fix formatting

windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md

@@ -46,7 +46,6 @@ You need to add an application in your Azure Active Directory (AAD) tenant then
 13. Select **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.
 
 14. Open a web browser and connect to the following URL: `https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234`. An Azure login page appears.
-
 > [!NOTE]
 > - Replace *tenant ID* with your actual tenant ID.
 > - Keep the client secret as is. This is a dummy value, but the parameter must appear.

windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md

@@ -54,9 +54,7 @@ Events URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
 Authentication Type | OAuth 2
 OAuth 2 Client Properties File | Select *wdatp-connector.properties*.
 Refresh Token | Paste the refresh token that your Windows Defender ATP contact provided, or you the one you get after running the `restutil` tool.
-
 All other values in the form are optional and can be left blank.
-
 6. Select **Next**, then **Save**.
 
 7. Run the connector. You can choose to run in service mode or application mode. RONEN - Should this be Service mode or Application mode (capitalized S and capitalized A?)

windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md

@@ -40,25 +40,24 @@ You'll need to configure Splunk so that it can consume Windows Defender ATP aler
 
 4. Select **New**.
 
-5. In the form fill in the following required fields with these values:
+5. In the form fill in the following required fields with the following values, then click **Save**:
+> [!NOTE]
+>All other values in the form are optional and can be left blank.
 
-Field | Value
-:---|:---
-Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
-HTTP Method | GET
-Authentication Type | oauth2
-OAuth 2 Token Refresh URL | Value taken from AAD application
-OAuth 2 Client ID |  Value taken from AAD application
-OAuth 2 Client Secret | Value taken from AAD application
-Response type | json
-Response Handler | JSONArrayHandler
-Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
-Set sourcetype | From list
-Source type | \_json
 
-All other values in the form are optional and can be left blank.
+  Field | Value
-
+  :---|:---
-6. Select **Save**.
+  Endpoint URL | `https://DataAccess-PRD.trafficmanager.net:444/api/alerts`
+  HTTP Method | GET
+  Authentication Type | oauth2
+  OAuth 2 Token Refresh URL | Value taken from AAD application
+  OAuth 2 Client ID |  Value taken from AAD application
+  OAuth 2 Client Secret | Value taken from AAD application
+  Response type | json
+  Response Handler | JSONArrayHandler
+  Polling Interval | Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.
+  Set sourcetype | From list
+  Source type | \_json
 
 After completing these configuration steps, you can go to the Splunk dashboard and run queries.