diff --git a/CloudAppSecurityDocs/protect-salesforce.md b/CloudAppSecurityDocs/protect-salesforce.md
index 8540e1bc2a..bc6d26ea91 100644
--- a/CloudAppSecurityDocs/protect-salesforce.md
+++ b/CloudAppSecurityDocs/protect-salesforce.md
@@ -55,7 +55,7 @@ You can use the following built-in policy templates to detect and notify you abo
| Type | Name |
| ---- | ---- |
-| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)
[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)
[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)
[Impossible travel](anomaly-detection-policy.md#impossible-travel)
[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)
[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)
[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
+| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)
[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)
[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)
[Impossible travel](anomaly-detection-policy.md#impossible-travel)
[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)
[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)
[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user) (Temporarily not supported due to limitation in Salesforce API)
[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)
[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
| Activity policy template | Logon from a risky IP address
Mass download by a single user|
| File policy template | Detect a file shared with an unauthorized domain
Detect a file shared with personal email addresses|
@@ -102,15 +102,15 @@ This section provides instructions for connecting Microsoft Defender for Cloud
* Sign in to your Salesforce account and go to the **Setup Home** page.
- * Under **Administration** -> **Users**, go to the **Profiles** page.
-
- 
-
+ * Under **Administration** -> **Users**, go to the **Profiles** page.
+
+ 
+
* Create a new profile by selecting **New Profile**.
- * Choose the profile you just created to deploy Defender for Cloud Apps and select **Edit**. This profile will be used for the Defender for Cloud Apps service account to set up the App connector.
-
- 
-
+ * Choose the profile you just created to deploy Defender for Cloud Apps and select **Edit**. This profile will be used for the Defender for Cloud Apps service account to set up the App connector.
+
+ 
+
* Make sure you have the following checkboxes enabled:
* **API Enabled**
* **View All Data**
@@ -125,20 +125,20 @@ This section provides instructions for connecting Microsoft Defender for Cloud
1. If your organization has **Salesforce CRM Content** enabled, make sure that the current administrative account has it enabled as well.
1. Go to the Salesforce **Setup Home** page.
- 1. Under **Administration** -> **Users**, go to the **Users** page.
-
- 
-
+ 1. Under **Administration** -> **Users**, go to the **Users** page.
+
+ 
+
1. Select the current administrative user to your dedicated Defender for Cloud Apps user.
- 1. Make sure that the **Salesforce CRM Content User** check box is selected.
-
- 
-
- 1. Go to **Setup Home** -> **Security** -> **Session Settings**. Under **Session Settings**, make sure that **Lock sessions to the IP address from which they originated** check box is **not** selected.
-
- 
-
+ 1. Make sure that the **Salesforce CRM Content User** check box is selected.
+
+ 
+
+ 1. Go to **Setup Home** -> **Security** -> **Session Settings**. Under **Session Settings**, make sure that **Lock sessions to the IP address from which they originated** check box is **not** selected.
+
+ 
+
1. Select **Save**.
1. Go to **Apps** -> **Feature Settings** -> **Salesforce Files** -> **Content Deliveries and Public Links**.
@@ -156,7 +156,7 @@ This section provides instructions for connecting Microsoft Defender for Cloud
1. In the **App connectors** page, select **+Connect an app** followed by **Salesforce**.
-
+
1. In the next window, give the connection a name and select **Next**.
1. In the **Follow the link** page, select **Connect Salesforce**.
@@ -164,7 +164,7 @@ This section provides instructions for connecting Microsoft Defender for Cloud
1. This opens the Salesforce sign in page. Enter your credentials to allow Defender for Cloud Apps access to your team's Salesforce app.
-
+
1. Salesforce will ask you if you want to allow Defender for Cloud Apps access to your team information and activity log and perform any activity as any team member. To continue, select **Allow**.
1. At this point, you'll receive a success or failure notice for the deployment. Defender for Cloud Apps is now authorized in Salesforce.com.