Adjusted alignment and added missing periods

Author: padmagit77

defender-endpoint/evaluate-mda-using-mde-security-settings-management.md

@@ -142,28 +142,28 @@ To enable Attack Surface Reduction (ASR) rules using the endpoint security polic
 1. On the **Configuration settings** page, expand the groups of settings and configure those settings you want to manage with this profile.
 1. Set the policies based on the following recommended settings:
 
-|Description  |Setting  |
-|---------|---------|
-|Block executable content from email client and webmail     |  Block       |
-|Block Adobe Reader from creating child processes     |   Block      |
-|Block execution of potentially obfuscated scripts     |    Block     |
-|Block abuse of exploited vulnerable signed drivers (Device)     |  Block       |
-|Block Win32 API calls from Office macros     | Block        |
-|Block executable files from running unless they meet a prevalence, age, or trusted list criterion     | Block        |
-|Block Office communication application from creating child processes     | Block        |
-|Block all Office applications from creating child processes     |  Block       |
-|[PREVIEW] Block use of copied or impersonated system tools     |  Block       |
-|Block JavaScript or VBScript from launching downloaded executable content     | Block        |
-|Block credential stealing from the Windows local security authority subsystem     | Block        |
-|Block Webshell creation for Servers     |   Block      |
-|Block Office applications from creating executable content     |  Block       |
-|Block untrusted and unsigned processes that run from USB     |   Block      |
-|Block Office applications from injecting code into other processes     | Block        |
-|Block persistence through WMI event subscription     |  Block       |
-|Use advanced protection against ransomware     |  Block       |
-|Block process creations originating from PSExec and WMI commands     | Block<br>NOTE:If you have Configuration Manager (formerly SCCM), or other management tools, that use WMI, you might need to set this to **Audit** instead of **Block**.        |
-|[PREVIEW] Block rebooting machine in Safe Mode     | Block      |
-|Enable Controlled Folder Access     |  Enabled       |
+   |Description  |Setting  |
+   |---------|---------|
+   |Block executable content from email client and webmail     |  Block       |
+   |Block Adobe Reader from creating child processes     |   Block      |
+   |Block execution of potentially obfuscated scripts     |    Block     |
+   |Block abuse of exploited vulnerable signed drivers (Device)     |  Block       |
+   |Block Win32 API calls from Office macros     | Block        |
+   |Block executable files from running unless they meet a prevalence, age, or trusted list criterion     | Block        |
+   |Block Office communication application from creating child processes     | Block        |
+   |Block all Office applications from creating child processes     |  Block       |
+   |[PREVIEW] Block use of copied or impersonated system tools     |  Block       |
+   |Block JavaScript or VBScript from launching downloaded executable content     | Block        |
+   |Block credential stealing from the Windows local security authority subsystem     | Block        |
+   |Block Webshell creation for Servers     |   Block      |
+   |Block Office applications from creating executable content     |  Block       |
+   |Block untrusted and unsigned processes that run from USB     |   Block      |
+   |Block Office applications from injecting code into other processes     | Block        |
+   |Block persistence through WMI event subscription     |  Block       |
+   |Use advanced protection against ransomware     |  Block       |
+   |Block process creations originating from PSExec and WMI commands     | Block<br>NOTE: If you have Configuration Manager (formerly SCCM), or other management tools, that use WMI, you might need to set this to **Audit** instead of **Block**.        |
+   |[PREVIEW] Block rebooting machine in Safe Mode     | Block      |
+   |Enable Controlled Folder Access     |  Enabled       |
 
 > [!TIP]
 > Any of the rules may block behavior you find acceptable in your organization. In these cases, add the per-rule exclusions named “Attack Surface Reduction Only Exclusions”.  And, change the rule from **Enabled** to **Audit** to prevent unwanted blocks.
@@ -175,9 +175,9 @@ To enable Attack Surface Reduction (ASR) rules using the endpoint security polic
 
 #### Check the platform update version
 
-The latest Platform Update” version Production channel (GA) is available in [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623+update).
+The latest "Platform Update" version Production channel (GA) is available in [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623+update).
 
-To check which "Platform Update” version you have installed, run the following command in PowerShell using the privileges of an administrator:
+To check which "Platform Update" version you have installed, run the following command in PowerShell using the privileges of an administrator:
 
 `get-mpComputerStatus | ft AMProductVersion`
 

defender-endpoint/mac-install-with-intune.md

@@ -403,7 +403,7 @@ After completing the profile configuration, you'll be able to review the status
 
 Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** \> **Device status**:
 
-:::image type="content" source="../defender-endpoint/media/mdatp-7-devicestatusblade.png" alt-text="Screenshot that shows the view of the device status" lightbox="../defender-endpoint/media/mdatp-7-devicestatusblade.png":::
+:::image type="content" source="../defender-endpoint/media/mdatp-7-devicestatusblade.png" alt-text="Screenshot that shows the view of the device status." lightbox="../defender-endpoint/media/mdatp-7-devicestatusblade.png":::
 
 #### Client device setup
 
@@ -431,11 +431,11 @@ A standard [Company Portal installation](/intune-user-help/enroll-your-device-in
 
    :::image type="content" source="../defender-endpoint/media/mdatp-13-systempreferences.png" alt-text="Screenshot that shows the System preferences page." lightbox="../defender-endpoint/media/mdatp-13-systempreferences.png":::
 
-   :::image type="content" source="../defender-endpoint/media/mdatp-14-systempreferencesprofiles.png" alt-text="Screenshot that shows the System Preferences Profiles page" lightbox="../defender-endpoint/media/mdatp-14-systempreferencesprofiles.png":::
+   :::image type="content" source="../defender-endpoint/media/mdatp-14-systempreferencesprofiles.png" alt-text="Screenshot that shows the System Preferences Profiles page." lightbox="../defender-endpoint/media/mdatp-14-systempreferencesprofiles.png":::
 
 2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune:
 
-   :::image type="content" source="../defender-endpoint/media/mdatp-15-managementprofileconfig.png" alt-text="Screenshot that shows the Profiles page" lightbox="../defender-endpoint/media/mdatp-15-managementprofileconfig.png":::
+   :::image type="content" source="../defender-endpoint/media/mdatp-15-managementprofileconfig.png" alt-text="Screenshot that shows the Profiles page." lightbox="../defender-endpoint/media/mdatp-15-managementprofileconfig.png":::
 
 3. You should also see the Microsoft Defender for Endpoint icon in the top-right corner.