3

windows/security/threat-protection/TOC.md

@@ -370,7 +370,7 @@
 ###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
 
 ##### [APIs]()
-###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md)
+###### [Supported Microsoft Defender ATP APIs](microsoft-defender-atp/exposed-apis-list.md)
 ###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
 
 ###### [Alert]()

windows/security/threat-protection/microsoft-defender-atp/alerts.md

@@ -22,8 +22,6 @@ ms.topic: article
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Represents an alert entity in Microsoft Defender ATP.
-
 # Methods
 Method |Return Type |Description
 :---|:---|:---
@@ -66,14 +64,15 @@ alertIPs | List of Alert IPs | **This list will be populated on $expand option,
 alertDomains | List of Alert Domains | **This list will be populated on $expand option, see example below** Alert Domain is an object that contains: host string field. 
 
 
-# JSON representation:
+
+## JSON representation:
 
 - When querying for alert list the regular way (without expand option, e.g. https://api.securitycenter.windows.com/api/alerts) the expandable properties will not get populated (empty lists)
 - To expand expandable properties use $expand option (e.g. to expand all send https://api.securitycenter.windows.com/api/alerts?$expand=files,ips,domains).
 - When querying single alert all expandable properties will be expanded. 
 - Check out [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) for more OData examples. 
 
-## Response example for getting single alert:
+### Response example for getting single alert:
 
 ```
 GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-292920499
@@ -84,7 +83,7 @@ GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-2929
     "id": "da637084217856368682_-292920499",
     "incidentId": 66860,
     "investigationId": 4416234,
-    "assignedTo": secop@contoso.com,
+    "assignedTo": "secop@contoso.com",
     "severity": "Low",
     "status": "New",
     "classification": "TruePositive",

windows/security/threat-protection/microsoft-defender-atp/get-alerts.md

@@ -96,7 +96,7 @@ Here is an example of the response.
             "id": "da637084217856368682_-292920499",
 			"incidentId": 66860,
 			"investigationId": 4416234,
-			"assignedTo": secop@contoso.com,
+			"assignedTo": "secop@contoso.com",
 			"severity": "Low",
 			"status": "New",
 			"classification": "TruePositive",
@@ -123,6 +123,7 @@ Here is an example of the response.
 			"alertFiles": [],
 			"alertDomains": [],
 			"alertIps": []
+		}
 	]
 }
 ```

windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt

@@ -343,7 +343,7 @@
 ###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
 
 ##### [APIs]()
-###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
+###### [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
 ###### [Advanced Hunting](run-advanced-query-api.md)
 
 ###### [Alert]()

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md

@@ -24,8 +24,8 @@ ms.topic: article
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## Limitations
-1. You can only run a query on data from the last 30 days
-2. The results will include a maximum of 100,000 rows
+1. You can only run a query on data from the last 30 days.
+2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant: up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.