Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

windows/security/threat-protection/TOC.md

@@ -92,11 +92,11 @@
 ####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
 ####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
 ####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-#######Domain
+######Domain
-########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
 
 ######File
 ####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
@@ -132,6 +132,10 @@
 ####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
 ####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
 ####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+######Machines Security States
+####### [Get MachineSecurityStates collection](windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
+######Machine Groups
+####### [Get MachineGroups collection](windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
 
 ######User
 ####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
@@ -139,6 +143,10 @@
 ####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
 ####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
+######Windows updates (KB) info
+####### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
+######Common Vulnerabilities and Exposures (CVE) to KB map
+####### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
  
 ##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
 

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -92,11 +92,12 @@
 ###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
 ###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
 ###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-######Domain
+
-#######  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+#####Domain
-####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
+###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
+###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
 
 #####File
 ###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
@@ -132,12 +133,19 @@
 ###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
 ###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
 ###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
+#####Machines Security States
+###### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
+#####Machine Groups
+###### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
 #####User
 ###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
 ###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
 ###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
 ###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
+#####Windows updates (KB) info
+###### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
+#####Common Vulnerabilities and Exposures (CVE) to KB map
+###### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
 
  
 #### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,77 @@
+---
+title: Get CVE-KB map API
+description: Retrieves a map of CVE's to KB's.
+keywords: apis, graph api, supported apis, get, cve, kb
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get CVE-KB map API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a map of of CVE's to KB's and CVE details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/cvekbmap
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful and map exists - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/CveKbMap
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
+    "@odata.count": 4168,
+    "value": [
+        {
+            "cveKbId": "CVE-2015-2482-3097617",
+            "cveId": "CVE-2015-2482",
+            "kbId":"3097617",
+            "title": "Cumulative Security Update for Internet Explorer",
+            "severity": "Critical"
+        },
+    …
+}
+
+```

windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,76 @@
+---
+title: Get KB collection API
+description: Retrieves a collection of KB's.
+keywords: apis, graph api, supported apis, get, kb
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of KB's and KB details.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/kbinfo
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/KbInfo
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
+    "@odata.count": 271,
+    "value":[
+        {
+            "id": "KB3097617 (10240.16549) Amd64",
+            "release": "KB3097617 (10240.16549)",
+            "publishingDate": "2015-10-16T21:00:00Z",
+            "version": "10.0.10240.16549",
+            "architecture": "Amd64"
+        },
+        …
+}
+```

windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,76 @@
+---
+title: Get RBAC machine groups collection API
+description: Retrieves a collection of RBAC machine groups.
+keywords: apis, graph api, supported apis, get, RBAC, group
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get KB collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of RBAC machine groups.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinegroups
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinegroups
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field id contains machine group **id** and equal to field **rbacGroupId** in machines info. 
+Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
+    "@odata.count":7,
+    "value":[
+        {
+            "id":86,
+            "name":"UnassignedGroup",
+            "description":"",
+            "ungrouped":true},
+        …
+}
+```

windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,83 @@
+---
+title: Get machines security states collection API
+description: Retrieves a collection of machines security states.
+keywords: apis, graph api, supported apis, get, machine, security, state
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: leonidzh
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/07/2018
+---
+
+# Get Machines security states collection API
+
+**Applies to:**
+
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Retrieves a collection of machines security states.
+
+## Permissions
+User needs read permissions.
+
+## HTTP request
+```
+GET /testwdatppreview/machinesecuritystates
+```
+
+## Request headers
+
+Header | Value 
+:---|:---
+Authorization | Bearer {token}. **Required**.
+Content type | application/json
+
+## Request body
+Empty
+
+## Response
+If successful - 200 OK.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
+Content-type: application/json
+```
+
+**Response**
+
+Here is an example of the response.
+Field *id* contains machine id and equal to the field *id** in machines info. 
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
+    "@odata.count":444,
+    "@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
+    "value":[
+        {
+            "id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
+            "build":14393,
+            "revision":2485,
+            "architecture":"Amd64",
+            "osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
+            "propertiesRequireAttention":[
+                "AntivirusNotReporting",
+                "EdrImpairedCommunications"
+            ]
+        },
+        …
+    ]
+}
+```

windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md

@@ -88,4 +88,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
 
 
 ## Related topic
-- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
+- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
+- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md

@@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel
 IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
 Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
 User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
+KbInfo | Run API call that gets list of Windows KB's information
+CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's
+MachineSecurityStates | Run API call that gets list of machines with their security properties and versions
+MachineGroups | Run API call that gets list of machine group definitions