diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 90dcfbad85..9733c8b74f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -243,7 +243,7 @@ Microsoft Endpoint Configuration Manager name: `Block executable content from em
 
 GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550`
 
-> [!Note]
+> [!NOTE]
 > The rule **Block executable content from email client and webmail** has the following separate descriptions, depending on which application you use:
 > Intune (Configuration Profiles): Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions)
 > Endpoint Manager: Block executable content download from email and webmail clients