s

windows/security/threat-protection/TOC.md

@@ -235,11 +235,12 @@
 ###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 ####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
    
-##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/use-apis.md)
-###### Create your app
-####### [Get access on behalf of a user](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
-####### [Get access without a user](windows-defender-atp/exposed-apis-create-app-webapp.md)
-###### [Supported Windows Defender ATP APIs](windows-defender-atp/exposed-apis-list.md)
+##### [Windows Defender ATP Public API](windows-defender-atp/use-apis.md)
+###### [Getting started](windows-defender-atp/apis-intro.md)
+####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md)
+####### [Get access with user context](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
+###### [APIs](windows-defender-atp/exposed-apis-list.md)
+
 ####### [Advanced Hunting](windows-defender-atp/run-advanced-query-api.md)
 
 ####### [Alert](windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -232,11 +232,12 @@
 ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
   
 
-#### [Use the Windows Defender ATP exposed APIs](use-apis.md)
-##### Create your app
-###### [Get access on behalf of a user](exposed-apis-create-app-nativeapp.md)
-###### [Get access without a user](exposed-apis-create-app-webapp.md)
-##### [Supported Windows Defender ATP APIs](exposed-apis-list.md)
+#### [Windows Defender ATP Public API](use-apis.md)
+##### [Getting started](apis-intro.md)
+###### [Get access with application context](exposed-apis-create-app-webapp.md)
+###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
+##### [APIs](exposed-apis-list.md)
+
 ###### [Advanced Hunting](run-advanced-query-api.md)
 
 ###### [Alert](alerts-windows-defender-advanced-threat-protection-new.md)

windows/security/threat-protection/windows-defender-atp/apis-intro.md

@@ -30,21 +30,26 @@ ms.date: 09/03/2018
 Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
 In general, you’ll need to take the following steps to use the APIs:
-- Create an app
-- Get an access token
+- Create an AAD application
+- Get an access token using this application
 - Use the token to access Windows Defender ATP API
 
 
-As a developer, you decide which permissions for Windows Defender ATP your app requests. When a user signs in to your app they (or, in some cases, an administrator) are given a chance to give consent to these permissions. If the user provides consent, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-approved to by an administrator when the app is installed or during sign-up.
+You can access Windows Defender ATP API with **Application Context** or **User Context**.
 
-## Delegated permissions, application permissions, and effective permissions
+- **Application Context:** <br>
+    Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
+	Steps that needs to be taken to access Windows Defender ATP API with application context:
+	1) Create AAD Web-Application.
+	2) Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
+	3) Create a key for this Application.
+	4) Get token using the application with its key.
+	5) Use the token to access Windows Defender ATP API
+	See - [Get access with application context](exposed-apis-create-app-webapp.md).
 
-Windows Defender ATP has two types of permissions: delegated permissions and application permissions.
 
 - **Delegated permissions** <br> 
     Used by apps that have a signed-in user present. For these apps either the user or an administrator provides consent to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
-- **Application permissions** <br>
-    Used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
 
 Effective permissions are permissions that your app will have when making requests to Windows Defender ATP. It is important to understand the difference between the delegated and application permissions that your app is granted and its effective permissions when making calls to Windows Defender ATP.
 

windows/security/threat-protection/windows-defender-atp/management-apis.md

@@ -61,7 +61,7 @@ Managed security service provider | Get a quick overview on managed security ser
 ## Related topics
 - [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Use the Windows Defender ATP exposed APIs](use-apis.md)
+- [Windows Defender ATP Public API](use-apis.md)
 - [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
 - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 - [Role-based access control](rbac-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/use-apis.md

@@ -1,7 +1,7 @@
 ---
-title: Use the Windows Defender Advanced Threat Protection APIs  
+title: Windows Defender ATP Public API 
 description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
+keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, public api, api
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -17,7 +17,7 @@ ms.topic: conceptual
 ms.date: 11/28/2018
 ---
 
-# Use the Windows Defender ATP exposed APIs
+# Windows Defender ATP Public API
 
 **Applies to:**
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
@@ -25,6 +25,6 @@ ms.date: 11/28/2018
 ## In this section
 Topic | Description
 :---|:---
-Create your app | Learn how to create an application to get programmatical access to Windows Defender ATP [on behalf of a user](exposed-apis-create-app-nativeapp.md) or [without a user](exposed-apis-create-app-webapp.md).
-Supported Windows Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
+[Windows Defender ATP API overview](apis-intro.md) | Learn how to access to Windows Defender ATP Public API and on which context. 
+[Supported Windows Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
 How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).