From 31e349d288912976280a86ea24851d52189df3e9 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 12 Dec 2017 11:38:39 -0800
Subject: [PATCH] update step and add bullet in Important

---
 ...-non-windows-windows-defender-advanced-threat-protection.md | 2 +-
 ...chine-alerts-windows-defender-advanced-threat-protection.md | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
index 4fc6507d30..8af3c82edf 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -41,7 +41,7 @@ You'll need to take the following steps to oboard non-Windows endpoints:
 
 3. 	Click **Generate access token** button and then **Copy**.
 
-4. 	Depending on the third-party implementation you're using, the implementation might vary. Refer to the third-party solution documentation for guidance on how to use the token.
+4. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
 
 
 >[!WARNING] 
diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index 87f97bcd64..a6cfe99210 100644
--- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -29,7 +29,8 @@ ms.date: 11/10/2017
 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
 
 >[!IMPORTANT]
-> These response actions are only available for machines on Windows 10, version  1703 or later. 
+> - These response actions are only available for machines on Windows 10, version  1703 or later. 
+> - For non-Windows platforms, response capabilities (such as Machine isolation) are dependent on the third-party capabilities. 
 
 ## Collect investigation package from machines
 As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.