Additional changes required

windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md

@@ -84,24 +84,19 @@ Before you can remotely reset PINs, you must register two applications in your A
 #### Connect Azure Active Directory with the PIN Reset Service
 
 1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-
 1. After you have logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization.
-
    ![PIN reset service application in Azure.](images/pinreset/pin-reset-service-prompt.png)
 
 #### Connect Azure Active Directory with the PIN Reset Client
 
 1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-
 1. After you have logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization.
-
    ![PIN reset client application in Azure.](images/pinreset/pin-reset-client-prompt.png)
 
 #### Confirm that the two PIN Reset service principals are registered in your tenant
 1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com)
 1. Select **Azure Active Directory** > **Applications** > **Enterprise applications**
 1. Search by application name "Microsoft PIN" and both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** will show up in the list
-
    :::image type="content" alt-text="PIN reset service permissions page." source="images/pinreset/pin-reset-applications.png" lightbox="images/pinreset/pin-reset-applications-expanded.png":::
 
 ### Enable PIN Recovery on your devices
@@ -197,7 +192,7 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
 1. Select **Devices** > **Configuration profiles** > **Create profile**
-1. 1. Enter the following properties:
+1. Enter the following properties:
     - **Platform**: Select **Windows 10 and later**
     - **Profile type**: Select **Templates**
     - In the list of templates that is loaded, select **Custom** > **Create**
@@ -205,16 +200,16 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
     - **Name**: Enter a descriptive name for the profile
     - **Description**: Enter a description for the profile. This setting is optional, but recommended
 1. Select **Next**
-1. In **Configuration settings**, select **Add**. Provide the following information for the custom settings:
-    - **Name**: Web Sign In Allowed URLs
-    - **Description**: (Optional) List of domains that are allowed during PIN reset flows.
-    - **OMA-URI**: ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls
-    - **Data type**: String
-    - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be _signin.contoso.com;portal.contoso.com_ (without quotation marks)
+1. In **Configuration settings**, select **Add** and enter the following settings:
+    - Name: **Web Sign In Allowed URLs**
+    - Description: **(Optional) List of domains that are allowed during PIN reset flows**
+    - OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`
+    - Data type: **String**
+    - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com** (without quotation marks)
     :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist-expanded.png":::
 1. Select **Save** > **Next**
 1. In **Assignments**, select the security groups that will receive the policy
-1. 1. Select **Next**
+1. Select **Next**
 1. In **Applicability Rules**, select **Next**
 1. In **Review + create**, review your settings and select **Create**