Update pci-requirement-1.md

Author: v-edmckillop

articles/active-directory/standards/pci-requirement-1.md

@@ -44,8 +44,8 @@ ms.collection:
 
 |PCI-DSS Defined approach requirements|Azure AD guidance and recommendations|
 |-|-|
-|**1.3.1** Inbound traffic to the CDE is restricted as follows: </br> To only traffic that is necessary </br> All other traffic is specifically denied|Use Azure AD to configure named locations to create Conditional Access policies. Calculate user and sign-in risk. Microsoft recommends customers populate and maintain the CDE IP addresses using network locations. Use them to define Conditional Access policy requirements. [Using the location condition in a CA policy](../conditional-access/location-condition.md)|
-|**1.3.2** Outbound traffic from the CDE is restricted as follows: </br> To only traffic that is necessary </br> All other traffic is specifically denied|For NSC design, include Conditional Access policies for applications to allow access to CDE IP addresses. </br> Emergency access or remote access to establish connectivity to CDE, such as virtual private network (VPN) appliances, captive portals, might need policies to prevent unintended lockout. [Using the location condition in a CA policy](../conditional-access/location-condition.md) </br> [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md)|
+|**1.3.1** Inbound traffic to the CDE is restricted as follows: </br> To only traffic that is necessary. </br> All other traffic is specifically denied|Use Azure AD to configure named locations to create Conditional Access policies. Calculate user and sign-in risk. Microsoft recommends customers populate and maintain the CDE IP addresses using network locations. Use them to define Conditional Access policy requirements. [Using the location condition in a CA policy](../conditional-access/location-condition.md)|
+|**1.3.2** Outbound traffic from the CDE is restricted as follows: </br> To only traffic that is necessary. </br> All other traffic is specifically denied|For NSC design, include Conditional Access policies for applications to allow access to CDE IP addresses. </br> Emergency access or remote access to establish connectivity to CDE, such as virtual private network (VPN) appliances, captive portals, might need policies to prevent unintended lockout. [Using the location condition in a CA policy](../conditional-access/location-condition.md) </br> [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md)|
 |**1.3.3** NSCs are installed between all wireless networks and the CDE, regardless of whether the wireless network is a CDE, such that: </br> All wireless traffic from wireless networks into the CDE is denied by default. </br> Only wireless traffic with an authorized business purpose is allowed into the CDE.|For NSC design, include Conditional Access policies for applications to allow access to CDE IP addresses. </br> Emergency access or remote access to establish connectivity to CDE, such as virtual private network (VPN) appliances, captive portals, might need policies to prevent unintended lockout. [Using the location condition in a CA policy](../conditional-access/location-condition.md) </br> [Manage emergency access accounts in Azure AD](../roles/security-emergency-access.md)|
 
 ## 1.4 Network connections between trusted and untrusted networks are controlled.