Merge pull request #3381 from MicrosoftDocs/master

Publish 07/27/2020 3:53 PM
2025-05-29 21:57:23 +00:00 · 2020-07-27 16:07:27 -07:00 · 2020-07-27 16:07:27 -07:00 · 22d8c8fed4
commit 22d8c8fed4
parent 5dba46a391 20ac8c0195
12 changed files with 42 additions and 33 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@ -28,7 +28,7 @@ Adds or remove tag to a specific [Machine](machine.md).

 ## Limitations

-1. You can post on machines last seen in the past 30 days.
+1. You can post on machines last seen according to your configured retention period.

 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.

@ -50,7 +50,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine

 ## HTTP request

-```
+```http
 POST https://api.securitycenter.windows.com/api/machines/{id}/tags
 ```

@ -83,12 +83,13 @@ Here is an example of a request that adds machine tag.

 [!include[Improve request performance](../../includes/improve-request-performance.md)]

-```
+```http
 POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
 Content-type: application/json
 {
  "Value" : "test Tag 2",
  "Action": "Add"
 }
+```

 - To remove machine tag, set the Action to 'Remove' instead of 'Add' in the request body.
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@ -158,4 +158,7 @@ When you click on the pending actions link, you'll be taken to the Action center

 ## Next steps

-[View and approve remediation actions](manage-auto-investigation.md)
+- [View and approve remediation actions](manage-auto-investigation.md)
+
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
+ 
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@ -82,10 +82,12 @@ The default device group is configured for semi-automatic remediation. This mean

 When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.

-## Next step
+## Next steps

 - [Learn about the automated investigations dashboard](manage-auto-investigation.md)

+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
+
 ## Related articles

 - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@ -28,7 +28,7 @@ Retrieves a collection of [Alerts](alerts.md) related to a given domain address.


 ## Limitations
-1. You can query on alerts last updated in the past 30 days.
+1. You can query on alerts last updated according to your configured retention period.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.


@ -48,7 +48,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >- Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)

 ## HTTP request
-```
+```http
 GET /api/domains/{domain}/alerts
 ```

@ -73,6 +73,6 @@ Here is an example of the request.

 [!include[Improve request performance](../../includes/improve-request-performance.md)]

-```
+```http
 GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@ -28,7 +28,7 @@ Retrieves a collection of [Machines](machine.md) that have communicated to or fr


 ## Limitations
-1. You can query on devices last seen in the past 30 days.
+1. You can query on devices last updated according to your configured retention period.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.


@ -48,7 +48,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >- Response will include only devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)

 ## HTTP request
-```
+```http
 GET /api/domains/{domain}/machines
 ```

@ -75,6 +75,6 @@ Here is an example of the request.
 [!include[Improve request performance](../../includes/improve-request-performance.md)]


-```
+```http
 GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@ -28,7 +28,7 @@ Retrieves specific [Machine](machine.md) by its device ID or computer name.


 ## Limitations
-1. You can get devices last seen in the past 30 days.
+1. You can get devices last seen according to your configured retention policy.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.


@ -49,7 +49,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine


 ## HTTP request
-```
+```http
 GET /api/machines/{id}
 ```

@ -65,7 +65,7 @@ Empty

 ## Response
 If successful and device exists - 200 OK with the [machine](machine.md) entity in the body.
-If machine with the specified id was not found - 404 Not Found.
+If machine with the specified ID was not found - 404 Not Found.


 ## Example
@ -76,7 +76,7 @@ Here is an example of the request.

 [!include[Improve request performance](../../includes/improve-request-performance.md)]

-```
+```http
 GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07
 ```

@ -85,7 +85,7 @@ GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932
 Here is an example of the response.


-```
+```http
 HTTP/1.1 200 OK
 Content-type: application/json
 {
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@ -28,7 +28,7 @@ Retrieves a collection of logged on users on a specific device.


 ## Limitations
-1. You can query on devices last seen in the past 30 days.
+1. You can query on alerts last updated according to your configured retention period.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.


@ -46,7 +46,7 @@ Delegated (work or school account) | User.Read.All | 'Read user profiles'
 >- Response will include users only if the device is visible to the user, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)

 ## HTTP request
-```
+```http
 GET /api/machines/{id}/logonusers
 ```

@ -72,7 +72,7 @@ Here is an example of the request.

 [!include[Improve request performance](../../includes/improve-request-performance.md)]

-```
+```http
 GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers
 ```

@ -81,7 +81,7 @@ GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932
 Here is an example of the response.


-```
+```http
 HTTP/1.1 200 OK
 Content-type: application/json
 {
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@ -28,7 +28,7 @@ Retrieves all [Alerts](alerts.md) related to a specific device.


 ## Limitations
-1. You can query on devices last seen in the past 30 days.
+1. You can query on devices last updated according to your configured retention period.
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.


@ -45,7 +45,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >- User needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)

 ## HTTP request
-```
+```http
 GET /api/machines/{id}/alerts
 ```

--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@ -24,14 +24,14 @@ ms.topic: article


 ## API description
-Retrieves a collection of [Machines](machine.md) that have communicated with  Microsoft Defender ATP cloud on the last 30 days.
+Retrieves a collection of [Machines](machine.md) that have communicated with  Microsoft Defender ATP cloud.
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
-<br>The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```healthStatus```, ```osPlatform```, ```riskScore``` and ```rbacGroupId```.
+<br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
 <br>See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)


 ## Limitations
-1. You can get devices last seen in according to your configured retention period.
+1. You can get devices last seen according to your configured retention period.
 2. Maximum page size is 10,000.
 3. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. 

@ -51,7 +51,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)

 ## HTTP request
-```
+
+```http
 GET https://api.securitycenter.windows.com/api/machines
 ```

@ -77,7 +78,8 @@ Here is an example of the request.

 [!include[Improve request performance](../../includes/improve-request-performance.md)]

-```
+
+```http
 GET https://api.securitycenter.windows.com/api/machines
 ```

@ -85,8 +87,7 @@ GET https://api.securitycenter.windows.com/api/machines

 Here is an example of the response.

-
-```
+```http
 HTTP/1.1 200 OK
 Content-type: application/json
 {
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@ -63,6 +63,8 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 
 ## Next steps

+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
+
 - [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)

 - [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@ -100,11 +100,11 @@ You can view the overall number of automated investigations from the last 30 day


 ## Automated investigations statistics
-This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. 
+This tile shows statistics related to automated investigations in the last seven days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation. 

 ![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png)

-You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
+You can click on **Automated investigations**, **Remediated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.

 ## Users at risk
 The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts.