Update alert-policies.md

diannegali · web-flow · commit fa58c578b5db · 2025-05-12T14:34:54.000+01:00
diff --git a/defender-xdr/alert-policies.md b/defender-xdr/alert-policies.md
@@ -97,9 +97,9 @@ You can also define user tags as a condition of an alert policy. This definition
 
     ![Configure how alerts are triggered, based on when the activity occurs, a threshold, or unusual activity for your organization.](media/howalertsaretriggered.png)
   
-      If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts aren't generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.
+    If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts aren't generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.
 
-      > [!NOTE]
+    > [!NOTE]
     > The ability to configure alert policies based on a threshold or based on unusual activity requires an E5/G5 subscription, or an E1/F1/G1 or E3/F3/G3 subscription with a Microsoft Defender for Office 365 P2, Microsoft 365 E5 Compliance, or Microsoft 365 eDiscovery and Audit add-on subscription. Organizations with an E1/F1/G1 and E3/F3/G3 subscription can only create alert policies where an alert is triggered every time that an activity occurs.
 
 - **Alert category**. To help with tracking and managing the alerts generated by a policy, you can assign one of the following categories to a policy.
