[BULK] DocuTune - Fix formatting - use one space after list indicator

Author: alexbuckgit

articles/active-directory/app-provisioning/plan-auto-user-provisioning.md

@@ -110,13 +110,13 @@ In this example, the users and or groups are created in a cloud HR application l
 
 ![Picture 2](./media/plan-auto-user-provisioning/workdayprovisioning.png)
 
-1.	**HR team** performs the transactions in the cloud HR app tenant.
-2.	**Azure AD provisioning service** runs the scheduled cycles from the cloud HR app tenant and identifies changes that need to be processed for sync with AD.
-3.	**Azure AD provisioning service** invokes the Azure AD Connect provisioning agent with a request payload containing AD account create/update/enable/disable operations.
-4.	**Azure AD Connect provisioning agent** uses a service account to manage AD account data.
-5.	**Azure AD Connect** runs delta sync to pull updates in AD.
-6.	**AD** updates are synced with Azure AD. 
-7.	**Azure AD provisioning service** writebacks email attribute and username from Azure AD to the cloud HR app tenant.
+1. **HR team** performs the transactions in the cloud HR app tenant.
+2. **Azure AD provisioning service** runs the scheduled cycles from the cloud HR app tenant and identifies changes that need to be processed for sync with AD.
+3. **Azure AD provisioning service** invokes the Azure AD Connect provisioning agent with a request payload containing AD account create/update/enable/disable operations.
+4. **Azure AD Connect provisioning agent** uses a service account to manage AD account data.
+5. **Azure AD Connect** runs delta sync to pull updates in AD.
+6. **AD** updates are synced with Azure AD. 
+7. **Azure AD provisioning service** writebacks email attribute and username from Azure AD to the cloud HR app tenant.
 
 ## Plan the deployment project
 

articles/active-directory/app-proxy/application-proxy-azure-front-door.md

@@ -36,14 +36,14 @@ This article guides you through the steps to securely expose a web application o
 ### Application Proxy Configuration
 
 Follow these steps to configure Application Proxy for Front Door: 
-1.	Install connector for the location that your app instances will be in (For example US West).  For the connector group assign the connector to the right region (For example North America).
-2.	Set up your app instance with Application Proxy as follows:
+1. Install connector for the location that your app instances will be in (For example US West).  For the connector group assign the connector to the right region (For example North America).
+2. Set up your app instance with Application Proxy as follows:
     - Set the Internal URL to the address users access the app from the internal network, for example contoso.org
     - Set the External URL to the domain address you want the users to access the app from. For this you must configure a custom domain for our application here, for example, contoso.org. Reference: [Custom domains in Azure Active Directory Application Proxy][appproxy-custom-domain]
     - Assign the application to the appropriate connector group (For example: North America)
     - Note down the URL generated by Application Proxy to access the application. For example, contoso.msappproxy.net 
     - For the application configure a CNAME Entry in your DNS provider which points the external URL to the Front Door’s endpoint, for example ‘contoso.org’ to contoso.msappproxy.net 
-3.	In the Front Door service, utilize the URL generated for the app by Application Proxy as a backend for the backend pool. For example, contoso.msappproxy.net 
+3. In the Front Door service, utilize the URL generated for the app by Application Proxy as a backend for the backend pool. For example, contoso.msappproxy.net 
 
 #### Sample Application Proxy Configuration
 The following table shows a sample Application Proxy configuration. The sample scenario uses the sample application domain www.contoso.org as the External URL. 
@@ -67,15 +67,15 @@ The configuration steps that follow refer to the following definitions:
 - Origin host header: This represented the host header value being sent to the backend for each request. For example, contoso.org. For more information refer here: [Origins and origin groups – Azure Front Door][front-door-origin]
 
 Follow these steps to configure the Front Door Service (Standard): 
-1.	Create a Front Door (Standard) with the configuration below: 
+1. Create a Front Door (Standard) with the configuration below: 
     - Add an Endpoint name for generating the Front Door’s default domain i.e. azurefd.net. For example, contoso-nam that generated the Endpoint hostname contoso-nam.azurefd.net 
     - Add an Origin Type for the type of backend resource. For example Custom here for the Application Proxy resource
     - Add an Origin host name to represent the backend host name. For example, contoso.msappproxy.net 
     - Optional: Enable Caching for the routing rule for Front Door to cache your static content. 
-2.	Verify if the deployment is complete and the Front Door Service is ready
-3.	To give your Front Door service a user-friendly domain host name URL, create a CNAME record with your DNS provider for your Application Proxy External URL that points to Front Door’s domain host name (generated by the Front Door service). For example, contoso.org points to contoso.azurefd.net Reference: [How to add a custom domain - Azure Front Door][front-door-custom-domain]
-4.	As per the reference, on the Front Door Service Dashboard navigate to Front Door Manager and add a Domain with the Custom Hostname. For example, contoso.org 
-5.	Navigate to the Origin groups in the Front Door Service Dashboard, select the origin name and validate the Origin host header matches the domain of the backend. For example here the Origin host header should be: contoso.org 
+2. Verify if the deployment is complete and the Front Door Service is ready
+3. To give your Front Door service a user-friendly domain host name URL, create a CNAME record with your DNS provider for your Application Proxy External URL that points to Front Door’s domain host name (generated by the Front Door service). For example, contoso.org points to contoso.azurefd.net Reference: [How to add a custom domain - Azure Front Door][front-door-custom-domain]
+4. As per the reference, on the Front Door Service Dashboard navigate to Front Door Manager and add a Domain with the Custom Hostname. For example, contoso.org 
+5. Navigate to the Origin groups in the Front Door Service Dashboard, select the origin name and validate the Origin host header matches the domain of the backend. For example here the Origin host header should be: contoso.org 
 
 |     | Configuration | Additional Information |
 |---- | ----------------------- | ---------------------- |

articles/active-directory/app-proxy/application-proxy-configure-complex-application.md

@@ -16,9 +16,9 @@ ms.reviewer: dhruvinshah
 # Understanding Azure Active Directory Application Proxy Complex application scenario (Preview)
 
 When applications are made up of multiple individual web application using different domain suffixes or different ports or paths in the URL, the individual web application instances must be published in separate Azure AD Application Proxy apps and the following problems might arise:
-1.	Pre-authentication- The client must separately acquire an access token or cookie for each Azure AD Application Proxy app. This might lead to additional redirects to login.microsoftonline.com and CORS issues.
-2.	CORS issues- Cross-origin resource sharing calls (OPTIONS request) might be triggered to validate if the caller web app is allowed to access the URL of the targeted web app. These will be blocked by the Azure AD Application Proxy Cloud service, since these requests cannot contain authentication information.
-3.	Poor app management- Multiple enterprise apps are created to enable access to a private app adding friction to the app management experience.
+1. Pre-authentication- The client must separately acquire an access token or cookie for each Azure AD Application Proxy app. This might lead to additional redirects to login.microsoftonline.com and CORS issues.
+2. CORS issues- Cross-origin resource sharing calls (OPTIONS request) might be triggered to validate if the caller web app is allowed to access the URL of the targeted web app. These will be blocked by the Azure AD Application Proxy Cloud service, since these requests cannot contain authentication information.
+3. Poor app management- Multiple enterprise apps are created to enable access to a private app adding friction to the app management experience.
 
 The following figure shows an example for complex application domain structure.
 

articles/active-directory/app-proxy/application-proxy-configure-connectors-with-proxy-servers.md

@@ -146,10 +146,10 @@ To enable this, please follow the next steps:
 `UseDefaultProxyForBackendRequests = 1` to the Connector configuration registry key located in "HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft AAD App Proxy Connector".
 
 ### Step 2: Configure the proxy server manually using netsh command
-1.	Enable the group policy Make proxy settings per-machine. This is found in: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer. This needs to be set rather than having this policy set to per-user.
-2.	Run `gpupdate /force` on the server or reboot the server to ensure it uses the updated group policy settings.
-3.	Launch an elevated command prompt with admin rights and enter `control inetcpl.cpl`.
-4.	Configure the required proxy settings. 
+1. Enable the group policy Make proxy settings per-machine. This is found in: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer. This needs to be set rather than having this policy set to per-user.
+2. Run `gpupdate /force` on the server or reboot the server to ensure it uses the updated group policy settings.
+3. Launch an elevated command prompt with admin rights and enter `control inetcpl.cpl`.
+4. Configure the required proxy settings. 
 
 These settings make the connector use the same forward proxy for the communication to Azure and to the backend application. If the connector to Azure communication requires no forward proxy or a different forward proxy, you can set this up with modifying the file ApplicationProxyConnectorService.exe.config as described in the sections Bypass outbound proxies or Use the outbound proxy server.
 

articles/active-directory/authentication/how-to-certificate-based-authentication.md

@@ -145,7 +145,7 @@ To enable the certificate-based authentication in the Azure portal, complete the
 1. Sign in to the [Azure portal](https://portal.azure.com) as an Authentication Policy Administrator.
 1. Select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
 1. Under **Manage**, select **Authentication methods** > **Certificate-based Authentication**.
-1.	Under **Enable and Target**, click **Enable**.
+1. Under **Enable and Target**, click **Enable**.
 1. Click **All users**, or click **Add groups** to select specific groups.
 
    :::image type="content" border="true" source="./media/how-to-certificate-based-authentication/enable.png" alt-text="Screenshot of how to enable CBA.":::
@@ -248,7 +248,7 @@ As a first configuration test, you should try to sign in to the [MyApps portal](
 
 1. Select **Sign in with a certificate**.
 
-1.	Pick the correct user certificate in the client certificate picker UI and click **OK**.
+1. Pick the correct user certificate in the client certificate picker UI and click **OK**.
 
    :::image type="content" border="true" source="./media/how-to-certificate-based-authentication/picker.png" alt-text="Screenshot of the certificate picker UI.":::
 

articles/active-directory/authentication/how-to-mfa-server-migration-utility.md

@@ -421,7 +421,7 @@ If the upgrade had issues, follow these steps to roll back:
    >[!NOTE]
    >Any changes since the backup was made will be lost, but should be minimal if backup was made right before upgrade and upgrade was unsuccessful.
 
-1.	Run the installer for your previous version (for example, 8.0.x.x).
+1. Run the installer for your previous version (for example, 8.0.x.x).
 1. Configure Azure AD to accept MFA requests to your on-premises federation server. Use Graph PowerShell to set [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-1.0#federatedidpmfabehavior-values&preserve-view=true) to `enforceMfaByFederatedIdp`, as shown in the following example.
 
    **Request**

articles/active-directory/conditional-access/concept-continuous-access-evaluation-workload.md

@@ -51,9 +51,9 @@ When a client’s access to a resource is blocked due to CAE being triggered, th
 
 The following steps detail how an admin can verify sign in activity in the sign-in logs: 
 
-1.	Sign into the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator.
-1.	Browse to **Azure Active Directory** > **Sign-in logs** > **Service Principal Sign-ins**. You can use filters to ease the debugging process. 
-1.	Select an entry to see activity details. The **Continuous access evaluation** field indicates whether a CAE token was issued in a particular sign-in attempt. 
+1. Sign into the Azure portal as a Conditional Access Administrator, Security Administrator, or Global Administrator.
+1. Browse to **Azure Active Directory** > **Sign-in logs** > **Service Principal Sign-ins**. You can use filters to ease the debugging process. 
+1. Select an entry to see activity details. The **Continuous access evaluation** field indicates whether a CAE token was issued in a particular sign-in attempt. 
 
 ## Next steps
 

articles/active-directory/conditional-access/concept-continuous-access-evaluation.md

@@ -154,8 +154,8 @@ Customers who have configured CAE settings under Security before have to migrate
 :::image type="content" source="media/concept-continuous-access-evaluation/migrate-continuous-access-evaluation.png" alt-text="Portal view showing the option to migrate continuous access evaluation to a Conditional Access policy." lightbox="media/concept-continuous-access-evaluation/migrate-continuous-access-evaluation.png":::
 
 1. Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator. 
-1.	Browse to **Azure Active Directory** > **Security** > **Continuous access evaluation**. 
-1.	You have the option to **Migrate** your policy. This action is the only one that you have access to at this point.
+1. Browse to **Azure Active Directory** > **Security** > **Continuous access evaluation**. 
+1. You have the option to **Migrate** your policy. This action is the only one that you have access to at this point.
 1. Browse to **Conditional Access** and you find a new policy named **Conditional Access policy created from CAE settings** with your settings configured. Administrators can choose to customize this policy or create their own to replace it.
 
 The following table describes the migration experience of each customer group based on previously configured CAE settings. 

articles/active-directory/conditional-access/howto-continuous-access-evaluation-troubleshoot.md

@@ -23,9 +23,9 @@ Administrators can monitor and troubleshoot sign in events where [continuous acc
 
 Administrators can monitor user sign-ins where continuous access evaluation (CAE) is applied. This information is found in the Azure AD sign-in logs:
 
-1.	Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator.
-1.	Browse to **Azure Active Directory** > **Sign-in logs**. 
-1.	Apply the **Is CAE Token** filter. 
+1. Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator.
+1. Browse to **Azure Active Directory** > **Sign-in logs**. 
+1. Apply the **Is CAE Token** filter. 
 
 [ ![Screenshot showing how to add a filter to the Sign-ins log to see where CAE is being applied or not.](./media/howto-continuous-access-evaluation-troubleshoot/sign-ins-log-apply-filter.png) ](./media/howto-continuous-access-evaluation-troubleshoot/sign-ins-log-apply-filter.png#lightbox)
 
@@ -45,9 +45,9 @@ The continuous access evaluation insights workbook allows administrators to view
 
 Log Analytics integration must be completed before workbooks are displayed. For more information about how to stream Azure AD sign-in logs to a Log Analytics workspace, see the article [Integrate Azure AD logs with Azure Monitor logs](../reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md).
 
-1.	Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator. 
-1.	Browse to **Azure Active Directory** > **Workbooks**.
-1.	Under **Public Templates**, search for **Continuous access evaluation insights**.
+1. Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator. 
+1. Browse to **Azure Active Directory** > **Workbooks**.
+1. Under **Public Templates**, search for **Continuous access evaluation insights**.
 
 The **Continuous access evaluation insights** workbook contains the following table:
 
@@ -77,8 +77,8 @@ Admins can view records filtered by time range and application. Admins can compa
 
 To unblock users, administrators can add specific IP addresses to a trusted named location.
 
-1.	Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator. 
-1.	Browse to **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**. Here you can create or update trusted IP locations.
+1. Sign in to the **Azure portal** as a Conditional Access Administrator, Security Administrator, or Global Administrator. 
+1. Browse to **Azure Active Directory** > **Security** > **Conditional Access** > **Named locations**. Here you can create or update trusted IP locations.
 
 > [!NOTE]
 > Before adding an IP address as a trusted named location, confirm that the IP address does in fact belong to the intended organization.

articles/active-directory/conditional-access/resilience-defaults.md

@@ -21,8 +21,8 @@ If there was an outage of the primary authentication service, the Azure Active D
 
 For authentications protected by Conditional Access, policies are reevaluated before access tokens are issued to determine:
 
-1.	Which Conditional Access policies apply?
-1.	For policies that do apply, were the required controls are satisfied?
+1. Which Conditional Access policies apply?
+1. For policies that do apply, were the required controls are satisfied?
 
 During an outage, not all conditions can be evaluated in real time by the Backup Authentication Service to determine whether a Conditional Access policy should apply. Conditional Access resilience defaults are a new session control that lets admins decide between:
 
@@ -81,11 +81,11 @@ You can configure Conditional Access resilience defaults from the Azure portal,
 
 ### Azure portal
 
-1.	Navigate to the **Azure portal** > **Security** > **Conditional Access**
-1.	Create a new policy or select an existing policy
-1.	Open the Session control settings
-1.	Select Disable resilience defaults to disable the setting for this policy. Sign-ins in scope of the policy will be blocked during an Azure AD outage
-1.	Save changes to the policy
+1. Navigate to the **Azure portal** > **Security** > **Conditional Access**
+1. Create a new policy or select an existing policy
+1. Open the Session control settings
+1. Select Disable resilience defaults to disable the setting for this policy. Sign-ins in scope of the policy will be blocked during an Azure AD outage
+1. Save changes to the policy
 
 ### MS Graph APIs