Spacing, indentation, valid code block types

The complete list of valid types for code blocks is here: https://docsmetadatatool.azurewebsites.net/allowlists/#

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -129,7 +129,8 @@ If you don't know the Store app publisher or product name, you can find them by
 
 If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
 
->**Note**<br>Your PC and phone must be on the same wireless network.
+> [!NOTE]
+> Your PC and phone must be on the same wireless network.
 
 1. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
 
@@ -194,19 +195,19 @@ To add another Desktop app, click the ellipsis **…**. After you’ve entered t
  
 If you’re unsure about what to include for the publisher, you can run this PowerShell command:
 
-```ps1
+```powershell
 Get-AppLockerFileInformation -Path "<path_of_the_exe>"
 ```
 
 Where `"<path_of_the_exe>"` goes to the location of the app on the device. For example:
 
-```ps1
+```powershell
 Get-AppLockerFileInformation -Path "C:\Program Files\Windows NT\Accessories\wordpad.exe"
 ```
 
 In this example, you'd get the following info:
 
-```
+```console
 Path                   Publisher
 ----                   ---------
 %PROGRAMFILES%\WINDOWS NT\ACCESSORIES\WORDPAD.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
@@ -279,22 +280,22 @@ For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com
     This is the XML file that AppLocker creates for Microsoft Dynamics 365.
 
     ```xml
-        <?xml version="1.0"?>
+    <?xml version="1.0"?>
-        <AppLockerPolicy Version="1">
+    <AppLockerPolicy Version="1">
-            <RuleCollection EnforcementMode="NotConfigured" Type="Appx">
+        <RuleCollection EnforcementMode="NotConfigured" Type="Appx">
-                <FilePublisherRule Action="Allow" UserOrGroupSid="S-1-1-0" Description="" Name="Microsoft.MicrosoftDynamicsCRMforWindows10, version 3.2.0.0 and above, from Microsoft Corporation" Id="3da34ed9-aec6-4239-88ba-0afdce252ab4">
+            <FilePublisherRule Action="Allow" UserOrGroupSid="S-1-1-0" Description="" Name="Microsoft.MicrosoftDynamicsCRMforWindows10, version 3.2.0.0 and above, from Microsoft Corporation" Id="3da34ed9-aec6-4239-88ba-0afdce252ab4">
-                    <Conditions>
+                <Conditions>
-                        <FilePublisherCondition BinaryName="*" ProductName="Microsoft.MicrosoftDynamicsCRMforWindows10" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US">
+                    <FilePublisherCondition BinaryName="*" ProductName="Microsoft.MicrosoftDynamicsCRMforWindows10" PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US">
-                            <BinaryVersionRange HighSection="*" LowSection="3.2.0.0"/>
+                        <BinaryVersionRange HighSection="*" LowSection="3.2.0.0"/>
-                        </FilePublisherCondition>
+                    </FilePublisherCondition>
-                    </Conditions>
+                </Conditions>
-                </FilePublisherRule>
+            </FilePublisherRule>
-            </RuleCollection>
+        </RuleCollection>
-            <RuleCollection EnforcementMode="NotConfigured" Type="Dll"/>
+        <RuleCollection EnforcementMode="NotConfigured" Type="Dll"/>
-            <RuleCollection EnforcementMode="NotConfigured" Type="Exe"/>
+        <RuleCollection EnforcementMode="NotConfigured" Type="Exe"/>
-            <RuleCollection EnforcementMode="NotConfigured" Type="Msi"/>
+        <RuleCollection EnforcementMode="NotConfigured" Type="Msi"/>
-            <RuleCollection EnforcementMode="NotConfigured" Type="Script"/>
+        <RuleCollection EnforcementMode="NotConfigured" Type="Script"/>
-        </AppLockerPolicy>
+    </AppLockerPolicy>
     ```
 
 12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
@@ -335,6 +336,7 @@ The executable rule helps to create an AppLocker rule to sign any unsigned apps.
 
 12. After you’ve created your XML file, you need to import it by using Microsoft Intune.
 
+
 **To import a list of protected apps using Microsoft Intune**
 
 1. In **Protected apps**, click **Import apps**.
@@ -428,7 +430,7 @@ Separate multiple resources with the "|" delimiter.
 If you don’t use proxy servers, you must also include the "," delimiter just before the "|". 
 For example: 
 
-```code
+```console
 URL <,proxy>|URL <,proxy>
 ```
 
@@ -441,7 +443,7 @@ In this case, Windows blocks the connection by default.
 To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting. 
 For example: 
 
-```code
+```console
 URL <,proxy>|URL <,proxy>/*AppCompat*/
 ```
 
@@ -449,13 +451,13 @@ When you use this string, we recommend that you also turn on [Azure Active Direc
 
 Value format with proxy:
 
-```code
+```console
 contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
 ```
 
 Value format without proxy:
 
-```code
+```console
 contoso.sharepoint.com,|contoso.visualstudio.com,|contoso.onedrive.com
 ```
 
@@ -465,7 +467,7 @@ Specify the domains used for identities in your environment.
 All traffic to the fully-qualified domains appearing in this list will be protected.
 Separate multiple domains with the "|" delimiter.
 
-```code
+```console
 exchange.contoso.com|contoso.com|region.contoso.com
 ```
 
@@ -475,7 +477,7 @@ Specify the DNS suffixes used in your environment.
 All traffic to the fully-qualified domains appearing in this list will be protected.
 Separate multiple resources with the "," delimiter.
 
-```code
+```console
 corp.contoso.com,region.contoso.com
 ```
 
@@ -488,7 +490,7 @@ This list shouldn’t include any servers listed in your Internal proxy servers
 Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
 Separate multiple resources with the ";" delimiter.
 
-```code
+```console
 proxy.contoso.com:80;proxy2.contoso.com:443
 ```
 
@@ -500,7 +502,7 @@ This list shouldn’t include any servers listed in your Proxy servers list.
 Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
 Separate multiple resources with the ";" delimiter.
 
-```code
+```console
 contoso.internalproxy1.com;contoso.internalproxy2.com
 ```
 
@@ -539,7 +541,7 @@ Specify your authentication redirection endpoints for your company.
 These locations are considered enterprise or personal, based on the context of the connection before the redirection.
 Separate multiple resources with the "," delimiter.
 
-```code
+```console
 sts.contoso.com,sts.contoso2.com
 ```
 
@@ -597,8 +599,8 @@ After you've decided where your protected apps can access enterprise data on you
         
 - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
 
->[!NOTE]
+  > [!NOTE]
->Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
+  > Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
 
 **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.