA-1 of the file that the recorded action was applied to
-| `IsSigned` | boolean | Indicates whether the file is signed
-| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
-| `Signer` | string | Information about the signer of the file
-| `SignerHash` | string | Unique hash value identifying the signer
-| `Issuer` | string | Information about the issuing certificate authority (CA)
-| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
-| `CrlDistributionPointUrls` | string |  URL of the network share that contains certificates and the certificate revocation list (CRL)
-| `CertificateCreationTime` | datetime | Date and time the certificate was created
-| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
-| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
-| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
-| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
-| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
+| `Timestamp` | datetime | Date and time when the event was recorded |
+| `DeviceId` | string | Unique identifier for the machine in the service |
+| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
+| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
+| `IsSigned` | boolean | Indicates whether the file is signed |
+| `SignatureType` | string | Indicates whether signature information was read as embedded | content in the file itself or read from an external catalog file |
+| `Signer` | string | Information about the signer of the file |
+| `SignerHash` | string | Unique hash value identifying the signer |
+| `Issuer` | string | Information about the issuing certificate authority (CA) |
+| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA) |
+| `CertificateSerialNumber` | string | Identifier for the certificate that is unique to the issuing certificate authority (CA) |
+| `CrlDistributionPointUrls` | string |  JSON array listing the URLs of network shares that contain certificates and certificate revocation lists (CRLs) |
+| `CertificateCreationTime` | datetime | Date and time the certificate was created |
+| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire |
+| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned |
+| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes |
+| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft |
+| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns. |
 
 
 ## Related topics