diff --git a/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md b/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
index ff73e7886d0e1..479b50d4bb665 100644
--- a/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
+++ b/articles/azure-stack/azure-stack-kv-push-secret-into-vm.md
@@ -41,6 +41,8 @@ The following steps describe the process to push a certificate onto the virtual
 3. Upload the certificate into the key vault.
 4. Deploy a template to create a virtual machine and push the certificate onto it.
 
+**Create a secret in the key vault**
+
 The following script creates a certificate in the .pfx format, creates a key vault, and stores the certificate in the key vault as a secret. You must use the `-EnabledForDeployment` parameter when you're creating the key vault. This parameter makes sure that the key vault can be referenced from Azure Resource Manager templates.
 
 ```powershell
@@ -108,6 +110,8 @@ When you run the previous script, the output includes the secret URI. Make a not
 
 Modify the `azuredeploy.parameters.json` file according to your environment values. The parameters of special interest are the vault name, the vault resource group, and the secret URI (as generated by the previous script). The following file is an example of a parameter file:
 
+**azuredeploy.parameters.json:**
+
 ```json
 {
   "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
@@ -141,6 +145,8 @@ Modify the `azuredeploy.parameters.json` file according to your environment valu
 }
 ```
 
+**Template deployment:**
+
 Now deploy the template by using the following PowerShell script:
 
 ```powershell