From 6c54e6e8ccc8d261a7bd7a35cef749ae03b1dc5e Mon Sep 17 00:00:00 2001
From: Zvi Avidor <zavidor@microsoft.com>
Date: Thu, 4 Oct 2018 17:53:49 +0300
Subject: [PATCH] self review 1

---
 ...windows-defender-advanced-threat-protection-new.md |  4 ++++
 ...windows-defender-advanced-threat-protection-new.md |  5 +++++
 ...windows-defender-advanced-threat-protection-new.md |  5 +++++
 ...windows-defender-advanced-threat-protection-new.md |  2 +-
 ...windows-defender-advanced-threat-protection-new.md | 11 +++++------
 ...windows-defender-advanced-threat-protection-new.md |  2 +-
 ...windows-defender-advanced-threat-protection-new.md |  2 +-
 ...windows-defender-advanced-threat-protection-new.md |  5 +++++
 ...windows-defender-advanced-threat-protection-new.md |  5 +++++
 ...windows-defender-advanced-threat-protection-new.md |  4 ++++
 ...windows-defender-advanced-threat-protection-new.md |  4 ++++
 11 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
index 65ac87525b..db36c8aa7e 100644
--- a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
@@ -29,6 +29,10 @@ Permission type |	Permission	|	Permission display name
 Application |	Machine.ReadWrite.All |	'Read and write all machine information'
 Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'Manage security setting' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
 
 ## HTTP request
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
index dc9498c8f0..2ad984ccf6 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
@@ -31,6 +31,11 @@ Application |	Alert.ReadWrite.All |	'Read and write all alerts'
 Delegated (work or school account) | Alert.Read | 'Read alerts'
 Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/alerts/{id}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
index 29f7b7ed3e..45eca676f9 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
@@ -30,6 +30,11 @@ Permission type |	Permission	|	Permission display name
 Application |	Ip.Read.All |	'Read IP address profiles'
 Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/alerts/{id}/ips
diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
index 205805378d..4d4e5e0cb0 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
@@ -37,7 +37,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- The user needs to have access to the machine associated with the alert, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- The response will include only alerts that are associated with machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
 
 ## HTTP request
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
index e1d21e0582..6542d0bebd 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -31,16 +31,15 @@ Application |	Machine.ReadWrite.All |	'Read and write all machine information'
 Delegated (work or school account) | Machine.Read | 'Read machine information'
 Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/domains/{domain}/machines
 ```
->[!Note]
-> When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Only machines that the user can access, based on machine group settings will be listed (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
-
-
 ## Request headers
 
 Name | Type | Description
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
index ed3fde05b1..335b6efcb7 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
@@ -35,7 +35,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
 
 
 ## HTTP request
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
index 0a8170f0fd..2fd9e07d99 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -35,7 +35,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 >[!Note]
 > When obtaining a token using user credentials:
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
->- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+>- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
 
 ## HTTP request
 ```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
index 7bbc0c5ccb..bca064ca3f 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
@@ -31,6 +31,11 @@ Application |	Alert.ReadWrite.All |	'Read and write all alerts'
 Delegated (work or school account) | Alert.Read | 'Read alerts'
 Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- Response will include only alerts, associated with machines, that the user have access to, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/users/{id}/alerts
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
index 676602504f..2198203628 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -31,6 +31,11 @@ Application |	Machine.ReadWrite.All |	'Read and write all machine information'
 Delegated (work or school account) | Machine.Read | 'Read machine information'
 Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- Response will include only machines that the user can access, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/users/{id}/machines
diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
index e3fc93951d..22bf9eb5a9 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
@@ -30,6 +30,10 @@ Permission type |	Permission	|	Permission display name
 Application |	Url.Read.All |	'Read URLs'
 Delegated (work or school account) | URL.Read.All |	'Read URLs'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/domains/{domain}
diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
index 575b792100..b976177106 100644
--- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
@@ -31,6 +31,10 @@ Permission type |	Permission	|	Permission display name
 Application |	Ip.Read.All |	'Read IP address profiles'
 Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+
 ## HTTP request
 ```
 GET /api/ips/{ip}