Merged PR 14811: fixes

.openpublishing.redirection.json

@@ -13929,5 +13929,10 @@
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
 "redirect_document_id": false
 },
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+"redirect_document_id": false
+},
 ]
 }

windows/security/threat-protection/TOC.md

@@ -236,7 +236,7 @@
 ####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
    
 ##### [Windows Defender ATP API](windows-defender-atp/use-apis.md)
-###### [Get started](windows-defender-atp/apis-intro.md)
+###### [Get started with Windows Defender ATP APIs](windows-defender-atp/apis-intro.md)
 ####### [Hello World](windows-defender-atp/api-hello-world.md)
 ####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md)
 ####### [Get access with user context](windows-defender-atp/exposed-apis-create-app-nativeapp.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -233,7 +233,7 @@
   
 
 #### [Windows Defender ATP API](use-apis.md)
-##### [Get started](apis-intro.md)
+##### [Get started with Windows Defender ATP APIs](apis-intro.md)
 ###### [Hello World](api-hello-world.md)
 ###### [Get access with application context](exposed-apis-create-app-webapp.md)
 ###### [Get access with user context](exposed-apis-create-app-nativeapp.md)

windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,16 +14,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # Alert resource type
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-Represents an alert entity in WDATP.
+Represents an alert entity in Windows Defender ATP.
 
 # Methods
 Method|Return Type |Description

windows/security/threat-protection/windows-defender-atp/api-hello-world.md

@@ -14,14 +14,14 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/24/2018
 ---
 
-# Windows Defender ATP API - Hello Word 
+# Windows Defender ATP API - Hello World 
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+**Applies to:** 
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## Get Alerts using a simple PowerShell script
@@ -36,7 +36,7 @@ For the App registration stage, you must have a Global administrator role in you
 
 ### Step 1 - Create an App in Azure Active Directory
 
-1.	Log on to [Azure](https://portal.azure.com) With your Global administrator user.
+1.	Log on to [Azure](https://portal.azure.com) with your Global administrator user.
 
 2.	Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. 
 
@@ -181,7 +181,6 @@ You’re all done! You have just successfully:
 -	Connected the API
 -	Used a PowerShell script to return alerts created in the past 48 hours
 
-Well done!
 
 
 ## Related topic

windows/security/threat-protection/windows-defender-atp/apis-intro.md

@@ -14,12 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 09/03/2018
 ---
 
 # Windows Defender ATP API overview
 
-**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+**Applies to:** 
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 > Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
@@ -36,26 +36,27 @@ You can access Windows Defender ATP API with **Application Context** or **User C
 - **Application Context: (Recommended)** <br>
     Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
 
-	Steps that needs to be taken to access Windows Defender ATP API with application context:
-	1) Create AAD Web-Application.
-	2) Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
-	3) Create a key for this Application.
-	4) Get token using the application with its key.
-	5) Use the token to access Windows Defender ATP API
+	Steps that need to be taken to access Windows Defender ATP API with application context:
 
-	See - [Get access with application context](exposed-apis-create-app-webapp.md).
+	1. Create an AAD Web-Application.
+	2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 
+	3. Create a key for this Application.
+	4. Get token using the application with its key.
+	5. Use the token to access Windows Defender ATP API
+
+	For more information, see [Get access with application context](exposed-apis-create-app-webapp.md).
 
 
 - **User Context:** <br>
     Used to perform actions in the API on behalf of a user.
 
 	Steps that needs to be taken to access Windows Defender ATP API with application context:
-	1) Create AAD Native-Application.
-	2) Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
-	3) Get token using the application with user credentials.
-	4) Use the token to access Windows Defender ATP API
+	1. Create AAD Native-Application.
+	2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
+	3. Get token using the application with user credentials.
+	4. Use the token to access Windows Defender ATP API
 
-	See - [Get access with user context](exposed-apis-create-app-nativeapp.md).
+	For more information, see [Get access with user context](exposed-apis-create-app-nativeapp.md).
 
 
 ## Related topics

windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md

@@ -22,7 +22,6 @@ ms.date: 10/16/2017
 
 **Applies to:**
 
-
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 

windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md

@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/29/2018
 ---
 
 

windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md

@@ -1,5 +1,5 @@
 ---
-title: Delete Indicator.
+title: Delete Indicator API.
 description: Deletes Indicator entity by ID.
 keywords: apis, public api, supported apis, delete, ti indicator, entity, id
 search.product: eADQiWindows 10XVcnh
@@ -14,12 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # Delete Indicator API
 
-**Applies to:**  Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:**  
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -26,7 +26,7 @@ ms.date: 09/03/2018
 [!include[Prerelease information](prerelease.md)]
 
 
-This page describe how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
+This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
 
 If you need programmatic access Windows Defender ATP without a user, refer to [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md).
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md

@@ -101,7 +101,7 @@ This page explains how to create an AAD application, get an access token to Wind
     
 	![Image of created app id](images/webapp-app-id1.png)
 
-11. **For WDATP Partners only** - Set your application to be multi-tenanted
+11. **For Windows Defender ATP Partners only** - Set your application to be multi-tenanted
 	
 	This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant).
 
@@ -113,7 +113,7 @@ This page explains how to create an AAD application, get an access token to Wind
 
 	- Application consent for your multi-tenant App:
 	
-	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.
+	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with Windows Defender ATP application on behalf of your customer.
 
 	You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
 
@@ -199,7 +199,7 @@ Refer to [Get token using Python](run-advanced-query-sample-python.md#get-token)
 - Open a command window
 - ​Set CLIENT_ID to your Azure application ID
 - Set CLIENT_SECRET to your Azure application secret
-- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access WDATP application
+- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Windows Defender ATP application
 - Run the below command:
 
 ```
@@ -217,7 +217,7 @@ You will get an answer of the form:
 Sanity check to make sure you got a correct token:
 - Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
 - Validate you get a 'roles' claim with the desired permissions
-- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Wdatp's roles:
+- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Windows Defender ATP's roles:
 
 ![Image of token validation](images/webapp-decoded-token.png)
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md

@@ -19,7 +19,7 @@ ms.date: 09/24/2018
 
 # Windows Defender ATP APIs using PowerShell
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -48,7 +48,7 @@ Set-ExecutionPolicy -ExecutionPolicy Bypass
 - Run the below
 
 > - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
 > - $appSecret: Secret of your AAD app
 > - $suspiciousUrl: The URL
 

windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # File resource type
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-Represent a file entity in WDATP.
+Represent a file entity in Windows Defender ATP.
 
 # Methods
 Method|Return Type |Description
@@ -49,5 +50,5 @@ fileProductName | String | Product name.
 signer | String | File signer.
 issuer | String | File issuer.
 signerHash | String | Hash of the signing certificate.
-isValidCertificate | Boolean | Was signing certificate successfully verified by WDATP agent.
+isValidCertificate | Boolean | Was signing certificate successfully verified by  Windows Defender ATP agent.
 

windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,18 +14,16 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # List machines API
 
 **Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-- Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days.
+- Retrieves a collection of machines that have communicated with  Windows Defender ATP cloud on the last 30 days.
 - Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
 - The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
 - See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)

windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md

@@ -19,7 +19,8 @@ ms.date: 12/08/2017
 
 # List Indicators API
 
-**Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** 
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 

windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md

@@ -14,17 +14,14 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # Get user information API
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Retrieve a User entity by key (user name).
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md

@@ -57,7 +57,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
 
 1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
 
-	![Image of Set up your permissions for WDATP](images\atp-setup-permissions-wdatp-portal.png)
+	![Image of Set up your permissions for Windows Defender ATP](images\atp-setup-permissions-wdatp-portal.png)
 
 	Once the authorization step is completed, the **Welcome** screen will be displayed.
 

windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md

@@ -14,10 +14,11 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 11/11/2018
 ---
 
 # Machine resource type
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
 # Methods
@@ -35,17 +36,17 @@ Property |	Type	|	Description
 :---|:---|:---
 id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity.
 computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
 osPlatform | String | OS platform.
 osVersion | String | OS Version.
 lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
 lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
-agentVersion | String | Version of WDATP agent.
+agentVersion | String | Version of Windows Defender ATP agent.
 osBuild | Nullable long | OS build number.
 healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
 rbacGroupId | Int | RBAC Group ID.
 rbacGroupName | String | RBAC Group Name.
-riskScore | Nullable Enum | Risk score as evaluated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
+riskScore | Nullable Enum | Risk score as evaluated by Windows Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
 machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.

windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md

@@ -20,7 +20,7 @@ ms.date: 12/08/2017
 # MachineAction resource type
 
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -35,7 +35,7 @@ Method|Return Type |Description
 [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
 [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
 [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
-[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from WDATP.
+[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Windows Defender ATP.
 
 # Properties
 Property |	Type	|	Description

windows/security/threat-protection/windows-defender-atp/machineactionsnote.md

@@ -3,4 +3,4 @@ ms.date: 08/28/2017
 author: zavidor
 ---
 >[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via WDATP.
+> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via Windows Defender ATP.

windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md

@@ -14,16 +14,15 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 12/08/2017
 ---
 
 # Offboard machine API
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
-Offboard machine from WDATP.
+Offboard machine from Windows Defender ATP.
 
 [!include[Machine actions note](machineactionsnote.md)]
 

windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md

@@ -19,7 +19,8 @@ ms.date: 12/08/2017
 
 # Submit or Update Indicator API
 
-**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** 
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md

@@ -19,7 +19,7 @@ ms.date: 09/24/2018
 
 # Advanced Hunting using PowerShell
 **Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 [!include[Prerelease information](prerelease.md)]
 
@@ -65,7 +65,7 @@ $aadToken = $response.access_token
 
 where
 - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
 - $appSecret: Secret of your AAD app
 
 ## Run query

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md

@@ -65,7 +65,7 @@ aadToken = jsonResponse["access_token"]
 
 where
 - tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
 - appSecret: Secret of your AAD app
 
 ## Run query