diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 8f51d2aa40..f9338eba41 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -225,9 +225,7 @@ If the verification fails and your environment is using a proxy to connect to th
 ### Ensure that Windows Defender is not disabled by a policy
 If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
 
-- Ensure that the policy is not disabled.
-
-  Depending on the tool that you use to implement policies, you'll need to verify that the following policy is set to ```false```, for example:
+- Depending on the tool that you use to implement policies, you'll need to verify that the following policy is set to ```false```, for example:
 
   ```<DisableAntiSpyware>true</DisableAntiSpyware>
   ```
@@ -242,9 +240,6 @@ If your endpoints are running a third-party antimalware client, the Windows Defe
 
 
 
-
-
-
 ## Related topics
 - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
 - [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)