diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index 68d97e6aa9..21c1334a1e 100644
--- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -49,14 +49,15 @@ This step will guide you in creating an alert definition and an IOC for a malici
 
 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines.
 
-  >[!NOTE]
-  >  If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script:
-  > ```
-  >$webclient=New-Object System.Net.WebClient
-  >$creds=Get-Credential
-  >$webclient.Proxy.Credentials=$creds
-  >```
-  
+  NOTE:
+  If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script:
+
+  ```
+  $webclient=New-Object System.Net.WebClient
+  $creds=Get-Credential
+  $webclient.Proxy.Credentials=$creds
+  ```
+
 ## Step 3: Simulate a custom TI alert
 This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert.
 
@@ -78,4 +79,4 @@ This step will guide you in exploring the custom alert in the portal.
   ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png)
 
   >[!NOTE]
-  >  It can take up to 15 minutes for the alert to appear in the portal.
+  > It can take up to 15 minutes for the alert to appear in the portal.