From faee789b267ba90d691979a343b4bcf8c1432eb9 Mon Sep 17 00:00:00 2001
From: Kim Klein <v-kikl@microsoft.com>
Date: Thu, 27 May 2021 09:37:24 -0700
Subject: [PATCH] Task ID 23142312 and 29028100

Made cosmetic changes to the certificate section in event-tags-explanation, and added a line break before the Figure 1 image in audit-and-enforce.
---
 ...s-defender-application-control-policies.md |  3 +-
 .../event-tag-explanations.md                 | 42 +++++++++----------
 2 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
index 4b1860ea36..b33cace078 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@@ -41,7 +41,8 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
 
-   **Figure 1. Exceptions to the deployed WDAC policy**
+   **Figure 1. Exceptions to the deployed WDAC policy** <br>
+
    ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
 
 3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
index bcbeab1e3e..76084853c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@@ -94,28 +94,28 @@ Represents why verification failed, or if it succeeded.
 
 ## Microsoft Root CAs trusted by Windows
 
-The rule means trust anything signed by a cert that chains to this root CA.
+The rule means trust anything signed by a certificate that chains to this root CA.
 | Root ID | Root Name |
 |---|----------|
-|0| None |
-|1| Unknown |
-|2 | Self-Signed |
-|3 | Authenticode |
-|4 | Microsoft Product Root 1997 |
-|5 | Microsoft Product Root 2001 |
-|6 | Microsoft Product Root 2010 |
-|7 | Microsoft Standard Root 2011 |
-|8 | Microsoft Code Verification Root 2006 |
-|9 | Microsoft Test Root 1999 |
-|10 | Microsoft Test Root 2010 |
-|11 | Microsoft DMD Test Root 2005 |
-|12 | Microsoft DMDRoot 2005 |
-|13 | Microsoft DMD Preview Root 2005 |
-|14 | Microsoft Flight Root 2014 |
-|15 | Microsoft Third Party Marketplace Root  |
-|16 | Microsoft ECC Testing Root CA 2017 |
-|17 | Microsoft ECC Development Root CA 2018 |
-|18 | Microsoft ECC Product Root CA 2018 |
-|19 | Microsoft ECC Devices Root CA 2017 |
+| 0| None |
+| 1| Unknown |
+| 2 | Self-Signed |
+| 3 | Authenticode |
+| 4 | Microsoft Product Root 1997 |
+| 5 | Microsoft Product Root 2001 |
+| 6 | Microsoft Product Root 2010 |
+| 7 | Microsoft Standard Root 2011 |
+| 8 | Microsoft Code Verification Root 2006 |
+| 9 | Microsoft Test Root 1999 |
+| 10 | Microsoft Test Root 2010 |
+| 11 | Microsoft DMD Test Root 2005 |
+| 12 | Microsoft DMDRoot 2005 |
+| 13 | Microsoft DMD Preview Root 2005 |
+| 14 | Microsoft Flight Root 2014 |
+| 15 | Microsoft Third Party Marketplace Root  |
+| 16 | Microsoft ECC Testing Root CA 2017 |
+| 17 | Microsoft ECC Development Root CA 2018 |
+| 18 | Microsoft ECC Product Root CA 2018 |
+| 19 | Microsoft ECC Devices Root CA 2017 |
 
 For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.
\ No newline at end of file