Corrected some typos

ATPDocs/deploy/remote-calls-sam.md

@@ -27,7 +27,7 @@ This article describes the configuration changes required to allow the Defender
 To ensure that Windows clients and servers allow your Defender for Identity Directory Services Account (DSA) to perform SAM-R queries, you must modify the **Group Policy** and add the DSA, in **addition to the configured accounts** listed in the **Network access** policy. Make sure to apply group policies to all computers **except domain controllers**.
 
 > [!IMPORTANT]
-> Perform this procedure in [*audit mode*](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls#audit-only-mode) first, verifying the compatibility of the proposed configuration before making the changes to your production environment.
+> Perform this procedure in the [*audit mode*](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls#audit-only-mode) first, by verifying the compatibility of the proposed configuration before making the changes to your production environment.
 >
 > Testing in audit mode is critical in ensuring that your environment remains secure, and any changes will not impact your application compatibility. You may observe increased SAM-R traffic, generated by the Defender for Identity sensors.
 >
@@ -38,9 +38,9 @@ To ensure that Windows clients and servers allow your Defender for Identity Dire
 
     :::image type="content" source="../media/samr-policy-location.png" alt-text="Screenshot of the Network access policy selected." lightbox="../media/samr-policy-location.png":::
 
-1. Add the DSA to the list of approved accounts able to perform this action, together with any other account that you've discovered during audit mode
+1. Add the DSA to the list of approved accounts able to perform this action, together with any other account that you've discovered during audit mode.
 
-For more information, see [Network access: Restrict clients allowed to make remote calls to SAM](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls).
+   For more information, see [Network access: Restrict clients allowed to make remote calls to SAM](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls).
 
 ## Make sure the DSA is allowed to access computers from the network (optional)
 
@@ -55,16 +55,16 @@ For more information, see [Network access: Restrict clients allowed to make remo
 
 1. Add the Defender for Identity Directory Service account to the list of approved accounts.
 
-> [!IMPORTANT]
-> When configuring user rights assignments in group policies, it's important to note that the setting *replaces* the previous one rather than adding to it. Therefore, make sure to include *all* the desired accounts in the effective group policy. By default, workstations and servers include the following accounts: Administrators, Backup Operators, Users, and Everyone
->
-> The [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319) recommends replacing the default *Everyone* with *Authenticated Users* to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the [Access this computer from the network](/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network) setting from a GPO, and consider including *Authenticated Users* in the GPO if needed.
+    > [!IMPORTANT]
+    > When configuring user rights assignments in group policies, it's important to note that the setting *replaces* the previous one rather than adding to it. Therefore, make sure to include *all* the desired accounts in the effective group policy. By default, workstations and servers include the following accounts: Administrators, Backup Operators, Users, and Everyone.
+    >
+    > The [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319) recommends replacing the default *Everyone* with *Authenticated Users* to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the [Access this computer from the network](/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network) setting from a GPO, and consider including *Authenticated Users* in the GPO if needed.
 
 ## Configure a Device profile for Microsoft Entra hybrid joined devices only
 
 This procedure describes how to use the [Microsoft Intune admin center](https://intune.microsoft.com/) to configure the policies in a Device profile if you're working with Microsoft Entra hybrid joined devices.
 
-1. In the Microsoft Intune admin center, create a new Device profile, defining the following values:
+1. In the Microsoft Intune admin center, create a new Device profile, define the following values:
 
     - **Platform**: Windows 10 or later
     - **Profile type**: Settings catalog
@@ -93,7 +93,7 @@ This procedure describes how to use the [Microsoft Intune admin center](https://
 
 1. Continue the wizard to select the **scope tags** and **assignments**, and select **Create** to create your profile.
 
-For more information, see [Apply features and settings on your devices using device profiles in Microsoft Intune](/mem/intune/configuration/device-profiles).
+   For more information, see [Apply features and settings on your devices using device profiles in Microsoft Intune](/mem/intune/configuration/device-profiles).
 
 ## Next step