machine --> device text updates

windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md

@@ -1,7 +1,7 @@
 ---
 title: Onboard servers to the Microsoft Defender ATP service
 description: Onboard servers so that they can send sensor data to the Microsoft Defender ATP sensor.
-keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers
+keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -78,7 +78,7 @@ You'll need to take the following steps if you choose to onboard servers through
     Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
 
 > [!TIP]
-> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
 
 ### Configure and update System Center Endpoint Protection clients
 
@@ -92,7 +92,7 @@ The following steps are required to enable this integration:
 
 ### Turn on Server monitoring from the Microsoft Defender Security Center portal
 
-1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**.
 
 2. Select Windows Server 2012 R2 and 2016 as the operating system.
 
@@ -123,7 +123,7 @@ Once completed, you should see onboarded servers in the portal within an hour.
 
 
 ### Option 2: Onboard servers through Azure Security Center
-1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**.
+1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**.
 
 2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system.
 
@@ -143,13 +143,13 @@ Supported tools include:
 - Group Policy
 - Microsoft Endpoint Configuration Manager
 - System Center Configuration Manager 2012 / 2012 R2  1511 / 1602
-- VDI onboarding scripts for non-persistent machines
+- VDI onboarding scripts for non-persistent devices
 
-For more information, see  [Onboard Windows 10 machines](configure-endpoints.md).
+For more information, see  [Onboard Windows 10 devices](configure-endpoints.md).
 
 Support for Windows Server, provide deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
 
-1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints.md).
+1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
 
 2. If you're running a third-party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings. Verify that it was configured correctly:
 
@@ -194,7 +194,7 @@ The following capabilities are included in this integration:
 
 
 ## Offboard servers
-You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client machines.
+You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices.
 
 For other server versions, you have two options to offboard servers from the service:
 - Uninstall the MMA agent
@@ -243,8 +243,8 @@ To offboard the server, you can use either of the following methods:
     ```
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Onboard Windows 10 devices](configure-endpoints.md)
-- [Onboard non-Windows machines](configure-endpoints-non-windows.md)
+- [Onboard non-Windows devices](configure-endpoints-non-windows.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md)
+- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
 - [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)

windows/security/threat-protection/microsoft-defender-atp/investigate-user.md

@@ -27,25 +27,25 @@ ms.date: 04/24/2018
 
 ## Investigate user account entities
 
-Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or machine to identify possible lateral movement between machines with that user account.
+Identify user accounts with the most active alerts (displayed on dashboard as "Users at risk") and investigate cases of potential compromised credentials, or pivot on the associated user account when investigating an alert or device to identify possible lateral movement between devices with that user account.
 
 You can find user account information in the following views:
 
 - Dashboard
 - Alert queue
-- Machine details page
+- Device details page
 
 A clickable user account link is available in these views, that will take you to the user account details page where more details about the user account are shown.
 
 When you investigate a user account entity, you'll see:
 
-- User account details, Azure Advanced Threat Protection (Azure ATP) alerts, and Logged on machines
+- User account details, Azure Advanced Threat Protection (Azure ATP) alerts, and Logged on devices
 - Alerts related to this user
-- Observed in organization (machines logged on to)
+- Observed in organization (devices logged on to)
 
 ![Image of the user account entity details page](images/atp-user-details-view-azureatp.png)
 
-The user account details, Azure ATP alerts, and logged on machines cards display various attributes about the user account.
+The user account details, Azure ATP alerts, and logged on devices cards display various attributes about the user account.
 
 ### User details
 
@@ -58,19 +58,19 @@ The **Azure Advanced Threat Protection** card will contain a link that will take
 >[!NOTE]
 >You'll need to enable the integration on both Azure ATP and Microsoft Defender ATP to use this feature. In Microsoft Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features.md).
 
-### Logged on machines
+### Logged on devices
 
-The **Logged on machines** card shows a list of the machines that the user has logged on to. You can expand these to see details of the log-on events for each machine.
+The **Logged on devices** card shows a list of the devices that the user has logged on to. You can expand these to see details of the log-on events for each device.
 
 ## Alerts related to this user
 
-The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
+The **Alerts related to this user** section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the device associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
 
 ## Observed in organization
 
-The **Observed in organization** section allows you to specify a date range to see a list of machines where this user was observed logged on to, the most frequent and least frequent logged on user account for each of these machines, and total observed users on each machine.
+The **Observed in organization** section allows you to specify a date range to see a list of devices where this user was observed logged on to, the most frequent and least frequent logged on user account for each of these devices, and total observed users on each device.
 
-Selecting an item on the Observed in organization table will expand the item, revealing more details about the machine. Directly selecting a link within an item will send you to the corresponding page.
+Selecting an item on the Observed in organization table will expand the item, revealing more details about the device. Directly selecting a link within an item will send you to the corresponding page.
 
 ![Image of observed in organization section](images/atp-observed-in-organization.png)
 
@@ -80,7 +80,7 @@ Selecting an item on the Observed in organization table will expand the item, re
 2. Enter the user account in the **Search** field.
 3. Click the search icon or press **Enter**.
 
-A list of users matching the query text is displayed. You'll see the user account's domain and name, when the user account was last seen, and the total number of machines it was observed logged on to in the last 30 days.
+A list of users matching the query text is displayed. You'll see the user account's domain and name, when the user account was last seen, and the total number of devices it was observed logged on to in the last 30 days.
 
 You can filter the results by the following time periods:
 
@@ -96,6 +96,6 @@ You can filter the results by the following time periods:
 - [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
 - [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
 - [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
-- [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md)
+- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
 - [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
 - [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)