Third set of doc updates - machine-->device

windows/security/threat-protection/microsoft-defender-atp/configure-siem.md

@@ -29,7 +29,7 @@ ms.topic: article
 
 >[!Note]
 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
+>- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
 >-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.

windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md

@@ -64,7 +64,7 @@ DeviceEvents
 
 You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app:
 
-1. Download the [Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the machine.
+1. Download the [Evaluation Package](https://aka.ms/mp7z2w) and extract the file *cfa-events.xml* to an easily accessible location on the device.
 
 2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
 

windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md

@@ -28,7 +28,7 @@ Creates new [Alert](alerts.md) on top of **Event**.
 <br>**Microsoft Defender ATP Event** is required for the alert creation.
 <br>You will need to supply 3 parameters from the Event in the request: **Event Time**, **Machine ID** and **Report ID**. See example below.
 <br>You can use an event found in Advanced Hunting API or Portal.
-<br>If there existing an open alert on the same Machine with the same Title, the new created alert will be merged with it.
+<br>If there existing an open alert on the same Device with the same Title, the new created alert will be merged with it.
 <br>An automatic investigation starts automatically on alerts created via the API.
 
 
@@ -48,7 +48,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 
@@ -71,7 +71,7 @@ Property | Type | Description
 :---|:---|:---
 eventTime | DateTime(UTC) | The precise time of the event as string, as obtained from advanced hunting. e.g. ```2018-08-03T16:45:21.7115183Z``` **Required**.
 reportId | String | The reportId of the event, as obtained from advanced hunting. **Required**.
-machineId | String | Id of the machine on which the event was identified. **Required**.
+machineId | String | Id of the device on which the event was identified. **Required**.
 severity | String | Severity of the alert. The property values are: 'Low', 'Medium' and 'High'. **Required**.
 title | String | Title for the alert. **Required**.
 description | String | Description of the alert. **Required**.

windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

@@ -23,7 +23,7 @@ ms.topic: article
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured machines. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
+Custom detection rules built from [Advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
 
 > [!NOTE]
 > To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
@@ -36,9 +36,9 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an
 #### Required columns in the query results
 To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns.
 
-There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each machine. 
+There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each device. 
 
-The sample query below counts the number of unique machines (`DeviceId`) with antivirus detections and uses this count to find only the machines with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function.
+The sample query below counts the number of unique devices (`DeviceId`) with antivirus detections and uses this count to find only the devices with more than five detections. To return the latest `Timestamp` and the corresponding `ReportId`, it uses the `summarize` operator with the `arg_max` function.
 
 ```kusto
 DeviceEvents
@@ -72,19 +72,19 @@ When saved, a new or edited custom detection rule immediately runs and checks fo
 
 Select the frequency that matches how closely you want to monitor detections, and consider your organization's capacity to respond to the alerts.
 
-### 3. Specify actions on files or machines.
+### 3. Specify actions on files or devices.
-Your custom detection rule can automatically take actions on files or machines that are returned by the query.
+Your custom detection rule can automatically take actions on files or devices that are returned by the query.
 
-#### Actions on machines
+#### Actions on devices
-These actions are applied to machines in the `DeviceId` column of the query results:
+These actions are applied to devices in the `DeviceId` column of the query results:
-- **Isolate machine** — applies full network isolation, preventing the machine from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about machine isolation](respond-machine-alerts.md#isolate-machines-from-the-network)
+- **Isolate device** — applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
-- **Collect investigation package** — collects machine information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-machines)
+- **Collect investigation package** — collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
-- **Run antivirus scan** — performs a full Windows Defender Antivirus scan on the machine
+- **Run antivirus scan** — performs a full Windows Defender Antivirus scan on the device
-- **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the machine
+- **Initiate investigation** — initiates an [automated investigation](automated-investigations.md) on the device
 
 #### Actions on files
 These actions are applied to files in the `SHA1` or the `InitiatingProcessSHA1` column of the query results:
-- **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected machine groups. This scope is independent of the scope of the rule.
+- **Allow/Block** — automatically adds the file to your [custom indicator list](manage-indicators.md) so that it is always allowed to run or blocked from running. You can set the scope of this action so that it is taken only on selected device groups. This scope is independent of the scope of the rule.
 - **Quarantine file** — deletes the file from its current location and places a copy in quarantine
 
 ### 4. Click **Create** to save and turn on the rule.

windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md

@@ -113,7 +113,7 @@ An allowed application or service only has write access to a controlled folder a
 
 ### Use Group Policy to allow specific apps
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 

windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md

@@ -25,7 +25,7 @@ manager: dansimp
 
 Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
 
-You configure these settings using the Windows Security app on an individual machine, and then export the configuration as an XML file that you can deploy to other machines. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
+You configure these settings using the Windows Security app on an individual device, and then export the configuration as an XML file that you can deploy to other devices. You can use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
 
 This topic lists each of the mitigations available in exploit protection, indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
 
@@ -136,7 +136,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 
 You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
 
-Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
+Exporting the configuration as an XML file allows you to copy the configuration from one device onto other devices.
 
 ## PowerShell reference
 
@@ -145,7 +145,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
  The configuration settings that were most recently modified will always be applied - regardless of whether you use PowerShell or Windows Security. This means that if you use the app to configure a mitigation, then use PowerShell to configure the same mitigation, the app will update to show the changes you made with PowerShell. If you were to then use the app to change the mitigation again, that change would apply.
 
  >[!IMPORTANT]
- >Any changes that are deployed to a machine through Group Policy will override the local configuration. When setting up an initial configuration, use a machine that will not have a Group Policy configuration applied to ensure your changes aren't overridden.
+ >Any changes that are deployed to a device through Group Policy will override the local configuration. When setting up an initial configuration, use a device that will not have a Group Policy configuration applied to ensure your changes aren't overridden.
 
  You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
 

windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md

@@ -30,16 +30,16 @@ This section covers some of the most frequently asked questions regarding privac
 
 ## What data does Microsoft Defender ATP collect?
 
-Microsoft Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
+Microsoft Defender ATP will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
 
-Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version).
+Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device details (such as device identifiers, names, and the operating system version).
 
 Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
 This data enables Microsoft Defender ATP to:
 - Proactively identify indicators of attack (IOAs) in your organization
 - Generate alerts if a possible attack was detected
-- Provide your security operations with a view into machines, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
+- Provide your security operations with a view into devices, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
 
 Microsoft does not use your data for advertising.
 

windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md

@@ -35,12 +35,12 @@ The Microsoft Defender Advanced Threat Protection agent depends on Windows Defen
 >[!IMPORTANT]
 >Microsoft Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. 
 
-You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
-If an onboarded machine is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
+If an onboarded device is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
 
 Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
 
-The Windows Defender Antivirus interface will be disabled, and users on the machine will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
+The Windows Defender Antivirus interface will be disabled, and users on the device will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options.
 
 For more information, see the [Windows Defender Antivirus and Microsoft Defender ATP compatibility topic](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).

windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md

@@ -33,7 +33,7 @@ There are three phases in deploying Microsoft Defender ATP:
 
  The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP. 
 
-There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
+There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
 
 ## In Scope
 

windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md

@@ -73,15 +73,15 @@ The following image shows an instance of unwanted software that was detected and
 
 ### Will EDR in block mode have any impact on a user's antivirus protection? 
 
-No. EDR in block mode does not affect third-party antivirus protection running on users' machines. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Windows Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. 
+No. EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Windows Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. 
 
 ### Why do I need to keep Windows Defender Antivirus up to date? 
 
-Because Windows Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest machine learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Windows Defender Antivirus up to date.  
+Because Windows Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Windows Defender Antivirus up to date.  
 
 ### Why do we need cloud protection on? 
 
-Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and machine learning models.
+Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
 
 ## Related articles
 

windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md

@@ -34,7 +34,7 @@ You can enable controlled folder access by using any of these methods:
 * [Group Policy](#group-policy)
 * [PowerShell](#powershell)
 
-[Audit mode](evaluate-controlled-folder-access.md) allows you to test how the feature would work (and review events) without impacting the normal use of the machine.
+[Audit mode](evaluate-controlled-folder-access.md) allows you to test how the feature would work (and review events) without impacting the normal use of the device.
 
 Group Policy settings that disable local administrator list merging will override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include:
 
@@ -91,7 +91,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt
 
 ## Group Policy
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 

windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md

@@ -41,9 +41,9 @@ You can enable each mitigation separately by using any of these methods:
 
 Exploit protection is configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have additional options.
 
-You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy them to other machines.
+You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy them to other devices.
 
-You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
+You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the device.
 
 ## Windows Security app
 
@@ -132,7 +132,7 @@ Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](htt
 
 ## Group Policy
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management device, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
 1. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 2. Expand the tree to **Windows components** > **Windows Defender Exploit Guard** > **Exploit Protection** > **Use a common set of exploit protection settings**.

windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md

@@ -29,7 +29,7 @@ Enable security information and event management (SIEM) integration so you can p
 
 >[!NOTE]
 >- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Machine and its related Alert details.
+>- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
 >- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Prerequisites

windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

@@ -1,5 +1,5 @@
 ---
-title: Enable Microsoft Defender ATP Insider Machine
+title: Enable Microsoft Defender ATP Insider Device
 description: Install and use Microsoft Defender ATP for Mac.
 keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
 search.product: eADQiWindows 10XVcnh
@@ -17,9 +17,9 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Enable Microsoft Defender ATP Insider Machine
+# Enable Microsoft Defender ATP Insider Device
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac machine to be an "Insider" machine as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
@@ -125,7 +125,7 @@ h. Select  **Manage > Assignments**. In the  **Include**  tab, select  *
 >[!WARNING]
 >You must enter the correct custom configuration profile name, otherwise these preferences will not be recognized by the product.
 
-## Enable the Insider program manually on a single machine
+## Enable the Insider program manually on a single device
 
 In terminal, run:
 
@@ -145,16 +145,16 @@ For versions earlier than 100.78.0, run:
 
 To get the latest version of the Microsoft Defender ATP for Mac, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
 
-To verify you are running the correct version, run ‘mdatp --health’ on the machine.
+To verify you are running the correct version, run ‘mdatp --health’ on the device.
 
 * The required version is 100.72.15 or later.
 * If the version is not as expected, verify that Microsoft Auto Update is set to automatically download and install updates by running ‘defaults read com.microsoft.autoupdate2’ from terminal.
 * To change update settings use documentation in [Update Office for Mac automatically](https://support.office.com/article/update-office-for-mac-automatically-bfd1e497-c24d-4754-92ab-910a4074d7c1).
 * If you are not using Office for Mac, download and run the AutoUpdate tool.
 
-### A machine still does not appear on Microsoft Defender Security Center
+### A device still does not appear on Microsoft Defender Security Center
 
-After a successful deployment and onboarding of the correct version, check that the machine has connectivity to the cloud service by running ‘mdatp --connectivity-test’.
+After a successful deployment and onboarding of the correct version, check that the device has connectivity to the cloud service by running ‘mdatp --connectivity-test’.
 
 * Check that you enabled the early preview flag. In terminal run “mdatp –health” and look for the value of “edrEarlyPreviewEnabled”. It should be “Enabled”.
 

windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md

@@ -47,7 +47,7 @@ Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode
 ```
 
 > [!TIP]
-> If you want to fully audit how attack surface reduction rules will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
+> If you want to fully audit how attack surface reduction rules will work in your organization, you'll need to use a management tool to deploy this setting to devices in your network(s).
 
 You can also use Group Policy, Intune, or MDM CSPs to configure and deploy the setting, as described in the main [Attack surface reduction rules topic](attack-surface-reduction.md).
 

windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md

@@ -45,7 +45,7 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
 ```
 
 > [!TIP]
-> If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
+> If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to devices in your network(s).
 You can also use Group Policy, Intune, MDM, or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
 
 ## Review controlled folder access events in Windows Event Viewer

windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md

@@ -21,9 +21,9 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and machine configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
+Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and device configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
 
-The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
+The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLUM]
 
@@ -31,7 +31,7 @@ With the simplified set-up experience, you can focus on running your own test sc
 
 You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
 
-You can add Windows 10 or Windows Server 2019 machines that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
+You can add Windows 10 or Windows Server 2019 devices that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
 
 You can also install threat simulators. Microsoft Defender ATP has partnered with industry leading threat simulation platforms to help you test out the Microsoft Defender ATP capabilities without having to leave the portal.
 
@@ -43,7 +43,7 @@ You'll need to fulfill the [licensing requirements](minimum-requirements.md#lice
 
 You must have **Manage security settings** permissions to:
 - Create the lab
-- Create machines
+- Create devices
 - Reset password
 - Create simulations 
  
@@ -58,12 +58,12 @@ You can access the lab from the menu. In the navigation menu, select **Evaluatio
 ![Image of the evaluation lab on the menu](images/evaluation-lab-menu.png)
 
 >[!NOTE]
->- Each environment is provisioned with a limited set of test machines.
+>- Each environment is provisioned with a limited set of test devices.
->- Depending the type of environment structure you select, machines will be available for the specified number of hours from the day of activation.
+>- Depending the type of environment structure you select, devices will be available for the specified number of hours from the day of activation.
->- When you've used up the provisioned machines, no new machines are provided. A deleted machine does not refresh the available test machine count.
+>- When you've used up the provisioned devices, no new devices are provided. A deleted device does not refresh the available test device count.
->- Given the limited resources, it’s advisable to use the machines carefully.
+>- Given the limited resources, it’s advisable to use the devices carefully.
 
-Already have a lab? Make sure to enable the new threat simulators and have active machines.
+Already have a lab? Make sure to enable the new threat simulators and have active devices.
 
 ## Setup the evaluation lab
 
@@ -71,7 +71,7 @@ Already have a lab? Make sure to enable the new threat simulators and have activ
 
     ![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png)
 
-2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Next**.
+2. Depending on your evaluation needs, you can choose to setup an environment with fewer devices for a longer period or more devices for a shorter period. Select your preferred lab configuration then select **Next**.
 
     ![Image of lab configuration options](images/lab-creation-page.png) 
 
@@ -83,28 +83,28 @@ Already have a lab? Make sure to enable the new threat simulators and have activ
     >[!IMPORTANT]
     >You'll first need to accept and provide consent to the terms and information sharing statements. 
 
-4. Select the threat simulation agent you'd like to use and enter your details. You can also choose to install threat simulators at a later time. If you choose to install threat simulation agents during the lab setup, you'll enjoy the benefit of having them conveniently installed on the machines you add.  
+4. Select the threat simulation agent you'd like to use and enter your details. You can also choose to install threat simulators at a later time. If you choose to install threat simulation agents during the lab setup, you'll enjoy the benefit of having them conveniently installed on the devices you add.  
     
     ![Image of summary page](images/lab-setup-summary.png)
 
 5.  Review the summary and select **Setup lab**.  
 
-After the lab setup process is complete, you can add machines and run simulations. 
+After the lab setup process is complete, you can add devices and run simulations. 
 
 
-## Add machines
+## Add devices
-When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. You can add Windows 10 or Windows Server 2019 machines.
+When you add a device to your environment, Microsoft Defender ATP sets up a well-configured device with connection details. You can add Windows 10 or Windows Server 2019 devices.
 
-The machine will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. 
+The device will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. 
 
    >[!TIP]
-   > Need more machines in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team. 
+   > Need more devices in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team. 
 
-If you chose to add a threat simulator during the lab setup, all machines will have the threat simulator agent installed in the machines that you add.
+If you chose to add a threat simulator during the lab setup, all devices will have the threat simulator agent installed in the devices that you add.
 
-The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. 
+The device will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. 
 
-  The following security components are pre-configured in the test machines:
+  The following security components are pre-configured in the test devices:
 
 - [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
 - [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
@@ -116,35 +116,35 @@ The machine will automatically be onboarded to your tenant with the recommended
 - [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
 
 >[!NOTE]
-> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
+> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the device through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
 
 Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).
 
 >[!NOTE]
->The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
+>The connection to the test devices is done using RDP. Make sure that your firewall settings allow RDP connections.
 
-1. From the dashboard, select **Add machine**. 
+1. From the dashboard, select **Add device**. 
 
-2. Choose the type of machine to add. You can choose to add Windows 10 or Windows Server 2019.
+2. Choose the type of device to add. You can choose to add Windows 10 or Windows Server 2019.
 
-    ![Image of lab setup with machine options](images/add-machine-options.png)
+    ![Image of lab setup with device options](images/add-machine-options.png)
 
 
     >[!NOTE]
-    >If something goes wrong with the machine creation process, you'll be notified and you'll need to submit a new request. If the machine creation fails, it will not be counted against the overall allowed quota. 
+    >If something goes wrong with the device creation process, you'll be notified and you'll need to submit a new request. If the device creation fails, it will not be counted against the overall allowed quota. 
 
-3. The connection details are displayed. Select **Copy** to save the password for the machine.
+3. The connection details are displayed. Select **Copy** to save the password for the device.
 
     >[!NOTE]
     >The password is only displayed once. Be sure to save it for later use.
 
-    ![Image of machine added with connection details](images/add-machine-eval-lab.png)
+    ![Image of device added with connection details](images/add-machine-eval-lab.png)
 
-4. Machine set up begins. This can take up to approximately 30 minutes. 
+4. Device set up begins. This can take up to approximately 30 minutes. 
 
-5. See the status of test machines, the risk and exposure levels, and the status of simulator installations by selecting the **Machines** tab. 
+5. See the status of test devices, the risk and exposure levels, and the status of simulator installations by selecting the **Devices** tab. 
 
-    ![Image of machines tab](images/machines-tab.png)
+    ![Image of devices tab](images/machines-tab.png)
     
 
     >[!TIP]
@@ -153,7 +153,7 @@ Automated investigation settings will be dependent on tenant settings. It will b
 
 
 ## Simulate attack scenarios
-Use the test machines to run your own attack simulations by connecting to them. 
+Use the test devices to run your own attack simulations by connecting to them. 
 
 You can simulate attack scenarios using:
 - The ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials)
@@ -166,11 +166,11 @@ If you are looking for a pre-made simulation, you can use our ["Do It Yourself"
 
 
 >[!NOTE]
->The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
+>The connection to the test devices is done using RDP. Make sure that your firewall settings allow RDP connections.
 
-1. Connect to your machine and run an attack simulation by selecting **Connect**. 
+1. Connect to your device and run an attack simulation by selecting **Connect**. 
 
-    ![Image of the connect button for test machines](images/test-machine-table.png)
+    ![Image of the connect button for test devices](images/test-machine-table.png)
 
 2. Save the RDP file and launch it by selecting **Connect**.
 
@@ -179,24 +179,24 @@ If you are looking for a pre-made simulation, you can use our ["Do It Yourself"
     >[!NOTE]
     >If you don't have a copy of the password saved during the initial setup, you can reset the password by selecting **Reset password** from the menu:
     > ![Image of reset password](images/reset-password-test-machine.png)<br>
-    > The machine will change it’s state to “Executing password reset", then you’ll be presented with your new password in a few minutes.
+    > The device will change it’s state to “Executing password reset", then you’ll be presented with your new password in a few minutes.
 
-3. Enter the password that was displayed during the machine creation step. 
+3. Enter the password that was displayed during the device creation step. 
 
    ![Image of window to enter credentials](images/enter-password.png)
 
-4. Run Do-it-yourself attack simulations on the machine. 
+4. Run Do-it-yourself attack simulations on the device. 
 
 
 ### Threat simulator scenarios
-If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab machines. 
+If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab devices. 
 
 
 Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender ATP capabilities within the confines of a lab environment.
 
 >[!NOTE]
 >Before you can run simulations, ensure the following requirements are met:
->- Machines must be added  to the evaluation lab
+>- Devices must be added  to the evaluation lab
 >- Threat simulators must be installed in the evaluation lab
 
 1. From the portal select **Create simulation**.
@@ -249,7 +249,7 @@ Each simulation comes with an in-depth description of the attack scenario and re
 
 
 ## Evaluation report
-The lab reports summarize the results of the simulations conducted on the machines. 
+The lab reports summarize the results of the simulations conducted on the devices. 
 
 ![Image of the evaluation report](images/eval-report.png)
 

windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md

@@ -29,12 +29,12 @@ ms.date: 05/21/2018
 
 
 
-You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual machines.
+You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual devices.
 
-For example, if machines are not appearing in the **Machines list**, you might need to look for event IDs on the machines. You can then use this table to determine further troubleshooting steps.
+For example, if devices are not appearing in the **Devices list**, you might need to look for event IDs on the devices. You can then use this table to determine further troubleshooting steps.
 
 > [!NOTE]
-> It can take several days for machines to begin reporting to the Microsoft Defender ATP service.
+> It can take several days for devices to begin reporting to the Microsoft Defender ATP service.
 
 **Open Event Viewer and find the Microsoft Defender ATP service event log:**
 
@@ -67,7 +67,7 @@ For example, if machines are not appearing in the **Machines list**, you might n
 <tr>
 <td>2</td>
 <td>Microsoft Defender Advanced Threat Protection service shutdown.</td>
-<td>Occurs when the machine is shut down or offboarded.</td>
+<td>Occurs when the device is shut down or offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
@@ -93,17 +93,17 @@ The service could not contact the external processing servers at that URL.</td>
 <tr>
 <td>6</td>
 <td>Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
-<td>The machine did not onboard correctly and will not be reporting to the portal.</td>
+<td>The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Onboarding must be run before starting the service.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>7</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: <code>variable</code>.</td>
-<td>Variable = detailed error description. The machine did not onboard correctly and will not be reporting to the portal.</td>
+<td>Variable = detailed error description. The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>8</td>
@@ -111,28 +111,28 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machin
 <td><strong>During onboarding:</strong> The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> <strong>During offboarding:</strong> The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  </td>
 <td><strong>Onboarding:</strong> No action required. <br><br> <strong>Offboarding:</strong> Reboot the system.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>9</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: <code>variable</code>.</td>
-<td><strong>During onboarding:</strong> The machine did not onboard correctly and will not be reporting to the portal. <br><br><strong>During offboarding:</strong> Failed to change the service start type. The offboarding process continues. </td>
+<td><strong>During onboarding:</strong> The device did not onboard correctly and will not be reporting to the portal. <br><br><strong>During offboarding:</strong> Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>10</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: <code>variable</code>.</td>
-<td>The machine did not onboard correctly and will not be reporting to the portal.</td>
+<td>The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>11</td>
 <td>Onboarding or re-onboarding of Microsoft Defender Advanced Threat Protection service completed.</td>
-<td>The machine onboarded correctly.</td>
+<td>The device onboarded correctly.</td>
 <td>Normal operating notification; no action required.<br>
-It may take several hours for the machine to appear in the portal.</td>
+It may take several hours for the device to appear in the portal.</td>
 </tr>
 <tr>
 <td>12</td>
@@ -142,7 +142,7 @@ It may take several hours for the machine to appear in the portal.</td>
 </tr>
 <tr>
 <td>13</td>
-<td>Microsoft Defender Advanced Threat Protection machine ID calculated: <code>variable</code>.</td>
+<td>Microsoft Defender Advanced Threat Protection device ID calculated: <code>variable</code>.</td>
 <td>Normal operating process.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
@@ -159,7 +159,7 @@ The service could not contact the external processing servers at that URL.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy" data-raw-source="[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)">Ensure the diagnostic data service is enabled</a>.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>18</td>
@@ -183,25 +183,25 @@ If this error persists after a system restart, ensure all Windows updates have f
 <tr>
 <td>25</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: <code>variable</code>.</td>
-<td>The machine did not onboard correctly.
+<td>The device did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>26</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: <code>variable</code>.</td>
-<td>The machine did not onboard correctly.<br>
+<td>The device did not onboard correctly.<br>
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>27</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: <code>variable</code>.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Microsoft Defender ATP.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Microsoft Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.<br>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
@@ -210,20 +210,20 @@ Ensure real-time antimalware protection is running properly.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy" data-raw-source="[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)">Ensure the diagnostic data service is enabled</a>.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>29</td>
 <td>Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 </td>
 <td>This event occurs when the system can&#39;t read the offboarding parameters.</td>
-<td>Ensure the machine has Internet access, then run the entire offboarding process again. Ensure the offboarding package has not expired.</td>
+<td>Ensure the device has Internet access, then run the entire offboarding process again. Ensure the offboarding package has not expired.</td>
 </tr>
 <tr>
 <td>30</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: <code>variable</code>.</td>
-<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Microsoft Defender ATP.</td>
+<td>Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Microsoft Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a><br>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a><br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
@@ -236,14 +236,14 @@ Ensure real-time antimalware protection is running properly.</td>
 <td>32</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1</td>
 <td>An error occurred during offboarding.</td>
-<td>Reboot the machine.</td>
+<td>Reboot the device.</td>
 </tr>
 <tr>
 <td>33</td>
 <td>Microsoft Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: <code>variable</code>.</td>
-<td>A unique identifier is used to represent each machine that is reporting to the portal.<br>
+<td>A unique identifier is used to represent each device that is reporting to the portal.<br>
-If the identifier does not persist, the same machine might appear twice in the portal.</td>
+If the identifier does not persist, the same device might appear twice in the portal.</td>
-<td>Check registry permissions on the machine to ensure the service can update the registry.</td>
+<td>Check registry permissions on the device to ensure the service can update the registry.</td>
 </tr>
 <tr>
 <td>34</td>
@@ -251,7 +251,7 @@ If the identifier does not persist, the same machine might appear twice in the p
 <td>An error occurred with the Windows telemetry service.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy" data-raw-source="[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)">Ensure the diagnostic data service is enabled</a>.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machines](configure-endpoints.md)">Onboard Windows 10 machines</a>.</td>
+See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>35</td>
@@ -269,31 +269,31 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machin
 <tr>
 <td>37</td>
 <td>Microsoft Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
-<td>The machine has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.</td>
+<td>The device has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>38</td>
 <td>Network connection is identified as low. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
-<td>The machine is using a metered/paid network and will be contacting the server less frequently.</td>
+<td>The device is using a metered/paid network and will be contacting the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>39</td>
 <td>Network connection is identified as normal. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
-<td>The machine is not using a metered/paid connection and will contact the server as usual.</td>
+<td>The device is not using a metered/paid connection and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>40</td>
 <td>Battery state is identified as low. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
-<td>The machine has low battery level and will contact the server less frequently.</td>
+<td>The device has low battery level and will contact the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>41</td>
 <td>Battery state is identified as normal. Microsoft Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
-<td>The machine doesn’t have low battery level and will contact the server as usual.</td>
+<td>The device doesn’t have low battery level and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
@@ -345,6 +345,6 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 machin
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
 
 ## Related topics
-- [Onboard Windows 10 machines](configure-endpoints.md)
+- [Onboard Windows 10 devices](configure-endpoints.md)
-- [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md)
+- [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md)
 - [Troubleshoot Microsoft Defender ATP](troubleshoot-onboarding.md)

windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md

@@ -31,9 +31,9 @@ Exploit protection automatically applies a number of exploit mitigation techniqu
 
 Exploit protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-You can [enable exploit protection](enable-exploit-protection.md) on an individual machine, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
+You can [enable exploit protection](enable-exploit-protection.md) on an individual device, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
 
-When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
+When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
 
 You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
 

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -2,7 +2,7 @@
 title: Use Microsoft Defender Advanced Threat Protection APIs  
 ms.reviewer: 
 description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender ATP without a user.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
+keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -77,7 +77,7 @@ This page explains how to create an AAD application, get an access token to Micr
       For instance,
 
       - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
-      - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
+      - To [isolate a device](isolate-machine.md), select 'Isolate device' permission
       - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
 
     - Click **Grant consent**

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md

@@ -2,7 +2,7 @@
 title: Create an Application to access Microsoft Defender ATP without a user
 ms.reviewer: 
 description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
+keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -68,7 +68,7 @@ The following steps with guide you how to create an AAD application, get an acce
 
    - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
    
-   - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
+   - To [isolate a device](isolate-machine.md), select 'Isolate device' permission
 
    In the following example we will use **'Read all alerts'** permission:
 

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md

@@ -2,7 +2,7 @@
 title: Create an app to access Microsoft Defender ATP without a user
 ms.reviewer: 
 description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
+keywords: apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file, advanced hunting, query
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -58,7 +58,7 @@ This article explains how to create an Azure AD application, get an access token
      Note that you need to select the relevant permissions. 'Read All Alerts' is only an example. For instance:
 
      - To [run advanced queries](run-advanced-query-api.md), select the 'Run advanced queries' permission.
-     - To [isolate a machine](isolate-machine.md), select the 'Isolate machine' permission.
+     - To [isolate a device](isolate-machine.md), select the 'Isolate device' permission.
      - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
 
 5. Select **Grant consent**.

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md

@@ -28,7 +28,7 @@ Full scenario using multiple APIs from Microsoft Defender ATP.
 In this section we share PowerShell samples to 
 - Retrieve a token 
 - Use token to retrieve the latest alerts in Microsoft Defender ATP
-- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
+- For each alert, if the alert has medium or high priority and is still in progress, check how many times the device has connected to suspicious URL.
 
 **Prerequisite**: You first need to [create an app](apis-intro.md).
 

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md

@@ -2,7 +2,7 @@
 title: Supported Microsoft Defender Advanced Threat Protection APIs  
 ms.reviewer: 
 description: Learn about the specific supported Microsoft Defender Advanced Threat Protection entities where you can create API calls to. 
-keywords: apis, supported apis, actor, alerts, machine, user, domain, ip, file, advanced queries, advanced hunting
+keywords: apis, supported apis, actor, alerts, device, user, domain, ip, file, advanced queries, advanced hunting
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -50,16 +50,16 @@ Topic | Description
 :---|:---
 Advanced Hunting | Run queries from API.
 Alerts | Run API calls such as get alerts, create alert, update alert and more.
-Domains | Run API calls such as get domain related machines, domain statistics and more.
+Domains | Run API calls such as get domain related devices, domain statistics and more.
-Files | Run API calls such as get file information, file related alerts, file related machines, and file statistics.
+Files | Run API calls such as get file information, file related alerts, file related devices, and file statistics.
 IPs | Run API calls such as get IP related alerts and get IP statistics.
-Machines | Run API calls such as get machines, get machines by ID, information about logged on users, edit tags and more.
+Machines | Run API calls such as get devices, get devices by ID, information about logged on users, edit tags and more.
 Machine Actions | Run API call such as Isolation, Run anti-virus scan and more.
 Indicators | Run API call such as create Indicator, get Indicators and delete Indicators.
-Users | Run API calls such as get user related alerts and user related machines.
+Users | Run API calls such as get user related alerts and user related devices.
 Score | Run API calls such as get exposure score or get device secure score.
 Software | Run API calls such as list vulnerabilities by software.
-Vulnerability | Run API calls such as list machines by vulnerability.
+Vulnerability | Run API calls such as list devices by vulnerability.
 Recommendation | Run API calls such as Get recommendation by Id.
 
 ## Related topic

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md

@@ -35,7 +35,7 @@ Not all properties are filterable.
 
 ### Example 1
 
-Get all the machines with the tag 'ExampleTag'
+Get all the devices with the tag 'ExampleTag'
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=machineTags/any(tag: tag eq 'ExampleTag')
@@ -126,7 +126,7 @@ Content-type: application/json
 
 ### Example 3
 
-Get all the machines with 'High' 'RiskScore'
+Get all the devices with 'High' 'RiskScore'
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High'
@@ -167,7 +167,7 @@ Content-type: application/json
 
 ### Example 4
 
-Get top 100 machines with 'HealthStatus' not equals to 'Active'
+Get top 100 devices with 'HealthStatus' not equals to 'Active'
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 
@@ -208,7 +208,7 @@ Content-type: application/json
 
 ### Example 5
 
-Get all the machines that last seen after 2018-10-20
+Get all the devices that last seen after 2018-10-20
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z
@@ -283,7 +283,7 @@ Content-type: application/json
 
 ### Example 7
 
-Get the count of open alerts for a specific machine:
+Get the count of open alerts for a specific device:
 
 ```
 HTTP GET  https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'

windows/security/threat-protection/microsoft-defender-atp/files.md

@@ -29,7 +29,7 @@ Method|Return Type |Description
 :---|:---|:---
 [Get file](get-file-information.md) | [file](files.md) | Get a single file 
 [List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file.
-[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert.
+[List file related devices](get-file-related-machines.md) | [machine](machine.md) collection | Get the [device](machine.md) entities associated with the alert.
 [file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.
 
 

windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md

@@ -1,7 +1,7 @@
 ---
-title: Find machine information by internal IP API
+title: Find device information by internal IP API
-description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP.
+description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP.
-keywords: ip, apis, graph api, supported apis, find machine, machine information
+keywords: ip, apis, graph api, supported apis, find device, device information
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,13 +16,13 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Find machine information by internal IP API
+# Find device information by internal IP API
 
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Find a machine by internal IP.
+Find a device by internal IP.
 
 >[!NOTE]
 >The timestamp must be within the last 30 days.
@@ -70,7 +70,7 @@ Content-type: application/json
 
 Here is an example of the response.
 
-The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp. 
+The response will return a list of all devices that reported this IP address within sixteen minutes prior and after the timestamp. 
 
 ```
 HTTP/1.1 200 OK

windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md

@@ -1,7 +1,7 @@
 ---
-title: Find machines by internal IP API
+title: Find devices by internal IP API
-description: Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
+description: Find devices seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp 
-keywords: apis, graph api, supported apis, get, machine, IP, find, find machine, by ip, ip
+keywords: apis, graph api, supported apis, get, device, IP, find, find device, by ip, ip
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Find machines by internal IP API
+# Find devices by internal IP API
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
@@ -44,9 +44,9 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
-> - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+> - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
-> - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+> - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md

@@ -1,6 +1,6 @@
 ---
 title: Fix unhealthy sensors in Microsoft Defender ATP
-description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
+description: Fix device sensors that are reporting as misconfigured or inactive so that the service receives data from the device.
 keywords: misconfigured, inactive, fix sensor, sensor health,  no sensor data, sensor data, impaired communications, communication
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -29,63 +29,63 @@ ms.date: 10/23/2017
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-fixsensor-abovefoldlink)
 
-Machines that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a machine to be categorized as inactive or misconfigured.
+Devices that are categorized as misconfigured or inactive can be flagged due to varying causes. This section provides some explanations as to what might have caused a device to be categorized as inactive or misconfigured.
 
-## Inactive machines
+## Inactive devices
 
-An inactive machine is not necessarily flagged due to an issue. The following actions taken on a machine can cause a machine to be categorized as inactive:
+An inactive device is not necessarily flagged due to an issue. The following actions taken on a device can cause a device to be categorized as inactive:
 
-**Machine is not in use**</br>
+**Device is not in use**</br>
-If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
+If the device has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
 
-**Machine was reinstalled or renamed**</br>
+**Device was reinstalled or renamed**</br>
-A reinstalled or renamed machine will generate a new machine entity in Microsoft Defender Security Center. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Microsoft Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
+A reinstalled or renamed device will generate a new device entity in Microsoft Defender Security Center. The previous device entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a device and deployed the Microsoft Defender ATP package, search for the new device name to verify that the device is reporting normally.
 
-**Machine was offboarded**</br>
+**Device was offboarded**</br>
-If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
+If the device was offboarded it will still appear in devices list. After 7 days, the device health state should change to inactive.
 
 
-**Machine is not sending signals**
+**Device is not sending signals**
-If the machine is not sending any signals for more than 7 days to any of the Microsoft Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive. 
+If the device is not sending any signals for more than 7 days to any of the Microsoft Defender ATP channels for any reason including conditions that fall under misconfigured devices classification, a device can be considered inactive. 
 
 
-Do you expect a machine to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
+Do you expect a device to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
 
-## Misconfigured machines
+## Misconfigured devices
-Misconfigured machines can further be classified to:
+Misconfigured devices can further be classified to:
 - Impaired communications
 - No sensor data
 
 ### Impaired communications
-This status indicates that there's limited communication between the machine and the service.
+This status indicates that there's limited communication between the device and the service.
 
-The following suggested actions can help fix issues related to a misconfigured machine with impaired communications:
+The following suggested actions can help fix issues related to a misconfigured device with impaired communications:
 
-- [Ensure the machine has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-machine)</br>
+- [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)</br>
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
 - [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
-If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
+If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
 ### No sensor data
-A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data.
+A misconfigured device with status ‘No sensor data’ has communication with the service but can only report partial sensor data.
-Follow theses actions to correct known issues related to a misconfigured machine with status ‘No sensor data’:
+Follow theses actions to correct known issues related to a misconfigured device with status ‘No sensor data’:
 
-- [Ensure the machine has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-machine)</br>
+- [Ensure the device has Internet connection](troubleshoot-onboarding.md#troubleshoot-onboarding-issues-on-the-device)</br>
   The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
 
 - [Verify client connectivity to Microsoft Defender ATP service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls)</br>
   Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
 
 - [Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-the-diagnostics-service-is-enabled)</br>
-If the machines aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
+If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the endpoint.
 
 - [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy)</br>
-If your machines are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
+If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Antivirus Early Launch Antimalware (ELAM) driver to be enabled.
 
-If you took corrective actions and the machine status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
+If you took corrective actions and the device status is still misconfigured, [open a support ticket](https://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409).
 
 ## Related topic
 - [Check sensor health state in Microsoft Defender ATP](check-sensor-status.md)

windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md

@@ -45,7 +45,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md

@@ -43,7 +43,7 @@ Delegated (work or school account) | URL.Read.All | 'Read URLs'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md

@@ -43,7 +43,7 @@ Delegated (work or school account) | File.Read.All | 'Read file profiles'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md

@@ -43,7 +43,7 @@ Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md

@@ -1,7 +1,7 @@
 ---
 title: Get alert related machine information 
-description: Retrieve all machines related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
+description: Retrieve all devices related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
-keywords: apis, graph api, supported apis, get alert information, alert information, related machine
+keywords: apis, graph api, supported apis, get alert information, alert information, related device
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -24,7 +24,7 @@ ms.topic: article
 
 
 ## API description
-Retrieves [Machine](machine.md) related to a specific alert.
+Retrieves [Device](machine.md) related to a specific alert.
 
 
 ## Limitations
@@ -45,7 +45,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -63,7 +63,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and alert and machine exist - 200 OK. If alert not found or machine not found - 404 Not Found.
+If successful and alert and device exist - 200 OK. If alert not found or device not found - 404 Not Found.
 
 ## Example
 

windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md

@@ -43,7 +43,7 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-alerts.md

@@ -49,7 +49,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- The response will include only alerts that are associated with machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The response will include only alerts that are associated with devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md

@@ -1,6 +1,6 @@
 ---
 title: Get Machine Secure score
-description: Retrieves the organizational machine secure score.
+description: Retrieves the organizational device secure score.
 keywords: apis, graph api, supported apis, get, alerts, recent
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md

@@ -1,6 +1,6 @@
 ---
 title: Get discovered vulnerabilities
-description: Retrieves a collection of discovered vulnerabilities related to a given machine ID.
+description: Retrieves a collection of discovered vulnerabilities related to a given device ID.
 keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -22,7 +22,7 @@ ms.topic: article
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieves a collection of discovered vulnerabilities related to a given machine ID.
+Retrieves a collection of discovered vulnerabilities related to a given device ID.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md

@@ -45,7 +45,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md

@@ -1,7 +1,7 @@
 ---
 title: Get domain related machines API
-description: Retrieves a collection of machines related to a given domain address.
+description: Retrieves a collection of devices related to a given domain address.
-keywords: apis, graph api, supported apis, get, domain, related, machines
+keywords: apis, graph api, supported apis, get, domain, related, devices
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -28,7 +28,7 @@ Retrieves a collection of [Machines](machine.md) that have communicated to or fr
 
 
 ## Limitations
-1. You can query on machines last seen in the past 30 days.
+1. You can query on devices last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
@@ -45,7 +45,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md

@@ -1,7 +1,7 @@
 ---
 title: Get domain statistics API
 description: Retrieves the prevalence for the given domain.
-keywords: apis, graph api, supported apis, get, domain, domain related machines
+keywords: apis, graph api, supported apis, get, domain, domain related devices
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy

windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md

@@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md

@@ -1,7 +1,7 @@
 ---
 title: Get file related machines API
-description: Retrieves a collection of machines related to a given file hash.
+description: Retrieves a collection of devices related to a given file hash.
-keywords: apis, graph api, supported apis, get, machines, hash
+keywords: apis, graph api, supported apis, get, devices, hash
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -44,7 +44,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md

@@ -1,7 +1,7 @@
 ---
 title: Get installed software
-description: Retrieves a collection of installed software related to a given machine ID.
+description: Retrieves a collection of installed software related to a given device ID.
-keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api
+keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per device, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -22,7 +22,7 @@ ms.topic: article
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieves a collection of installed software related to a given machine ID.
+Retrieves a collection of installed software related to a given device ID.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md

@@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md

@@ -1,7 +1,7 @@
 ---
 title: Get machine by ID API
-description: Retrieves a machine entity by ID.
+description: Retrieves a device entity by ID.
-keywords: apis, graph api, supported apis, get, machines, entity, id
+keywords: apis, graph api, supported apis, get, devices, entity, id
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -24,11 +24,11 @@ ms.topic: article
 
 
 ## API description
-Retrieves specific [Machine](machine.md) by its machine ID or computer name.
+Retrieves specific [Machine](machine.md) by its device ID or computer name.
 
 
 ## Limitations
-1. You can get machines last seen in the past 30 days.
+1. You can get devices last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
@@ -45,7 +45,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- User needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 
 ## HTTP request
@@ -64,7 +64,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with the [machine](machine.md) entity in the body.
+If successful and device exists - 200 OK with the [machine](machine.md) entity in the body.
 If machine with the specified id was not found - 404 Not Found.
 
 

windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md

@@ -1,7 +1,7 @@
 ---
-title: List exposure score by machine group
+title: List exposure score by device group
-description: Retrieves a list of exposure scores by machine group.
+description: Retrieves a list of exposure scores by device group.
-keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score
+keywords: apis, graph api, supported apis, get, exposure score, device group, device group exposure score
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# List exposure score by machine group
+# List exposure score by device group
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
@@ -49,7 +49,7 @@ GET /api/exposureScore/ByMachineGroups
 Empty
 
 ## Response
-If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body. 
+If successful, this method returns 200 OK, with a list of exposure score per device group data in the response body. 
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md

@@ -1,7 +1,7 @@
 ---
 title: Get machine log on users API
-description: Retrieve a collection of logged on users on a specific machine using Microsoft Defender ATP APIs.
+description: Retrieve a collection of logged on users on a specific device using Microsoft Defender ATP APIs.
-keywords: apis, graph api, supported apis, get, machine, log on, users
+keywords: apis, graph api, supported apis, get, device, log on, users
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -24,11 +24,11 @@ ms.topic: article
 
 
 ## API description
-Retrieves a collection of logged on users on a specific machine.
+Retrieves a collection of logged on users on a specific device.
 
 
 ## Limitations
-1. You can query on machines last seen in the past 30 days.
+1. You can query on devices last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
@@ -43,7 +43,7 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include users only if the machine is visible to the user, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include users only if the device is visible to the user, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -61,7 +61,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exist - 200 OK with list of [user](user.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and device exist - 200 OK with list of [user](user.md) entities in the body. If device was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md

@@ -1,7 +1,7 @@
 ---
 title: Get machine related alerts API
-description: Retrieves a collection of alerts related to a given machine ID.
+description: Retrieves a collection of alerts related to a given device ID.
-keywords: apis, graph api, supported apis, get, machines, related, alerts
+keywords: apis, graph api, supported apis, get, devices, related, alerts
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -24,11 +24,11 @@ ms.topic: article
 
 
 ## API description
-Retrieves all [Alerts](alerts.md) related to a specific machine.
+Retrieves all [Alerts](alerts.md) related to a specific device.
 
 
 ## Limitations
-1. You can query on machines last seen in the past 30 days.
+1. You can query on devices last seen in the past 30 days.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
@@ -42,7 +42,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- User needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```
@@ -60,4 +60,4 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and device exists - 200 OK with list of [alert](alerts.md) entities in the body. If device was not found - 404 Not Found.

windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md

@@ -1,6 +1,6 @@
 ---
 title: Get RBAC machine groups collection API
-description: Retrieves a collection of RBAC machine groups.
+description: Retrieves a collection of RBAC device groups.
 keywords: apis, graph api, supported apis, get, RBAC, group
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -24,7 +24,7 @@ ms.date: 10/07/2018
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Retrieves a collection of RBAC machine groups.
+Retrieves a collection of RBAC device groups.
 
 ## Permissions
 User needs read permissions.
@@ -61,8 +61,8 @@ Content-type: application/json
 **Response**
 
 Here is an example of the response.
-Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. 
+Field id contains device group **id** and equal to field **rbacGroupId** in devices info. 
-Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
+Field **ungrouped** is true only for one group for all devices that have not been assigned to any group. This group as usual has name "UnassignedGroup".
 
 ```
 HTTP/1.1 200 OK

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md

@@ -1,7 +1,7 @@
 ---
-title: List machines by software
+title: List devices by software
-description: Retrieve a list of machines that has this software installed.
+description: Retrieve a list of devices that has this software installed.
-keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api
+keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# List machines by software
+# List devices by software
 
 **Applies to:**
 
@@ -24,7 +24,7 @@ ms.topic: article
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieve a list of machine references that has this software installed.
+Retrieve a list of device references that has this software installed.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
@@ -49,7 +49,7 @@ GET /api/Software/{Id}/machineReferences
 Empty
 
 ## Response
-If successful, this method returns 200 OK and a list of machines with the software installed in the body. 
+If successful, this method returns 200 OK and a list of devices with the software installed in the body. 
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md

@@ -1,7 +1,7 @@
 ---
-title: List machines by vulnerability
+title: List devices by vulnerability
-description: Retrieves a list of machines affected by a vulnerability.
+description: Retrieves a list of devices affected by a vulnerability.
-keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api
+keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,13 +16,13 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# List machines by vulnerability
+# List devices by vulnerability
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieves a list of machines affected by a vulnerability.
+Retrieves a list of devices affected by a vulnerability.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.

windows/security/threat-protection/microsoft-defender-atp/get-machines.md

@@ -1,7 +1,7 @@
 ---
 title: List machines API
-description: Retrieves a collection of recently seen machines.
+description: Retrieves a collection of recently seen devices.
-keywords: apis, graph api, supported apis, get, machines
+keywords: apis, graph api, supported apis, get, devices
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -31,7 +31,7 @@ Retrieves a collection of [Machines](machine.md) that have communicated with  Mi
 
 
 ## Limitations
-1. You can get machines last seen in the past 30 days.
+1. You can get devices last seen in the past 30 days.
 2. Maximum page size is 10,000.
 3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 
 
@@ -48,7 +48,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only machines,that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md

@@ -1,7 +1,7 @@
 ---
 title: Get machines security states collection API
-description: Retrieve a collection of machine security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP.
+description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP.
-keywords: apis, graph api, supported apis, get, machine, security, state
+keywords: apis, graph api, supported apis, get, device, security, state
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -23,7 +23,7 @@ ms.topic: article
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-Retrieves a collection of machines security states.
+Retrieves a collection of devices security states.
 
 ## Permissions
 User needs read permissions.
@@ -60,7 +60,7 @@ Content-type: application/json
 **Response**
 
 Here is an example of the response.
-Field *id* contains machine id and equal to the field *id** in machines info. 
+Field *id* contains device id and equal to the field *id** in devices info. 
 
 ```
 HTTP/1.1 200 OK

windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md

@@ -1,7 +1,7 @@
 ---
-title: Get missing KBs by machine ID
+title: Get missing KBs by device ID
-description: Retrieves missing KBs by machine Id
+description: Retrieves missing KBs by device Id
-keywords: apis, graph api, supported apis, get, list, file, information, machine id, threat & vulnerability management api, mdatp tvm api
+keywords: apis, graph api, supported apis, get, list, file, information, device id, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,13 +16,13 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get missing KBs by machine ID
+# Get missing KBs by device ID
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-Retrieves missing KBs by machine Id
+Retrieves missing KBs by device Id
 
 ## HTTP request
 
@@ -42,7 +42,7 @@ Empty
 
 ## Response
 
-If successful, this method returns 200 OK, with the specified machine missing kb data in the body.
+If successful, this method returns 200 OK, with the specified device missing kb data in the body.
 
 ## Example
 

windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md

@@ -38,7 +38,7 @@ Delegated (work or school account) | Machine.CollectForensics |	'Collect forensi
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information)
->- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md

@@ -1,7 +1,7 @@
 ---
-title: List machines by recommendation
+title: List devices by recommendation
-description: Retrieves a list of machines associated with the security recommendation. 
+description: Retrieves a list of devices associated with the security recommendation. 
-keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api 
+keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api 
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -16,13 +16,13 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# List machines by recommendation
+# List devices by recommendation
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieves a list of machines associated with the security recommendation.
+Retrieves a list of devices associated with the security recommendation.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
@@ -48,7 +48,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK with the list of machines associated with the security recommendation.
+If successful, this method returns 200 OK with the list of devices associated with the security recommendation.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md

@@ -1,7 +1,7 @@
 ---
 title: Get security recommendations
-description: Retrieves a collection of security recommendations related to a given machine ID.
+description: Retrieves a collection of security recommendations related to a given device ID.
-keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per machine, threat & vulnerability management api, mdatp tvm api
+keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -22,7 +22,7 @@ ms.topic: article
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-Retrieves a collection of security recommendations related to a given machine ID.
+Retrieves a collection of security recommendations related to a given device ID.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md

@@ -1,6 +1,6 @@
 ---
 title: Get software by Id
-description: Retrieves a list of exposure scores by machine group.
+description: Retrieves a list of exposure scores by device group.
 keywords: apis, graph api, supported apis, get, software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10

windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md

@@ -44,7 +44,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```

windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md

@@ -1,6 +1,6 @@
 ---
 title: Get user related machines API
-description: Retrieves a collection of machines related to a given user ID.
+description: Retrieves a collection of devices related to a given user ID.
 keywords: apis, graph api, supported apis, get, user, user related alerts
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -24,7 +24,7 @@ ms.topic: article
 
 
 ## API description
-Retrieves a collection of machines related to a given user ID.
+Retrieves a collection of devices related to a given user ID.
 
 
 ## Limitations
@@ -44,7 +44,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
->- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
+>- Response will include only devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 ```