update images and text

windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,6 +14,8 @@ ms.date: 12/08/2017
 ---
 
 # Alert resource type
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
@@ -22,36 +24,36 @@ Represents an alert entity in WDATP.
 # Methods
 Method|Return Type |Description
 :---|:---|:---
-[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object.
+[Get alert](get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) | Get a single [alert](alerts-windows-defender-advanced-threat-protection-new.md) object.
-[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection.
+[List alerts](get-alerts-windows-defender-advanced-threat-protection-new.md) | [Alert](alerts-windows-defender-advanced-threat-protection-new.md) collection | List [alert](alerts-windows-defender-advanced-threat-protection-new.md) collection.
-[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md)
+[Create alert](create-alert-by-reference-windows-defender-advanced-threat-protection-new.md)|[Alert](alerts-windows-defender-advanced-threat-protection-new.md)|Create an alert based on event data obtained from [Advanced Hunting](run-advanced-query-api.md).
-[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection|List Urls associated with the alert.
+[List related domains](get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md)|Domain collection| List URLs associated with the alert.
-[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [file](files-windows-defender-advanced-threat-protection-new.md) collection |  List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[List related files](get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md) | [File](files-windows-defender-advanced-threat-protection-new.md) collection |  List the [file](files-windows-defender-advanced-threat-protection-new.md) entities that are associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
-[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated witht the alert.
+[List related IPs](get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md) | IP collection | List IPs that are associated with the alert.
-[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[Get related machines](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md) | [Machine](machine-windows-defender-advanced-threat-protection-new.md) | The [machine](machine-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
-[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [user](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
+[Get related users](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md) | [User](user-windows-defender-advanced-threat-protection-new.md) | The [user](user-windows-defender-advanced-threat-protection-new.md) that is associated with the [alert](alerts-windows-defender-advanced-threat-protection-new.md).
 
 
 # Properties
 Property |	Type	|	Description
 :---|:---|:---
-id | String | alert id.
+id | String | Alert ID
-severity | String | severity of the alert. Allowed values are: 'Low', 'Medium' and 'High'.
+severity | String | Severity of the alert. Allowed values are: 'Low', 'Medium' and 'High'.
 status | String | Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'.
 description | String | Description of the threat, identified by the alert.
 recommendedAction | String | Action recommended for handling the suspected threat.
 alertCreationTime | DateTimeOffset | The date and time (in UTC) the alert was created.
 category| String | Category of the alert. The property values are: 'None', 'SuspiciousActivity', 'Malware', 'CredentialTheft', 'Exploit', 'WebExploit', 'DocumentExploit', 'PrivilegeEscalation', 'Persistence', 'RemoteAccessTool', 'CommandAndControl', 'SuspiciousNetworkTraffic', 'Ransomware', 'MalwareDownload', 'Reconnaissance', 'WebFingerprinting', 'Weaponization', 'Delivery', 'SocialEngineering', 'CredentialStealing', 'Installation', 'Backdoor', 'Trojan', 'TrojanDownloader', 'LateralMovement', 'ExplorationEnumeration', 'NetworkPropagation', 'Exfiltration', 'NotApplicable', 'EnterprisePolicy' and	'General'.
-title | string | Alert title.
+title | string | Alert title
-threatFamilyName | string | Threat family.
+threatFamilyName | string | Threat family
-detectionSource | string | detection source 
+detectionSource | string | Detection source 
 assignedTo | String | Owner of the alert
-classification | String | Speficies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. 
+classification | String | Specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. 
 determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
 resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
 lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
 firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
-machineId | String | id of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
+machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
 
 # JSON representation
 ```

windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Collect investigation package API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 
 
 Collect investigation package from a machine.

windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Create alert from event API 
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
+[!include[Prerelease<73>information](prerelease.md)]
+
+
 Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -25,7 +25,7 @@ ms.date: 09/03/2018
 [!include[Prerelease information](prerelease.md)]
 
 
-These pages describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user.
+This page describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user.
 
 If you need programmatical access Windows Defender ATP without a user, refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md).
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md

@@ -23,9 +23,9 @@ ms.date: 09/03/2018
 
 [!include[Prerelease information](prerelease.md)]
 
-This pages describes how to create an application to get programmatical access to Windows Defender ATP without a user.
+This page describes how to create an application to get programmatical access to Windows Defender ATP without a user.
 
-If you need programmatical access Windows Defender ATP on behalf of a user, please refer to [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
+If you need programmatical access Windows Defender ATP on behalf of a user, see [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
 
 If you are not sure which access you need, see [Use Windows Defender ATP APIs](exposed-apis-intro.md).
 
@@ -102,9 +102,9 @@ This page explains how to create an app, get an access token to Windows Defender
 
 11. Set your application to be multi-tenanted
 	
-	This is **required** for 3rd party apps (i.e., if you create an application that is intended to run in multiple customers tenant).
+	This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant).
 
-	This is **not required** if you create a service that you want to run in your tenant only (i.e., if you create an application for your own usage that will only interact with your own data)​
+	This is **not required** if you create a service that you want to run in your tenant only (for example, if you create an application for your own usage that will only interact with your own data)​
 
 	Click **Properties** > **Yes** > **Save**.
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md

@@ -10,10 +10,15 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 30/07/2018
+ms.date: 09/24/2018
 ---
 
 # Windows Defender ATP APIs using PowerShell
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
 
 Full scenario using multiple APIs from Windows Defender ATP.
 

windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md

@@ -16,11 +16,6 @@ ms.date: 30/07/2018
 # Supported Windows Defender ATP query APIs 
 
 **Applies to:**
-
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 

windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert information by ID API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves an alert by its ID.
 

windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related domain information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves all domains related to a specific alert.
 

windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related files information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves all files related to a specific alert.
 

windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related IP information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 
 Retrieves all IPs related to a specific alert.

windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related machine information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves machine that is related to a specific alert.
 

windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get alert related user information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 
 Retrieves the user associated to a specific alert.

windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,12 @@ ms.date: 12/08/2017
 ---
 
 # List alerts API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
+[!include[Prerelease<73>information](prerelease.md)]
+
 
 Retrieves top recent alerts.
 

windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,12 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Get domain related alerts API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
 
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
 

windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,10 @@ ms.date: 12/08/2017
 ---
 
 # Get domain related machines API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves a collection of machines that have communicated to or from a given domain address.
 

windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get domain statistics API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves the prevalence for the given domain.
 

windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Get file information API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
+
+
 
 
 

windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,16 @@ ms.date: 12/08/2017
 ---
 
 # Get file related alerts API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
+[!include[Prerelease<73>information](prerelease.md)]
+
+
+
+
 
 Retrieves a collection of alerts related to a given file hash.
 

windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get file related machines API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves a collection of machines related to a given file hash.
 

windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Get file statistics API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
+
+
+
 
 
 Retrieves the prevalence for the given file.

windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,14 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get IP related alerts API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-
+[!include[Prerelease<73>information](prerelease.md)]
 
 Retrieves a collection of alerts related to a given IP address.
 

windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,11 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get IP related machines API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 Retrieves a collection of machines that communicated with or from a particular IP.
 

windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,14 @@ ms.date: 12/08/2017
 ---
 
 # Get IP statistics API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
+
+
+
 Retrieves the prevalence for the given IP.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Get machine by ID API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
+[!include[Prerelease<73>information](prerelease.md)]
+
 Retrieves a machine entity by ID.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,15 @@ ms.date: 12/08/2017
 ---
 
 # Get machine log on users API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
+[!include[Prerelease<73>information](prerelease.md)]
+
+
+
 Retrieves a collection of logged on users.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,12 +14,12 @@ ms.date: 12/08/2017
 ---
 
 # Get machine related alerts  API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
 
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 Retrieves a collection of alerts related to a given machine ID.
 

windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get machineAction API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Get action performed on a machine.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,15 @@ ms.date: 12/08/2017
 ---
 
 # List machines API
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
+[!include[Prerelease<73>information](prerelease.md)]
+
+
+
 Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get package SAS URI API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get user related alerts API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Retrieves a collection of alerts related to a given user ID.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Get user related machines API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Retrieves a collection of machines related to a given user ID.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,12 @@ ms.date: 04/24/2018
 ---
 
 # Was domain seen in org
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Answers whether a domain was seen in the organization. 
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,13 @@ ms.date: 12/08/2017
 ---
 
 # Was IP seen in org
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
+[!include[Prerelease<73>information](prerelease.md)]
+
 Answers whether an IP was seen in the organization.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Isolate machine API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Isolates a machine from accessing external network.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md

@@ -15,6 +15,11 @@ ms.date: 12/08/2017
 
 # MachineAction resource type
 
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease<73>information](prerelease.md)]
+
 Method|Return Type |Description
 :---|:---|:---
 [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.

windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Offboard machine API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Offboard machine from WDATP.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Restrict app execution API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information)
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md

@@ -14,21 +14,22 @@ ms.date: 09/03/2018
 ---
 
 # Advanced hunting API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
 
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-This API allows you to run programatically queries that you are used to run from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting)
+This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).
 
 
 ## Limitations
-This API is a beta version only and is currently restricted
+This API is a beta version only and is currently restricted to the following actions:
 1. ​You can only run a query on data from the last 30 days
 2. The results will include a maximum of 10,000 rows
-3. The nu​mber of executions is limited​ (up to 15 minutes every hour and 4 hours a day)
+3. The number of executions is limited​ (up to 15 minutes every hour and 4 hours a day)
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](exposed-apis-intro.md)
@@ -123,12 +124,12 @@ Content-Type: application/json​
 
 ```
 
-## T​roubl​eshooting:
+## T​roubl​eshoot issues
 
 - Error: (403) Forbidden
 	
 	
-    If you get this error when calling WDATP API, your token probably does not include the necessary permission.
+    If you get this error when calling Windows Defender ATP API, your token might not include the necessary permission.
 
 	Check [app permissions](exposed-apis-create-app-webapp.md#validate-the-token) or [delegated permissions](exposed-apis-create-app-nativeapp.md#validate-the-token) included in your token.
 	

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md

@@ -10,30 +10,31 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 30/07/2018
+ms.date: 09/24/2018
 ---
 
 # Schedule Advanced Hunting using Microsoft Flow 
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease information](prerelease.md)]
+
 Schedule advanced query.
 
->**Prerequisite**: You first need to [create an app](exposed-apis-intro.md).
+## Before you begin
+You first need to [create an app](exposed-apis-intro.md).
 
 ## Use case
 
-If you need to schedule an advanced query and use the results for follow up actions and processing, you can use [Microsoft Flow](https://flow.microsoft.com/) (or Logic Apps) for it!
+If you need to schedule an advanced query and use the results for follow up actions and processing, you can use [Microsoft Flow](https://flow.microsoft.com/) (or Logic Apps) for it.
 
 ## Define a flow to run query and parse results
 
-You will find below a very basic flow example:
+Use the following basic flow as an example.
 
-1. Define the trigger – Recurrence by time
+1. Define the trigger – Recurrence by time.
 
-2. Add an action – Select HTTP
+2. Add an action: Select HTTP.
 
 	![Image of MsFlow choose an action](images/ms-flow-choose-action.png)
 
@@ -59,9 +60,9 @@ You will find below a very basic flow example:
 
 ## Expand the flow to use the query results
 
-The below section shows how to use the parsed results to insert them in SQL database.
+The following section shows how to use the parsed results to insert them in SQL database.
 
-This is an example only, you could perform on your results any other action supported by Microsoft Flow.
+This is an example only, you can  use other actions supported by  Microsoft Flow.
 
 - Add an 'Apply to each' action
 - Select the Results json (which was an output of the last parse action)
@@ -76,7 +77,7 @@ The output in the SQL DB is getting updates and can be used for correlation with
 
 ## Full flow definition
 
-You can find below the full definition
+You can see the full defintion in the following image:
 
 ![Image of E2E flow](images/ms-flow-e2e.png)
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md

@@ -14,6 +14,11 @@ ms.date: 30/07/2018
 ---
 
 # Create custom reports using Power BI (user authentication)
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
 
 Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
 
@@ -21,7 +26,8 @@ In this section we share Power BI query sample to run a query using **user token
 
 If you want to use **application token** instead please refer to [this](run-advanced-query-sample-power-bi-app-token.md) tutorial.
 
->**Prerequisite**: You first need to [create an app](exposed-apis-create-app-nativeapp.md).
+## Before you begin
+You first need to [create an app](exposed-apis-create-app-nativeapp.md).
 
 ## Run a query
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md

@@ -10,18 +10,24 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
-ms.date: 30/07/2018
+ms.date: 09/24/2018
 ---
 
 # Advanced Hunting using PowerShell
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Run advanced queries using PowerShell. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
+[!include[Prerelease information](prerelease.md)]
+
+
+Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
 
 In this section we share PowerShell samples to retrieve a token and use it to run a query.
 
->**Prerequisite**: You first need to [create an app](exposed-apis-intro.md).
+## Before you begin
+You first need to [create an app](exposed-apis-intro.md).
 
-## Preparation Instructions
+## Preparation instructions
 
 - Open a PowerShell window.
 - If your policy does not allow you to run the PowerShell commands, you can run the below command:
@@ -29,11 +35,11 @@ In this section we share PowerShell samples to retrieve a token and use it to ru
 Set-ExecutionPolicy -ExecutionPolicy Bypass
 ```
 
->For more details, refer to [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy)
+>For more details, see [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy)
 
 ## Get token
 
-- Run the below
+- Run the following:
 
 ```
 $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID here
@@ -60,7 +66,7 @@ where
 
 ## Run query
 
-Run the below
+Run the following query:
 
 ```
 $query = 'RegistryEvents | limit 10' # Paste your own query here

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md

@@ -14,8 +14,12 @@ ms.date: 30/07/2018
 ---
 
 # Advanced Hunting using Python
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-Run advanced queries using Python. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
+[!include[Prerelease information](prerelease.md)]
+
+Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
 
 In this section we share Python samples to retrieve a token and use it to run a query.
 
@@ -23,7 +27,7 @@ In this section we share Python samples to retrieve a token and use it to run a
 
 ## Get token
 
-- Run the below
+- Run the following:
 
 ```
 
@@ -62,7 +66,7 @@ where
 
 ## Run query
 
-Run the below
+ Run the following query:
 
 ```
 query = 'RegistryEvents | limit 10' # Paste your own query here

windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Run antivirus scan API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Initiate Windows Defender Antivirus scan on a machine.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Release machine from isolation API
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 [!include[Prerelease<73>information](prerelease.md)]
 
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
 Undo isolation of a machine.
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md

@@ -14,11 +14,11 @@ ms.date: 12/08/2017
 ---
 
 # Remove app restriction API
-
 **Applies to:**
-
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+[!include[Prerelease<73>information](prerelease.md)]
+
 
 
 Enable execution of any application on the machine.

windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md

@@ -14,13 +14,12 @@ ms.date: 12/08/2017
 ---
 
 # Update alert 
-
-[!include[Prerelease<73>information](prerelease.md)]
-
 **Applies to:**
 
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
+
+[!include[Prerelease<73>information](prerelease.md)]
 Update the properties of an alert entity.
 
 ## Permissions