remove wdatp in links

windows/security/threat-protection/microsoft-defender-atp/alerts.md

@@ -27,14 +27,14 @@ Represents an alert entity in Microsoft Defender ATP.
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object.
+[Get alert](get-alert-info-by-id.md) | [Alert](alerts.md) | Get a single [alert](alerts.md) object.
-[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection.
+[List alerts](get-alerts.md) | [Alert](alerts.md) collection | List [alert](alerts.md) collection.
-[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[Alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
+[Create alert](create-alert-by-reference.md)|[Alert](alerts.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
-[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection| List URLs associated with the alert.
+[List related domains](get-alert-related-domain-info.md)|Domain collection| List URLs associated with the alert.
-[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [File](files-windows-defender-advanced-threat-protection-new.md) collection |  List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[List related files](get-alert-related-files-info.md) | [File](files.md) collection |  List the [file](files.md) entities that are associated with the [alert](alerts.md).
-[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated with the alert.
+[List related IPs](get-alert-related-ip-info.md) | IP collection | List IPs that are associated with the alert.
-[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [Machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[Get related machines](get-alert-related-machine-info.md) | [Machine](machine.md) | The [machine](machine.md) that is associated with the [alert](alerts.md).
-[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [User](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[Get related users](get-alert-related-user-info.md) | [User](user.md) | The [user](user.md) that is associated with the [alert](alerts.md).
 
 
 # Properties
@@ -57,7 +57,7 @@ alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was cr
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
 resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
-machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
+machineId | String | ID of a [machine](machine.md) entity that is associated with the alert.
 
 # JSON representation
 ```

windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md

@@ -60,7 +60,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md

@@ -69,7 +69,7 @@ category| String | Category of the alert. The property values are: 'None', 'Susp
 
 
 ## Response
-If successful, this method returns 200 OK, and a new [alert](alerts-windows-defender-advanced-threat-protection-new.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
+If successful, this method returns 200 OK, and a new [alert](alerts.md) object in the response body. If event with the specified properties (_reportId_, _eventTime_ and _machineId_) was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -82,7 +82,7 @@ This page explains how to create an AAD application, get an access token to Micr
 	For instance,
 
     - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
-    - To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
+    - To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
 
        To determine which permission you need, look at the **Permissions** section in the API you are interested to call.
 

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md

@@ -74,7 +74,7 @@ This page explains how to create an AAD application, get an access token to Micr
 	For instance,
 
 	- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
-	- To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
+	- To [isolate a machine](isolate-machine.md), select 'Isolate machine' permission
 	- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
 
     ![Image of select permissions](images/webapp-select-permission.png)

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md

@@ -29,9 +29,9 @@ ms.date: 11/15/2018
 
 ### Properties that supports $filter:
 
-- [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
+- [Alert](alerts.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
-- [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
+- [Machine](machine.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
-- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
+- [MachineAction](machineaction.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
 
 ### Example 1
 

windows/security/threat-protection/microsoft-defender-atp/files.md

@@ -27,10 +27,10 @@ Represent a file entity in Microsoft Defender ATP.
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[Get file](get-file-information-windows-defender-advanced-threat-protection-new.md) | [file](files-windows-defender-advanced-threat-protection-new.md) | Get a single file 
+[Get file](get-file-information.md) | [file](files.md) | Get a single file 
-[List file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that are associated with the file.
+[List file related alerts](get-file-related-alerts.md) | [alert](alerts.md) collection | Get the [alert](alerts.md) entities that are associated with the file.
-[List file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Get the [machine](machine-windows-defender-advanced-threat-protection-new.md) entities associated with the alert.
+[List file related machines](get-file-related-machines.md) | [machine](machine.md) collection | Get the [machine](machine.md) entities associated with the alert.
-[file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md) | Statistics summary | Retrieves the prevalence for the given file.
+[file statistics](get-file-statistics.md) | Statistics summary | Retrieves the prevalence for the given file.
 
 
 # Properties

windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md

@@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
+If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body. If alert with the specified id was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-alerts.md

@@ -64,7 +64,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200 OK, and a list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) objects in the response body.
+If successful, this method returns 200 OK, and a list of [alert](alerts.md) objects in the response body.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md

@@ -61,7 +61,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities. If domain does not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [alert](alerts.md) entities. If domain does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md

@@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and domain exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities. If domain do not exist - 404 Not Found.
+If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain do not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-file-information.md

@@ -56,7 +56,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with the [file](files-windows-defender-advanced-threat-protection-new.md) entity in the body. If file does not exist - 404 Not Found.
+If successful and file exists - 200 OK with the [file](files.md) entity in the body. If file does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md

@@ -59,7 +59,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file do not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md

@@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and file exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If file do not exist - 404 Not Found.
+If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file do not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md

@@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and IP exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
+If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in the body. If IP do not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-ip-related-machines.md

@@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and IP exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If IP do not exist - 404 Not Found.
+If successful and IP exists - 200 OK with list of [machine](machine.md) entities in the body. If IP do not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md

@@ -59,7 +59,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with the [machine](machine-windows-defender-advanced-threat-protection-new.md) entity in the body.
+If successful and machine exists - 200 OK with the [machine](machine.md) entity in the body.
 If machine with the specified id was not found - 404 Not Found.
 
 

windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md

@@ -55,7 +55,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exist - 200 OK with list of [user](user-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and machine exist - 200 OK with list of [user](user.md) entities in the body. If machine was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md

@@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machine exists - 200 OK with list of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities in the body. If machine was not found - 404 Not Found.
+If successful and machine exists - 200 OK with list of [alert](alerts.md) entities in the body. If machine was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md

@@ -57,7 +57,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
+If successful, this method returns 200, Ok response code with a [Machine Action](machineaction.md) entity. If machine action entity with the specified id was not found - 404 Not Found.
 
 ## Example
 

windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md

@@ -60,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
+If successful, this method returns 200, Ok response code with a collection of [machineAction](machineaction.md) entities.
 
 
 ## Example 1

windows/security/threat-protection/microsoft-defender-atp/get-machines.md

@@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machines exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If no recent machines - 404 Not Found.
+If successful and machines exists - 200 OK with list of [machine](machine.md) entities in the body. If no recent machines - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md

@@ -23,7 +23,7 @@ ms.date: 12/08/2017
 
 [!include[Prerelease information](prerelease.md)]
 
-Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).
+Get a URI that allows downloading of an [investigation package](collect-investigation-package.md).
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)

windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md

@@ -58,7 +58,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator.md) entities.
 
 >[!Note]
 > If the Application has 'Ti.ReadWrite.All' permission, it will be exposed to all Indicators. Otherwise, it will be exposed only to the Indicators it created.

windows/security/threat-protection/microsoft-defender-atp/get-user-information.md

@@ -47,7 +47,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and user exists - 200 OK with [user](user-windows-defender-advanced-threat-protection-new.md) entity in the body. If user does not exist - 404 Not Found.
+If successful and user exists - 200 OK with [user](user.md) entity in the body. If user does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md

@@ -60,7 +60,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and user exists - 200 OK with list of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the body. If user does not exist - 404 Not Found.
+If successful and user exists - 200 OK with list of [machine](machine.md) entities in the body. If user does not exist - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md

@@ -67,7 +67,7 @@ IsolationType	| String |	Type of the isolation. Allowed values are: 'Full' or 'S
 
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -109,4 +109,4 @@ Content-type: application/json
 
 ```
 
-To unisolate a machine, see [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md).
+To unisolate a machine, see [Release machine from isolation](unisolate-machine.md).

windows/security/threat-protection/microsoft-defender-atp/machine-tags.md

@@ -83,7 +83,7 @@ You can manage tags from the Actions button or by selecting a machine from the M
 ![Image of adding tags on a machine](images/atp-tag-management.png)
 
 ## Add machine tags using APIs
-For more information, see [Add or remove machine tags API](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md).
+For more information, see [Add or remove machine tags API](add-or-remove-machine-tags.md).
 
 
 

windows/security/threat-protection/microsoft-defender-atp/machine.md

@@ -24,29 +24,29 @@ ms.topic: article
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[List machines](get-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List set of [machine](machine-windows-defender-advanced-threat-protection-new.md) entities in the org.
+[List machines](get-machines.md) | [machine](machine.md) collection | List set of [machine](machine.md) entities in the org.
-[Get machine](get-machine-by-id-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Get a [machine](machine-windows-defender-advanced-threat-protection-new.md) by its identity.
+[Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity.
-[Get logged on users](get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [User](user-windows-defender-advanced-threat-protection-new.md) that logged on to the [machine](machine-windows-defender-advanced-threat-protection-new.md).
+[Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md).
-[Get related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | Get the set of [alert](alerts-windows-defender-advanced-threat-protection-new.md) entities that were raised on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
+[Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md).
-[Add or Remove machine tags](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | Add or Remove tag to a specific machine.
+[Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine.
-[Find machines by IP](find-machines-by-ip-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | Find machines seen with IP.
+[Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP.
 
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity.
+id | String | [machine](machine.md) identity.
-computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name.
+computerDnsName | String | [machine](machine.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Microsoft Defender ATP.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Microsoft Defender ATP.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine.md) was observed by Microsoft Defender ATP.
 osPlatform | String | OS platform.
 osVersion | String | OS Version.
-lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
+lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
-lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
+lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
 agentVersion | String | Version of Microsoft Defender ATP agent.
 osBuild | Nullable long | OS build number.
-healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
+healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
 rbacGroupId | Int | RBAC Group ID.
 rbacGroupName | String | RBAC Group Name.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
-aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
+aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined).
-machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.
+machineTags | String collection | Set of [machine](machine.md) tags.

windows/security/threat-protection/microsoft-defender-atp/machineaction.md

@@ -26,21 +26,21 @@ ms.date: 12/08/2017
 
 Method|Return Type |Description
 :---|:---|:---
-[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
+[List MachineActions](get-machineactions-collection.md) | [Machine Action](machineaction.md) | List [Machine Action](machineaction.md) entities.
-[Get MachineAction](get-machineaction-object-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get a single [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
+[Get MachineAction](get-machineaction-object.md) | [Machine Action](machineaction.md) | Get a single [Machine Action](machineaction.md) entity.
-[Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Collect investigation package from a [machine](machine-windows-defender-advanced-threat-protection-new.md).
+[Collect investigation package](collect-investigation-package.md) | [Machine Action](machineaction.md) | Collect investigation package from a [machine](machine.md).
-[Get investigation package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Get URI for downloading the investigation package.
+[Get investigation package SAS URI](get-package-sas-uri.md) | [Machine Action](machineaction.md) | Get URI for downloading the investigation package.
-[Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Isolate [machine](machine-windows-defender-advanced-threat-protection-new.md) from network.
+[Isolate machine](isolate-machine.md) | [Machine Action](machineaction.md) | Isolate [machine](machine.md) from network.
-[Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Release [machine](machine-windows-defender-advanced-threat-protection-new.md) from Isolation.
+[Release machine from isolation](unisolate-machine.md) | [Machine Action](machineaction.md) | Release [machine](machine.md) from Isolation.
-[Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
+[Restrict app execution](restrict-code-execution.md) | [Machine Action](machineaction.md) | Restrict application execution.
-[Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
+[Remove app restriction](unrestrict-code-execution.md) | [Machine Action](machineaction.md) | Remove application execution restriction.
-[Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
+[Run antivirus scan](run-av-scan.md) | [Machine Action](machineaction.md) | Run an AV scan using Windows Defender (when applicable).
-[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Microsoft Defender ATP.
+[Offboard machine](offboard-machine-api.md)|[Machine Action](machineaction.md) | Offboard [machine](machine.md) from Microsoft Defender ATP.
 
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-id | Guid | Identity of the [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entity.
+id | Guid | Identity of the [Machine Action](machineaction.md) entity.
 type | Enum | Type of the action. Possible values are: "RunAntiVirusScan", "Offboard", "CollectInvestigationPackage", "Isolate", "Unisolate", "StopAndQuarantineFile", "RestrictCodeExecution" and "UnrestrictCodeExecution"
 requestor | String | Identity of the person that executed the action.
 requestorComment | String | Comment that was written when issuing the action.

windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md

@@ -59,7 +59,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md

@@ -28,7 +28,7 @@ ms.date: 12/08/2017
 > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
 
 
-- Submits or Updates new [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+- Submits or Updates new [Indicator](ti-indicator.md) entity.
 
 
 ## Permissions
@@ -60,7 +60,7 @@ In the request body, supply a JSON object with the following parameters:
 
 Parameter |	Type	| Description
 :---|:---|:---
-indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
+indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
 indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
 action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
 title | String | Indicator alert title. **Optional**
@@ -71,7 +71,7 @@ recommendedActions | String | TI indicator alert recommended actions. **Optional
 
 
 ## Response
-- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
+- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator.md) entity in the response body.
 - If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit an Indicator that conflicts with an existing Indicator type or Action.  
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md

@@ -60,7 +60,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -101,5 +101,5 @@ Content-type: application/json
 
 ```
 
-To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md).
+To remove code execution restriction from a machine, see [Remove app restriction](unrestrict-code-execution.md).
 

windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md

@@ -62,7 +62,7 @@ Comment |	String |	Comment to associate with the action. **Required**.
 Sha1 |	String	 | Sha1 of the file to stop and quarantine on the machine. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md

@@ -24,16 +24,16 @@ ms.topic: article
 
 Method|Return Type |Description
 :---|:---|:---
-[List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+[List Indicators](get-ti-indicators-collection.md) | [Indicator](ti-indicator.md) Collection | List [Indicator](ti-indicator.md) entities.
-[Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
-[Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.
 
 - See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal: 
 
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity.
 indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
 title | String | Indicator alert title.
 creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.

windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md

@@ -61,7 +61,7 @@ Parameter |	Type	| Description
 Comment |	String |	Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -105,5 +105,5 @@ Content-type: application/json
 
 ```
 
-To isolate a machine, see [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
+To isolate a machine, see [Isolate machine](isolate-machine.md).
 

windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md

@@ -59,7 +59,7 @@ Parameter |	Type	| Description
 Comment |	String | Comment to associate with the action. **Required**.
 
 ## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
 
 
 ## Example
@@ -101,4 +101,4 @@ Content-type: application/json
 
 ```
 
-To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md).
+To restrict code execution on a machine, see [Restrict app execution](restrict-code-execution.md).

windows/security/threat-protection/microsoft-defender-atp/update-alert.md

@@ -64,7 +64,7 @@ determination | String | Specifies the determination of the alert. The property
 
 
 ## Response
-If successful, this method returns 200 OK, and the [alert](alerts-windows-defender-advanced-threat-protection-new.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
+If successful, this method returns 200 OK, and the [alert](alerts.md) entity in the response body with the updated properties. If alert with the specified id was not found - 404 Not Found.
 
 
 ## Example

windows/security/threat-protection/microsoft-defender-atp/use-apis.md

@@ -27,5 +27,5 @@ ms.date: 11/28/2018
 Topic | Description
 :---|:---
 [Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access to Microsoft Defender ATP Public API and on which context. 
-[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
+[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md).
 How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).

windows/security/threat-protection/microsoft-defender-atp/user.md

@@ -21,7 +21,7 @@ ms.date: 12/08/2017
 
 Method|Return Type |Description
 :---|:---|:---
-[List User related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection |  List all the alerts that are associated with a [user](user-windows-defender-advanced-threat-protection-new.md).
+[List User related alerts](get-user-related-alerts.md) | [alert](alerts.md) collection |  List all the alerts that are associated with a [user](user.md).
-[List User related machines](get-user-related-machines-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) collection | List all the machines that were logged on by a [user](user-windows-defender-advanced-threat-protection-new.md).
+[List User related machines](get-user-related-machines.md) | [machine](machine.md) collection | List all the machines that were logged on by a [user](user.md).