Corrections to code blocks: indentation, content types

windows/security/application-security/application-control/app-control-for-business/operations/citool-commands.md

@@ -42,17 +42,17 @@ CiTool makes App Control for Business policy management easier for IT admins. Yo
 
 ### List policies (`--list-policies`)
 
-```output
-    Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
-    Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
-    Friendly Name: Microsoft Windows Driver Policy
-    Version: 2814751463178240
-    Platform Policy: true
-    Policy is Signed: true
-    Has File on Disk: false
-    Is Currently Enforced: true
-    Is Authorized: true
-    Status: 0
+```console
+Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
+Base Policy ID: d2bda982-ccf6-4344-ac5b-0b44427b6816
+Friendly Name: Microsoft Windows Driver Policy
+Version: 2814751463178240
+Platform Policy: true
+Policy is Signed: true
+Has File on Disk: false
+Is Currently Enforced: true
+Is Authorized: true
+Status: 0
 ```
 
 | Attribute | Description | Example value |

windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md

@@ -76,13 +76,13 @@ MSI installer files are always detected as user writeable on Windows 10, and on
 Installing .msi files directly from the internet to a computer protected by App Control fails.
 For example, this command fails:
 
-```console
+```cmd
 msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
 ```
 
 As a workaround, download the MSI file and run it locally:
 
-```console
+```cmd
 msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi
 ```
 

windows/security/application-security/application-control/app-control-for-business/operations/querying-application-control-events-centrally-using-advanced-hunting.md

@@ -8,7 +8,7 @@ ms.topic: troubleshooting
 
 # Querying App Control events centrally using Advanced hunting
 
-an App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode.
+An App Control for Business policy logs events locally in Windows Event Viewer in either enforced or audit mode.
 While Event Viewer helps to see the impact on a single system, IT Pros want to gauge it across many systems.
 
 In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view App Control events centrally from all connected systems.
@@ -47,7 +47,7 @@ Query Example 1: Query the App Control action types summarized by type for past
 
 Here's a simple example query that shows all the App Control for Business events generated in the last seven days from machines being monitored by Microsoft Defender for Endpoint:
 
-```
+```kusto
 DeviceEvents
 | where Timestamp > ago(7d) and
 ActionType startswith "AppControl"
@@ -64,7 +64,7 @@ The query results can be used for several important functions related to managin
 
 Query Example #2: Query to determine audit blocks in the past seven days
 
-```
+```kusto
 DeviceEvents
 | where ActionType startswith "AppControlExecutableAudited"
 | where Timestamp > ago(7d)