diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index da798752be..99d7204f17 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -29,15 +29,16 @@ The given timestamp must be in the past 30 days.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
-Permission type | Permission | Permission display name
+Permission type |	Permission	|	Permission display name
 :---|:---|:---
-Application | Machine.Read.All | 'Read all machine profiles'
-Application | Machine.ReadWrite.All | 'Read and write all machine information'
+Application |	Machine.Read.All |	'Read all machine profiles'
+Application |	Machine.ReadWrite.All |	'Read and write all machine information'
 Delegated (work or school account) | Machine.Read | 'Read machine information'
 Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
 
-> [!Note]
+>[!Note]
 > When obtaining a token using user credentials:
+> - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 > - Response will include only machines that the user have access to based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
@@ -57,7 +58,7 @@ Empty
 
 ## Response
 If successful and machines were found - 200 OK with list of the machines in the response body.
-If no machine found - 404 Not Found.
+If no machine found  - 404 Not Found.
 If the timestamp is not in the past 30 days - 400 Bad Request.
 
 ## Example
@@ -66,18 +67,12 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
 
 Here is an example of the request.
 
+[!include[Improve request performance](improve-request-performance.md)]
+
 ```
 GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)
 ```
 
-## Improve request performance
-
-> [!NOTE]
-> You can use a server closer to your geolocation for better performance:
-> - api-us.securitycenter.windows.com
-> - api-eu.securitycenter.windows.com
-> - api-uk.securitycenter.windows.com
-
 **Response**
 
 Here is an example of the response.
@@ -90,21 +85,21 @@ Content-type: application/json
     "value": [
         {
             "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
-            "computerDnsName": "mymachine1.contoso.com",
-            "firstSeen": "2018-08-02T14:55:03.7791856Z",
-            "lastSeen": "2018-09-22T08:55:03.7791856Z",
-            "osPlatform": "Windows10",
-            "osVersion": "10.0.0.0",
-            "lastIpAddress": "10.248.240.38",
-            "lastExternalIpAddress": "167.220.196.71",
-            "agentVersion": "10.5830.18209.1001",
-            "osBuild": 18209,
-            "healthStatus": "Active",
-            "rbacGroupId": 140,
-            "rbacGroupName": "The-A-Team",
-            "riskScore": "Low",
-            "aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
-            "machineTags": [ "test tag 1", "test tag 2" ]
+			"computerDnsName": "mymachine1.contoso.com",
+			"firstSeen": "2018-08-02T14:55:03.7791856Z",
+			"lastSeen": "2018-09-22T08:55:03.7791856Z",
+			"osPlatform": "Windows10",
+			"osVersion": "10.0.0.0",
+			"lastIpAddress": "10.248.240.38",
+			"lastExternalIpAddress": "167.220.196.71",
+			"agentVersion": "10.5830.18209.1001",
+			"osBuild": 18209,
+			"healthStatus": "Active",
+			"rbacGroupId": 140,
+			"rbacGroupName": "The-A-Team",
+			"riskScore": "Low",
+			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
         }
     ]
 }
diff --git a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md b/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
new file mode 100644
index 0000000000..880f5e4d11
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md
@@ -0,0 +1,26 @@
+---
+title: Improve request performance
+description: Improve request performance
+keywords: server, request, performance
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Improve request performance
+
+
+>[!NOTE]
+>For better performance, you can use server closer to your geo location:
+> - api-us.securitycenter.windows.com
+> - api-eu.securitycenter.windows.com
+> - api-uk.securitycenter.windows.com
\ No newline at end of file