cleaning up note/important/tip/warning formatting for markdig engine conformance

2025-05-12 13:27:23 +00:00 · 2019-06-07 15:48:27 -07:00 · 2019-06-07 15:48:27 -07:00 · d495de72a5
commit d495de72a5
parent a9bbc179f0
100 changed files with 218 additions and 218 deletions
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@ -16,7 +16,7 @@ manager: dansimp
 AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
-> [!Note]  
+> [!NOTE]
 > The AccountManagement CSP is only supported in Windows Holographic for Business edition.
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -17,7 +17,7 @@ manager: dansimp
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
-> [!Note]  
+> [!NOTE]
 > Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.  
 > You must send all the settings together in a single SyncML to be effective.
@ -167,7 +167,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.</p>
@ -193,7 +193,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 - 6 = XTS-AES 128
 - 7 = XTS-AES 256
-> [!Note]  
+> [!NOTE]
 > When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.  
 <p style="margin-left: 20px">  If you want to disable this policy use the following SyncML:</p> 
@ -245,26 +245,26 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This setting is applied when you turn on BitLocker.</p>
-> [!Note]  
+> [!NOTE]
 > Only one of the additional authentication options can be required at startup, otherwise an error occurs.
 <p style="margin-left: 20px">If you want to use BitLocker on a computer without a TPM, set the &quot;ConfigureNonTPMStartupKeyUsage_Name&quot; data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.</p>
 <p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>
-> [!Note]  
+> [!NOTE]
 > In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
 <p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>
 <p style="margin-left: 20px">If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.</p>
-> [!Note]  
+> [!NOTE]
 > If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
 <p style="margin-left: 20px">Sample value for this node to enable this policy is:</p>
@ -342,12 +342,12 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>
-> [!Note]  
+> [!NOTE]
 > In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. 
 >
 >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
@ -411,7 +411,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.
@ -437,7 +437,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 -  'yy' = string of max length 900.
 -  'zz' = string of max length 500.
-> [!Note]  
+> [!NOTE]
 > When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
 <p style="margin-left: 20px">Disabling the policy will let the system choose the default behaviors.  If you want to disable this policy use the following SyncML:</p>
@ -457,7 +457,7 @@ The following diagram shows the BitLocker configuration service provider in tree
                         </Replace>
 ```
-> [!Note]  
+> [!NOTE]
 > Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
 <p style="margin-left: 20px">Data type is string. Supported operations are Add, Get, Replace, and Delete.</p>
@ -492,7 +492,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.</p>
@ -589,7 +589,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.</p>
@ -687,7 +687,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.</p>
@ -749,7 +749,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
 </ul>
-> [!Tip]  
+> [!TIP]
 > For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
 <p style="margin-left: 20px">This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.</p>
@ -795,7 +795,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.</p>
-> [!Important]  
+> [!IMPORTANT]
 > Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview).
 > [!Warning]
@ -855,7 +855,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <a href="" id="allowstandarduserencryption"></a>**AllowStandardUserEncryption**  
 Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
-> [!Note]  
+> [!NOTE]
 > This policy is only supported in Azure AD accounts.
 "AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy  being set to "0", i.e, silent encryption is enforced.
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@ -188,7 +188,7 @@ Value type is string. Supported operation is Get.
 <a href="" id="devicehardwaredata"></a>**Ext/DeviceHardwareData**  
 <p style="margin-left: 20px">Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
-> [!Note]  
+> [!NOTE]
 > This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
 <p style="margin-left: 20px">Supported operation is Get.
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@ -61,7 +61,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
    In this example you configure **Enable App-V Client** to **Enabled**.
-> [!Note]  
+> [!NOTE]
 > The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
 ``` syntax
@ -223,7 +223,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
      Here is the example for **AppVirtualization/PublishingAllowServer2**:
-> [!Note]  
+> [!NOTE]
 > The \<Data> payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
    ``` syntax
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -21,7 +21,7 @@ Requirements:
 - The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
 - The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-> [!Tip]  
+> [!TIP]
 > [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
 To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line.
@ -32,7 +32,7 @@ Here is a partial screenshot of the result:
 The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
-> [!Note]  
+> [!NOTE]
 > In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation. 
 When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure  Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@ -71,7 +71,7 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format.
 <a href="" id="settings-allowuserdecryption"></a>**Settings/AllowUserDecryption**  
 <p style="margin-left: 20px">Allows the user to decrypt files. If this is set to 0 (Not Allowed), then the user will not be able to remove protection from enterprise content through the operating system or the application user experiences.
-> [!Important]  
+> [!IMPORTANT]
 > Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
 <p style="margin-left: 20px">The following list shows the supported values:
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@ -16,7 +16,7 @@ ms.date: 12/05/2017
 The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-> [!Important]  
+> [!IMPORTANT]
 > Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@ -167,7 +167,7 @@ Supported operations are Get and Delete.
 <a href="" id="appmanagement-releasemanagement"></a>**AppManagement/AppStore/ReleaseManagement**  
 Added in Windows 10, version 1809. Interior node for the managing updates through the Microsoft Store. These settings allow the IT admin to specify update channels for apps that they want their users to use for receiving updates. It allows the IT admin to assign a specific release to a smaller group for testing before the large deployment to the rest of the organization.
-> [!Note]  
+> [!NOTE]
 > ReleaseManagement settings only apply to updates through the Microsoft Store.
 <a href="" id="appmanagement-releasemanagement-releasemanagementkey"></a>**AppManagement/AppStore/ReleaseManagement/_ReleaseManagementKey_**  
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@ -15,7 +15,7 @@ manager: dansimp
 The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
-> [!Note]  
+> [!NOTE]
 > In Windows 10 Mobile, the NetworkProxy CSP only works in ethernet connections. Use the WiFi CSP to configure per-network proxy for Wi-Fi connections in mobile devices.  
 How the settings work:  
@ -40,7 +40,7 @@ Added in Windows 10, version 1803. When set to 0, it enables proxy configuration
 Supported operations are Add, Get, Replace, and Delete.
-> [!Note]  
+> [!NOTE]
 > Per user proxy configuration setting is not supported.
 <a href="" id="autodetect"></a>**AutoDetect**  
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -741,7 +741,7 @@ The following diagram shows the Policy configuration service provider in tree fo
    <a href="./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy" id="CryptographyAllowFipsAlgorithmPolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
  </dd>
  <dd>
-    <a href="./policy-csp-cryptography.md#cryptography-tlsciphersuites" id="cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
+    <a href="./policy-csp-cryptography.md#cryptographytlsciphersuites" id="cryptographytlsciphersuites">Cryptography/TLSCipherSuites</a>
  </dd>
 </dl>
@ -5244,7 +5244,7 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [Camera/AllowCamera](#camera-allowcamera)
 -   [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui)
 -   [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy)
-   [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
+-   [Cryptography/TLSCipherSuites](#cryptographytlsciphersuites)
 -   [Defender/AllowArchiveScanning](#defender-allowarchivescanning)
 -   [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)
 -   [Defender/AllowCloudProtection](#defender-allowcloudprotection)
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -600,7 +600,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
 </desktop:Extension>
 ```
-> [!Note]  
+> [!NOTE]
 > This policy only works on modern apps.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@ -456,7 +456,7 @@ ADMX Info:
 <!--Description-->
 This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
-> [!Note]  
+> [!NOTE]
 > Any property changes to the job or any successful download action will reset this timeout.
 Value type is integer. Default is 90 days.
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@ -66,7 +66,7 @@ manager: dansimp
 <!--Description-->
 Added in Windows 10, version 1803. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.
-> [!Note]  
+> [!NOTE]
 > MDMWinsOverGP only applies to policies in Policy CSP. It does not apply to other MDM settings with equivalent GP settings that are defined on other configuration service providers.
 This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -1244,7 +1244,7 @@ If this setting is on, Windows Defender Antivirus will be more aggressive when i
 For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
-> [!Note]  
+> [!NOTE]
 > This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
 <!--/Description-->
@ -1315,7 +1315,7 @@ The typical cloud check timeout is 10 seconds. To enable the extended cloud chec
 For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. 
-> [!Note]  
+> [!NOTE]
 > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@ -73,7 +73,7 @@ Device memory sandboxing allows the OS to leverage the I/O Memory Management Uni
 This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
-> [!Note]   
+> [!NOTE]
 > This policy does not apply to 1394/Firewire, PCMCIA, CardBus, or ExpressCard devices.
 Supported values:
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@ -2227,7 +2227,7 @@ Value - A number indicating the zone with which this site should be associated f
 If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
-> [!Note]  
+> [!NOTE]
 > This policy is a list that contains the site and index value.
 The list is a set of pairs of strings. Each string is seperated by F000. Each pair of strings is stored as a registry name and value. The registry name is the site and the value is an index. The index has to be sequential. See an example below.
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@ -88,7 +88,7 @@ These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Mic
 <!--Description-->
 Added in Windows 10, version 1803. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
@ -134,7 +134,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL
 <!--Description-->
 Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to.
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
@ -180,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s
 <!--Description-->
 Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart.
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
@ -269,7 +269,7 @@ Shows the Kiosk Browser's end session button. When the policy is enabled, the Ki
 <!--Description-->
 Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
@ -315,7 +315,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button.
 <!--Description-->
 Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back).
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
@ -363,7 +363,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle
 The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser.
-> [!Note]  
+> [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -692,7 +692,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-> [!Warning]  
+> [!WARNING]
 > Starting in the version 1809 of Windows, this policy is deprecated.
 Domain member: Digitally encrypt or sign secure channel data (always)
@ -762,7 +762,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-> [!Warning]  
+> [!WARNING]
 > Starting in the version 1809 of Windows, this policy is deprecated.
 Domain member: Digitally encrypt secure channel data (when possible)
@ -829,7 +829,7 @@ GP Info:
 <!--/Scope-->
 <!--Description-->
-> [!Warning]  
+> [!WARNING]
 > Starting in the version 1809 of Windows, this policy is deprecated.
 Domain member: Disable machine account password changes
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@ -81,7 +81,7 @@ If you disable or do not configure this policy setting, the client computer will
 No reboots or service restarts are required for this policy setting to take effect.
-> [!Warning]  
+> [!WARNING]
 > This policy is designed for zero exhaust. This policy may cause some MDM processes to break because WNS notification is used by the MDM server to send real time tasks to the device, such as remote wipe, unenroll, remote find, and mandatory app installation. When this policy is set to disallow WNS, those real time processes will no longer work and some time-sensitive actions such as remote wipe when the device is stolen or unenrollment when the device is compromised will not work.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@ -318,7 +318,7 @@ manager: dansimp
 <!--Description-->
 Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-> [!Note]  
+> [!NOTE]
 > There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -444,7 +444,7 @@ This MDM setting corresponds to the EnableFontProviders Group Policy setting. If
 This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
-> [!Note]  
+> [!NOTE]
 > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1896,7 +1896,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
 The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.
-> [!Note]  
+> [!NOTE]
 > If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.
 Value type is integer. Default is 14.
@ -3786,7 +3786,7 @@ Options:
 -  1 – Turn off all notifications, excluding restart warnings
 -  2 – Turn off all notifications, including restart warnings
-> [!Important]  
+> [!IMPORTANT]
 > If you choose not to get update notifications and also define other Group policies so that devices aren’t automatically getting updates, neither you nor device users will be aware of critical security, quality, or feature updates, and your devices may be at risk.
 <!--/Description-->
@ -3847,7 +3847,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-> [!Important]  
+> [!IMPORTANT]
 > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
 Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
@ -3939,7 +3939,7 @@ To use this setting, you must set two server name values: the server from which
 Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
-> [!Note]  
+> [!NOTE]
 > If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.  
 > If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.  
 > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -436,7 +436,7 @@ Valid values:
 <!--Description-->
 Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
-> [!Note]  
+> [!NOTE]
 > If Suppress notification is enabled then users will not see critical or non-critical messages.
 Value type is integer. Supported operations are Add, Get, Replace and Delete.
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@ -45,7 +45,7 @@ The default value changed to false in Windows 10, version 1703. The default valu
 <a href="" id="setpowerpolicies"></a>**SetPowerPolicies**  
 Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -55,7 +55,7 @@ The default value is Not Configured and the effective power settings are determi
 <a href="" id="maintenancestarttime"></a>**MaintenanceStartTime**  
 Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
-> [!Note]  
+> [!NOTE]
 >  If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -65,7 +65,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="signinonresume"></a>**SignInOnResume**  
 Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -75,7 +75,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="sleeptimeout"></a>**SleepTimeout**  
 The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional. 
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -85,7 +85,7 @@ The default value is Not Configured, and effective behavior is determined by the
 <a href="" id="enableaccountmanager"></a>**EnableAccountManager**  
 A boolean that enables the account manager for shared PC mode.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -95,7 +95,7 @@ The default value is Not Configured and its value in the SharedPC provisioning p
 <a href="" id="accountmodel"></a>**AccountModel**  
 Configures which type of accounts are allowed to use the PC.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -111,7 +111,7 @@ Its value in the SharedPC provisioning package is 1 or 2.
 <a href="" id="deletionpolicy"></a>**DeletionPolicy**  
 Configures when accounts are deleted.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The supported operations are Add, Get, Replace, and Delete.
@ -132,7 +132,7 @@ The default value is Not Configured. Its value in the SharedPC provisioning pack
 <a href="" id="diskleveldeletion"></a>**DiskLevelDeletion**  
 Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first.
-> [!Note]  
+> [!NOTE]
 > If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
 The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
@ -144,7 +144,7 @@ The supported operations are Add, Get, Replace, and Delete.
 <a href="" id="disklevelcaching"></a>**DiskLevelCaching**  
 Sets the percentage of available disk space a PC should have before it stops deleting cached accounts.
-> [!Note]  
+> [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
@ -158,7 +158,7 @@ Added in Windows 10, version 1703. Restricts the user from using local storage.
 The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
-> [!Note]  
+> [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 <a href="" id="kioskmodeaumid"></a>**KioskModeAUMID**  
@ -166,7 +166,7 @@ Added in Windows 10, version 1703. Specifies the AUMID of the app to use with as
 Value type is string. Supported operations are Add, Get, Replace, and Delete.  
-> [!Note]  
+> [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 <a href="" id="kioskmodeusertiledisplaytext"></a>**KioskModeUserTileDisplayText**  
@ -174,7 +174,7 @@ Added in Windows 10, version 1703. Specifies the display text for the account sh
 Value type is string. Supported operations are Add, Get, Replace, and Delete. 
-> [!Note]  
+> [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 <a href="" id="inactivethreshold"></a>**InactiveThreshold**  
@ -187,7 +187,7 @@ The default in the SharedPC provisioning package is 30.
 <a href="" id="maxpagefilesizemb"></a>**MaxPageFileSizeMB**  
 Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional. 
-> [!Note]  
+> [!NOTE]
 > If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
 Default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@ -18,7 +18,7 @@ manager: dansimp
 The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes.
-> [!Note]  
+> [!NOTE]
 > The forced network connection is only applicable to devices after reset (not new).
 The following diagram shows the TenantLockdown configuration service provider in tree format.
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@ -16,10 +16,10 @@ manager: dansimp
 The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809.
-> [!Note]  
+> [!NOTE]
 > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
-> [!Note]  
+> [!NOTE]
 > The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface.  The specification for this interface and compatible firmware is not yet available.
 The following diagram shows the UEFI CSP in tree format.
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@ -50,7 +50,7 @@ This policy setting allows you to decide how the clipboard behaves while in Appl
 - 2 - Turns On clipboard operation from the host to an isolated session
 - 3 - Turns On clipboard operation in both the directions
-> [!Important]  
+> [!IMPORTANT]
 > Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended. 
 <a href="" id="printingsettings"></a>**Settings/PrintingSettings**  
@ -128,7 +128,7 @@ If you enable this policy, applications inside Windows Defender Application Guar
 If you disable or don't configure this policy, applications inside Windows Defender Application Guard will be unable to access the camera and microphone on the user’s device.
-> [!Important]  
+> [!IMPORTANT]
 > If you turn on this policy, a compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.  To prevent unauthorized access, we recommend that camera and microphone privacy settings be turned off on the user's device when they are not needed.
 <a href="" id="status"></a>**Status**  
--- a/windows/client-management/troubleshoot-windows-freeze.md
+++ b/windows/client-management/troubleshoot-windows-freeze.md
@ -16,7 +16,7 @@ ms.author: dansimp
 This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues. 
-> [!Note] 
+> [!NOTE]
 > The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. 
 ## Identify the problem  
@ -76,14 +76,14 @@ To collect data for a server freeze, check the following table, and use one or m
 ### Method 1: Memory dump 
-> [!Note] 
+> [!NOTE]
 > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.   
 A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.   
 If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.   
-> [!Note] 
+> [!NOTE]
 > If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.   
@ -97,7 +97,7 @@ If the computer is no longer frozen and now is running in a good state, use the
   3.  In the **Write Debugging Information** section, select **Complete Memory Dump**. 
-       > [!Note]     
+       > [!NOTE]  
       > For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD):
       >**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled**   
@ -131,12 +131,12 @@ If the computer is no longer frozen and now is running in a good state, use the
   To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.   
-   > [!Note] 
+   > [!NOTE]
   > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146).   
 4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.   
-   > [!Note] 
+   > [!NOTE]
   > By default, the dump file is located in the following path:<br /> 
   > %SystemRoot%\MEMORY.DMP 
@ -194,12 +194,12 @@ If the physical computer is still running in a frozen state, follow these steps
 1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:   
-   > [!Note] 
+   > [!NOTE]
   > If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.   
   1. Try to access the desktop of the computer by any means.   
-      > [!Note] 
+      > [!NOTE]
      > In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.   
   2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings: 
@ -218,7 +218,7 @@ If the physical computer is still running in a frozen state, follow these steps
        If the page file is customized, the size will be reflected in the registry, such as ‘?:\pagefile.sys 1024 1124’ where 1024 is the initial size and 1124 is the max size.   
-        > [!Note] 
+        > [!NOTE]
        > If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$). 
   3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM. 
@ -244,7 +244,7 @@ If the physical computer is still running in a frozen state, follow these steps
   4.  Restart the computer. 
 3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.  
-   > [!Note] 
+   > [!NOTE]
   > By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP 
 ### Use Pool Monitor to collect data for the physical computer that is no longer frozen 
@ -267,7 +267,7 @@ To debug the virtual machines on Hyper-V, run the following cmdlet in Windows Po
 Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname  
 ``` 
-> [!Note] 
+> [!NOTE]
 > This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.  
 #### VMware 
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@ -49,14 +49,14 @@ Three features enable Start and taskbar layout control:
 -   The [Export-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/export-startlayout?view=win10-ps) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
-    >[!NOTE]  
+    >[!NOTE]
    >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration. 
 -   In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case.
->[!NOTE]  
+>[!NOTE]
 >To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
@ -79,7 +79,7 @@ For information about deploying GPOs in a domain, see [Working with Group Policy
 You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**.
->[!NOTE]  
+>[!NOTE]
 >This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment).
 >
 >This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@ -44,7 +44,7 @@ Two features enable Start layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
-    >[!NOTE]  
+    >[!NOTE]
    >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@ -39,7 +39,7 @@ Three features enable Start and taskbar layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
-    >[!NOTE]  
+    >[!NOTE]
    >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@ -26,7 +26,7 @@ Configuration service providers (CSPs) expose device configuration settings in W
 The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
->[!NOTE]  
+>[!NOTE]
 >The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
 [See what's new for CSPs in Windows 10, version 1809.](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1809)
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@ -185,7 +185,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 **Resolution**: This issue was resolved in the June 2017 updates. Please update Windows 10, version 1607 to the latest cumulative or feature updates.
->[!Note] 
+>[!NOTE]
 >When the Group Policy is enabled, the desired behavior also needs to be selected. By default, it is set to **None**.
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@ -73,7 +73,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
 >[!NOTE]
 >Proxy authentication and SSL inspections are frequent challenges for enterprises. See the following sections for configuration options.
-> [!Important] 
+> [!IMPORTANT]
 > For privacy and data integrity, Windows checks for a Microsoft SSL certificate when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection.<!-- BUG 4647542 --> 
--- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
+++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md
@ -113,7 +113,7 @@ Based on any Windows Defender ATP event, including the plug and play events, you
 Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device.
->[!Note] 
+>[!NOTE]
 >Always test and refine these settings with a pilot group of users and devices first before applying them in production. 
 The following table describes the ways Windows Defender ATP can help prevent installation and usage of USB peripherals. 
@ -125,7 +125,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl
 | [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals)   | Users can only install and use approved peripherals that report specific properties in their firmware |
 | [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware |
->[!Note] 
+>[!NOTE]
 >Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them.
 ### Block installation and usage of removable storage
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
@ -85,7 +85,7 @@ Use the following procedure after you have been running a computer with a WDAC p
   ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt`
-   > [!Note] 
+   > [!NOTE]
   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy.
 4. Find and review the WDAC audit policy .xml file that you created. If you used the example variables as shown, the filename will be **DeviceGuardAuditPolicy.xml**, and it will be on your desktop. Look for the following:
@ -96,5 +96,5 @@ Use the following procedure after you have been running a computer with a WDAC p
 You can now use this file to update the existing WDAC policy that you ran in audit mode by merging the two policies. For instructions on how to merge this audit policy with the existing WDAC policy, see the next section, [Merge Windows Defender Application Control policies](#merge-windows-defender-application-control-policies).
-> [!Note] 
+> [!NOTE]
 > You may have noticed that you did not generate a binary version of this policy as you did in [Create a Windows Defender Application Control policy from a reference computer](#create-a-windows-defender-application-control-policy-from-a-reference-computer). This is because WDAC policies created from an audit log are not intended to run as stand-alone policies but rather to update existing WDAC policies.
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@ -26,7 +26,7 @@ For this example, you must initiate variables to be used during the creation pro
 Then create the WDAC policy by scanning the system for installed applications. 
 The policy file is converted to binary format when it gets created so that Windows can interpret it.
-> [!Note] 
+> [!NOTE]
 > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. 
 Each installed software application should be validated as trustworthy before you create a policy. 
@ -70,7 +70,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
 After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (InitialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
-> [!Note] 
+> [!NOTE]
 > We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).
 We recommend that every WDAC policy be run in audit mode before being enforced. Doing so allows administrators to discover any issues with the policy without receiving error messages. For information about how to audit a WDAC policy, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md).
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@ -37,7 +37,7 @@ If the WDAC policy was deployed by using Group Policy, the GPO that is currently
 Signed policies protect Windows from administrative manipulation as well as malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps.
-> [!Note] 
+> [!NOTE]
 > For reference, signed WDAC policies should be replaced and removed from the following locations:
 -   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
@ -23,7 +23,7 @@ ms.date: 05/03/2018
 Every WDAC policy is created with audit mode enabled. After you have successfully deployed and tested a WDAC policy in audit mode and are ready to test the policy in enforced mode, complete the following steps in an elevated Windows PowerShell session:
-> [!Note] 
+> [!NOTE]
 > Every WDAC policy should be tested in audit mode first. For information about how to audit WDAC policies, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md), earlier in this topic.
 1. Initialize the variables that will be used:
@ -36,7 +36,7 @@ Every WDAC policy is created with audit mode enabled. After you have successfull
   ` $CIPolicyBin=$CIPolicyPath+"EnforcedDeviceGuardPolicy.bin"`
-   > [!Note] 
+   > [!NOTE]
   > The initial WDAC policy that this section refers to was created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are using a different WDAC policy, update the **CIPolicyPath** and **InitialCIPolicy** variables.
 2. Ensure that rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) are set the way that you intend for this policy. We strongly recommend that you enable these rule options before you run any enforced policy for the first time. Enabling these options provides administrators with a pre-boot command prompt, and allows Windows to start even if the WDAC policy blocks a kernel-mode driver from running. When ready for enterprise deployment, you can remove these options.
@ -55,7 +55,7 @@ Every WDAC policy is created with audit mode enabled. After you have successfull
   ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete`
-   > [!Note] 
+   > [!NOTE]
   > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy.
 5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the new WDAC policy to binary format:
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
@ -40,7 +40,7 @@ To merge two WDAC policies, complete the following steps in an elevated Windows
   ` $CIPolicyBin=$CIPolicyPath+"NewDeviceGuardPolicy.bin"`
-   > [!Note] 
+   > [!NOTE]
   > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly.
 2. Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy) to merge two policies and create a new WDAC policy:
--- a/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md
+++ b/windows/security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md
@ -49,7 +49,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code
   ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
-   > [!Note] 
+   > [!NOTE]
   > This example uses the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md). If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information.
 2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
@ -64,7 +64,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code
   ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update`
-   > [!Note] 
+   > [!NOTE]
   > <Path to exported .cer certificate> should be the full path to the certificate that you exported in   step 3.
   Also, adding update signers is crucial to being able to modify or disable this policy in the future. 
@ -80,7 +80,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code
   ` <Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin`
-   > [!Note] 
+   > [!NOTE]
   > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
 9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@ -51,7 +51,7 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
   ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
-   > [!Note] 
+   > [!NOTE]
   > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** and **$CIPolicyBin** variables with the correct information.
 2. Import the .pfx code signing certificate. Import the code signing certificate that you will use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
@ -66,7 +66,7 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
   ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update`
-   > [!Note] 
+   > [!NOTE]
   > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
   Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Disable signed Windows Defender Application Control policies within Windows](disable-windows-defender-application-control-policies.md#disable-signed-windows-defender-application-control-policies-within-windows).
@ -82,7 +82,7 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
   ` <Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin`
-   > [!Note] 
+   > [!NOTE]
   > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
 9. Validate the signed file. When complete, the commands should output a signed policy file called DeviceGuardPolicy.bin.p7 to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md).