s

windows/security/threat-protection/TOC.md

@@ -265,7 +265,7 @@
 ######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
 
 ####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md)
-######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
+######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
 ######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
@@ -274,8 +274,8 @@
 
 
 ####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md)
-######## [List MachineActions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
+######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Get MachineAction](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
+######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
 ######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
 ######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
 ######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -262,7 +262,7 @@
 ####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
 
 ###### [Machine](machine-windows-defender-advanced-threat-protection-new.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection-new.md)
+####### [List machines](get-machines-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
 ####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
@@ -270,8 +270,8 @@
 ####### [Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
 
 ###### [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md)
-####### [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
+####### [List Machine Actions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-####### [Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
+####### [Get Machine Action](get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
 ####### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
 ####### [Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
 ####### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md

@@ -15,10 +15,12 @@ ms.date: 12/08/2017
 
 # Add or Remove Machine Tags API
 
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 - Adds or remove tag to a specific machine.
 
 ## Permissions
@@ -68,10 +70,10 @@ Here is an example of a request that adds machine tag.
 [!include[Improve request performance](improverequestperformance-new.md)]
 
 ```
-POST https://api.securitycenter.windows.com/api/machines/863fed4b174465c703c6e412965a31b5e1884cc4/tags
+POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
 Content-type: application/json
 {
-  "Value" : "Test Tag",
+  "Value" : "test Tag 2",
   "Action": "Add"
 }
 
@@ -85,26 +87,24 @@ HTTP/1.1 200 Ok
 Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine/$entity",
-    "id": "863fed4b174465c703c6e412965a31b5e1884cc4",
+    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "mymachine55.contoso.com",
+    "computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2018-07-31T14:20:55.8223496Z",
+    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-    "lastSeen": "2018-09-27T08:44:05.6228836Z",
+	"lastSeen": "2018-08-02T14:55:03.7791856Z",
     "osPlatform": "Windows10",
-    "osVersion": null,
+    "osVersion": "10.0.0.0",
-    "lastIpAddress": "10.248.240.38",
+    "lastIpAddress": "172.17.230.209",
-    "lastExternalIpAddress": "167.220.2.166",
+    "lastExternalIpAddress": "167.220.196.71",
-    "agentVersion": "10.3720.16299.98",
+    "agentVersion": "10.5830.18209.1001",
-    "osBuild": 16299,
+    "osBuild": 18209,
     "healthStatus": "Active",
+    "rbacGroupId": 140,
+    "riskScore": "Low",
 	"isAadJoined": true,
-    "machineTags": [
+    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-        "Test Tag"
+	"machineTags": [ "test tag 1", "test tag 2" ]
-    ],
-    "rbacGroupId": 75,
-    "riskScore": "Medium",
-    "aadDeviceId": null
 }
 
 ```
 
-To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
+- To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.

windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md

@@ -46,25 +46,22 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "b9d4c51123327fb2a25db29ff1b8f3b64888e7ba",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-03-07T11:19:11.7234147Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-15T11:23:38.3196947Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.17.255.241",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "123.220.196.180",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6400.18282.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18282,
+            "osBuild": 18209,
             "healthStatus": "Active",
+            "rbacGroupId": 140,
+            "riskScore": "High",
 			"isAadJoined": true,
-            "machineTags": [
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-                "ExampleTag"
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
-            ],
-            "rbacGroupId": 5,
-            "rbacGroupName": "Developers",
-            "riskScore": "North",
-            "aadDeviceId": null
         },
 		.
 		.
@@ -134,23 +131,22 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "e3a77eeddb83d581238792387b1239b01286b2f",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2016-11-02T23:26:03.7882168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T10:27:08.708723Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.123.10.33",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "124.124.160.172",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18279.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18279,
+            "osBuild": 18209,
-            "healthStatus": "ImpairedCommunication",
+            "healthStatus": "Active",
-            "isAadJoined": true,
+            "rbacGroupId": 140,
-            "machineTags": [],
-            "rbacGroupId": 5,
-            "rbacGroupName": "Developers",
             "riskScore": "High",
-            "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a"
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
         },
 		.
 		.
@@ -176,23 +172,22 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "1113333ddb83d581238792387b1239b01286b2f",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples.dev.corp.Contoso.com",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2016-11-02T23:26:03.7882168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T10:27:08.708723Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
             "osVersion": "10.0.0.0",
-            "lastIpAddress": "123.123.10.33",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "124.124.160.172",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18279.1001",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18279,
+            "osBuild": 18209,
-            "healthStatus": "ImpairedCommunication",
+            "healthStatus": "Active",
+            "rbacGroupId": 140,
+            "riskScore": "High",
 			"isAadJoined": true,
-            "machineTags": [],
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "rbacGroupId": 5,
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
-            "rbacGroupName": "Developers",
-            "riskScore": "Medium",
-            "aadDeviceId": "d90b0b99-1234-1234-1234-b91d50c6796a"
         },
 		.
 		.
@@ -206,7 +201,7 @@ Content-type: application/json
 - Get all the machines that last seen after 2018-10-20
 
 ```
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-10-20Z
+HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z
 ```
 
 **Response:**
@@ -218,23 +213,22 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "83113465ffceca4a731234e5dcde3357e026e873",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "examples-vm10",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-11-12T16:07:50.1706168Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-11-12T16:07:50.1706168Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
-            "osPlatform": "WindowsServer2019",
+            "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "lastIpAddress": "10.123.72.35",
+            "lastIpAddress": "172.17.230.209",
-            "lastExternalIpAddress": "123.220.2.3",
+            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.6300.18281.1000",
+            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18281,
+            "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": false,
+            "rbacGroupId": 140,
-            "machineTags": [],
+            "riskScore": "High",
-            "rbacGroupId": 5,
+			"isAadJoined": true,
-            "rbacGroupName": "Developers",
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "riskScore": "None",
+			"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
-            "aadDeviceId": null
         },
 		.
 		.

windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md

@@ -15,11 +15,12 @@ ms.date: 12/08/2017
 
 # Find machines by internal IP API
 
-[!include[Prerelease information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
 - Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
 - The given timestamp must be in the past 30 days.
 
@@ -83,22 +84,22 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "863fed4b174465c703c6e412965a31b5e1884cc4",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine33.contoso.com",
+			"computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-07-31T14:20:55.8223496Z",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": null,
+			"lastSeen": "2018-09-22T08:55:03.7791856Z",
 			"osPlatform": "Windows10",
-            "osVersion": null,
+			"osVersion": "10.0.0.0",
 			"lastIpAddress": "10.248.240.38",
-            "lastExternalIpAddress": "167.220.2.166",
+			"lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.3720.16299.98",
+			"agentVersion": "10.5830.18209.1001",
-            "osBuild": 16299,
+			"osBuild": 18209,
 			"healthStatus": "Active",
+			"rbacGroupId": 140,
+			"riskScore": "Low",
 			"isAadJoined": true,
-            "machineTags": [],
+			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "rbacGroupId": 75,
+			"machineTags": [ "test tag 1", "test tag 2" ]
-            "riskScore": "Medium",
-            "aadDeviceId": null
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md

@@ -14,12 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related machine information API
+
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-Retrieves machine that is related to a specific alert.
+- Retrieves machine that is related to a specific alert.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -77,22 +78,21 @@ HTTP/1.1 200 OK
 Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity",
-    "id": "ff0c3800ed8d66738a514971cd6867166809369f",
+    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-    "computerDnsName": "amazingmachine.contoso.com",
+    "computerDnsName": "mymachine1.contoso.com",
-    "firstSeen": "2017-12-10T07:47:34.4269783Z",
+    "firstSeen": "2018-08-02T14:55:03.7791856Z",
-	"lastSeen": "2017-12-10T07:47:34.4269783Z",
+	"lastSeen": "2018-08-02T14:55:03.7791856Z",
     "osPlatform": "Windows10",
     "osVersion": "10.0.0.0",
-    "systemProductName": null,
+    "lastIpAddress": "172.17.230.209",
-    "lastIpAddress": "172.17.0.0",
+    "lastExternalIpAddress": "167.220.196.71",
-    "lastExternalIpAddress": "167.220.0.0",
+    "agentVersion": "10.5830.18209.1001",
-    "agentVersion": "10.5830.17732.1001",
+    "osBuild": 18209,
-    "osBuild": 17732,
     "healthStatus": "Active",
-    "isAadJoined": true,
+    "rbacGroupId": 140,
-    "machineTags": [],
-    "rbacGroupId": 75,
     "riskScore": "Low",
-    "aadDeviceId": "80fe8ff8-0000-0000-9591-41f0491218f9"
+	"isAadJoined": true,
+    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+	"machineTags": [ "test tag 1", "test tag 2" ]
 }
 ```

windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md

@@ -24,7 +24,7 @@ ms.date: 12/08/2017
 - Retrieves a collection of Alerts.
 - Supports [OData V4 queries](https://www.odata.org/documentation/).
 - The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
-
+- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -132,3 +132,6 @@ Here is an example of the response.
 	]
 }
 ```
+
+## Related topics
+- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -80,42 +80,40 @@ Content-type: application/json
     "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
     "value": [
         {
-            "id": "02ea9a24e8bd39c247ed7ca0edae879c321684e5",
+            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "testMachine1",
+            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-07-30T20:12:00.3708661Z",
+            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2018-07-30T20:12:00.3708661Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
+            "lastIpAddress": "172.17.230.209",
-            "lastIpAddress": "10.209.67.177",
+            "lastExternalIpAddress": "167.220.196.71",
-            "lastExternalIpAddress": "167.220.1.210",
+            "agentVersion": "10.5830.18209.1001",
-            "agentVersion": "10.5830.18208.1000",
+            "osBuild": 18209,
-            "osBuild": 18208,
+            "healthStatus": "Active",
-            "healthStatus": "Inactive",
+            "rbacGroupId": 140,
-            "isAadJoined": false,
-            "machineTags": [],
-            "rbacGroupId": 75,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
-            "id": "02efb9a9b85f07749a018fbf3f962b4700b3b949",
+            "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
-            "computerDnsName": "testMachine2",
+            "computerDnsName": "mymachine2.contoso.com",
-            "firstSeen": "2018-07-30T19:50:47.3618349Z",
+            "firstSeen": "2018-07-09T13:22:45.1250071Z",
-			"lastSeen": "2018-07-30T19:50:47.3618349Z",
+			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
+            "lastIpAddress": "192.168.12.225",
-            "lastIpAddress": "10.209.70.231",
+            "lastExternalIpAddress": "79.183.65.82",
-            "lastExternalIpAddress": "167.220.0.28",
+            "agentVersion": "10.5820.17724.1000",
-            "agentVersion": "10.5830.18208.1000",
+            "osBuild": 17724,
-            "osBuild": 18208,
             "healthStatus": "Inactive",
+			"rbacGroupId": 140,
+            "riskScore": "Low",
 			"isAadJoined": false,
-            "machineTags": [],
+            "aadDeviceId": null,
-            "rbacGroupId": 75,
+			"machineTags": [ "test tag 1" ]
-            "riskScore": "None",
-            "aadDeviceId": null
         }
 	]
 }

windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Get file related machines API
+
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-Retrieves a collection of machines related to a given file hash.
+- Retrieves a collection of machines related to a given file hash.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -83,39 +84,37 @@ Content-type: application/json
             "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
             "computerDnsName": "mymachine1.contoso.com",
             "firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lasttSeen": "2018-07-09T13:22:45.1250071Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "172.17.230.209",
             "lastExternalIpAddress": "167.220.196.71",
             "agentVersion": "10.5830.18209.1001",
             "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
-            "machineTags": [],
             "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
             "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
             "computerDnsName": "mymachine2.contoso.com",
             "firstSeen": "2018-07-09T13:22:45.1250071Z",
-			"lasttSeen": "2018-07-09T13:22:45.1250071Z",
+			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "192.168.12.225",
             "lastExternalIpAddress": "79.183.65.82",
             "agentVersion": "10.5820.17724.1000",
             "osBuild": 17724,
             "healthStatus": "Inactive",
-            "isAadJoined": true,
-            "machineTags": [],
 			"rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": false,
+            "aadDeviceId": null,
+			"machineTags": [ "test tag 1" ]
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -85,18 +85,17 @@ Content-type: application/json
             "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "172.17.230.209",
             "lastExternalIpAddress": "167.220.196.71",
             "agentVersion": "10.5830.18209.1001",
             "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
-            "machineTags": [],
             "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
             "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
@@ -104,18 +103,17 @@ Content-type: application/json
             "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "192.168.12.225",
             "lastExternalIpAddress": "79.183.65.82",
             "agentVersion": "10.5820.17724.1000",
             "osBuild": 17724,
             "healthStatus": "Inactive",
-            "isAadJoined": true,
-            "machineTags": [],
 			"rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": false,
+            "aadDeviceId": null,
+			"machineTags": [ "test tag 1" ]
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md

@@ -15,12 +15,13 @@ ms.date: 12/08/2017
 
 # Get machine by ID API
 
-[!include[Prerelease information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Retrieves a machine entity by ID.
+
+[!include[Prerelease information](prerelease.md)]
+
+- Retrieves a machine entity by ID.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -85,18 +86,17 @@ Content-type: application/json
     "firstSeen": "2018-08-02T14:55:03.7791856Z",
 	"lastSeen": "2018-08-02T14:55:03.7791856Z",
     "osPlatform": "Windows10",
-    "osVersion": null,
+    "osVersion": "10.0.0.0",
-    "systemProductName": null,
     "lastIpAddress": "172.17.230.209",
     "lastExternalIpAddress": "167.220.196.71",
     "agentVersion": "10.5830.18209.1001",
     "osBuild": 18209,
     "healthStatus": "Active",
-    "isAadJoined": true,
-    "machineTags": [],
     "rbacGroupId": 140,
     "riskScore": "Low",
-    "aadDeviceId": null
+	"isAadJoined": true,
+    "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+	"machineTags": [ "test tag 1", "test tag 2" ]
 }
 
 ```

windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md

@@ -14,12 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Get machineAction API
+
 **Applies to:**
+
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-Get action performed on a machine.
+- Get action performed on a machine.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md

@@ -15,14 +15,16 @@ ms.date: 12/08/2017
 
 # List MachineActions API
 
-[!include[Prerelease information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
- Gets collection of actions done on machines. 
+[!include[Prerelease information](prerelease.md)]
- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+
+- Gets collection of actions done on machines. 
+- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type" and "CreationDateTimeUtc".
+- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -167,3 +169,6 @@ Content-type: application/json
     ]
 }
 ```
+
+## Related topics
+- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md

@@ -24,6 +24,7 @@ ms.date: 12/08/2017
 - Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days.
 - Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
 - The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
+- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions
 
@@ -87,18 +88,17 @@ Content-type: application/json
             "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "172.17.230.209",
             "lastExternalIpAddress": "167.220.196.71",
             "agentVersion": "10.5830.18209.1001",
             "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
-            "machineTags": [],
             "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
             "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
@@ -106,19 +106,21 @@ Content-type: application/json
             "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "192.168.12.225",
             "lastExternalIpAddress": "79.183.65.82",
             "agentVersion": "10.5820.17724.1000",
             "osBuild": 17724,
             "healthStatus": "Inactive",
-            "isAadJoined": true,
-            "machineTags": [],
 			"rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": false,
+            "aadDeviceId": null,
+			"machineTags": [ "test tag 1" ]
         }
     ]
 }
 ```
+
+## Related topics
+- [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,6 +14,7 @@ ms.date: 12/08/2017
 ---
 
 # Get user related machines API
+
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
@@ -87,18 +88,17 @@ Content-type: application/json
             "firstSeen": "2018-08-02T14:55:03.7791856Z",
 			"lastSeen": "2018-08-02T14:55:03.7791856Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "172.17.230.209",
             "lastExternalIpAddress": "167.220.196.71",
             "agentVersion": "10.5830.18209.1001",
             "osBuild": 18209,
             "healthStatus": "Active",
-            "isAadJoined": true,
-            "machineTags": [],
             "rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": true,
+            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         },
         {
             "id": "7292e4b8cb74ff1cc3d8a495eb29dc8858b732f7",
@@ -106,18 +106,17 @@ Content-type: application/json
             "firstSeen": "2018-07-09T13:22:45.1250071Z",
 			"lastSeen": "2018-07-09T13:22:45.1250071Z",
             "osPlatform": "Windows10",
-            "osVersion": null,
+            "osVersion": "10.0.0.0",
-            "systemProductName": null,
             "lastIpAddress": "192.168.12.225",
             "lastExternalIpAddress": "79.183.65.82",
             "agentVersion": "10.5820.17724.1000",
             "osBuild": 17724,
             "healthStatus": "Inactive",
-            "isAadJoined": true,
-            "machineTags": [],
 			"rbacGroupId": 140,
             "riskScore": "Low",
-            "aadDeviceId": null
+			"isAadJoined": false,
+            "aadDeviceId": null,
+			"machineTags": [ "test tag 1" ]
         }
     ]
 }

windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md

@@ -35,13 +35,14 @@ firstSeen | DateTimeOffset | First date and time where the [machine](machine-win
 lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP.
 osPlatform | String | OS platform.
 osVersion | String | OS Version.
-lastIpAddress | Ip | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
+lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
-lastExternalIpAddress | Ip | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
+lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
 agentVersion | String | Version of WDATP agent.
-osBuild | Int | OS build number.
+osBuild | Nullable long | OS build number.
 healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
-isAadJoined | Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined.
+rbacGroupId | Int | RBAC Group ID.
+rbacGroupName | String | RBAC Group Name.
+riskScore | Nullable Enum | Risk score as evaluated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+isAadJoined | Nullable Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined.
+aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
 machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.
-rbacGroupId | Int | Group ID.
-riskScore | String | Risk score as evaludated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
-aadDeviceId | String | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).