formatting changes

windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md

@@ -77,11 +77,11 @@ Having defined the "circle-of-trust", Alice is ready to generate the initial pol
 
 Alice follows these steps to complete this task:
 
-> [!NOTE]
-> `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed (step 3). For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control)
-
 1. On a client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
 
+    > [!NOTE]
+    > If you prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md), substitute the example policy path with your preferred base policy in this step.
+
     ```powershell
     $PolicyPath = $env:userprofile+"\Desktop\"
     $PolicyName= "Lamna_LightlyManagedClients_Audit"
@@ -89,16 +89,16 @@ Alice follows these steps to complete this task:
     $ExamplePolicy=$env:windir+"\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml"
     ```
 
-    > [!NOTE]
-    > If you prefer to use a different [example Windows Defender Application Control base policy](example-wdac-base-policies.md), substitute the example policy path with your preferred base policy in this step.
-
 1. Copy the example policy to the desktop:
 
     ```powershell
     Copy-Item $ExamplePolicy $LamnaPolicy
     ```
 
-1. Modify the policy to remove **Enabled:Conditional Windows Lockdown Policy** rule, which is unsupported for enterprise WDAC policies:
+1. Modify the policy to remove unsupported rule:
+
+    > [!NOTE]
+    > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step.
 
     ```powershell
     [xml]$xml = Get-Content $LamnaPolicy
@@ -109,9 +109,6 @@ Alice follows these steps to complete this task:
     $xml.Save($LamnaPolicy)
     ```
 
-    > [!NOTE]
-    > If you are using an example policy other than `SmartAppControl.xml`, skip this step.
-
 1. Give the new policy a unique ID, descriptive name, and initial version number:
 
     ```powershell
@@ -121,15 +118,15 @@ Alice follows these steps to complete this task:
 
 1. [Use Configuration Manager to create and deploy an audit policy](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to the client device running Windows 10 version 1903 and above, or Windows 11. Merge the Configuration Manager policy with the example policy.
 
+    > [!NOTE]
+    > If you do not use Configuration Manager, skip this step.
+
     ```powershell
     $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
     Merge-CIPolicy -OutputFilePath $LamnaPolicy -PolicyPaths $LamnaPolicy,$MEMCMPolicy
     Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
     ```
 
-    > [!NOTE]
-    > If you do not use Configuration Manager, skip this step.
-
 1. Modify the policy to set additional policy rules:
 
     ```powershell

windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md

@@ -50,7 +50,7 @@ Windows 10 and Windows 11 include two technologies that can be used for applicat
 
 Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** rule which isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
 
-Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control will automatically turn off for enterprise managed devices unless the user has turned it on first. To turn Smart App Control on or off across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy` to one of the values listed below. After you change the registry value, you must either restart the device or run [RefreshPolicy.exe](https://www.microsoft.com/download/details.aspx?id=102925) for the change to take effect.
+Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control will automatically turn off for enterprise managed devices unless the user has turned it on first. To turn Smart App Control on or off across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` to one of the values listed below. After you change the registry value, you must either restart the device or run [RefreshPolicy.exe](https://www.microsoft.com/download/details.aspx?id=102925) for the change to take effect.
 
 | Value | Description |
 |-------|-------------|