Merged PR 10848: Add tutorial to run Power BI with user token

Add tutorial to run Power BI with user token

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -157,7 +157,7 @@
 ##### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)
 ##### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 ##### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
-##### [Create custom Power BI reports](run-advanced-query-sample-power-bi.md)
+##### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
 
 
 ### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -124,7 +124,7 @@ The  code was below tested with nuget Microsoft.IdentityModel.Clients.ActiveDire
 
 	```
 	const string authority = "https://login.windows.net";
-	const string wdatpResourceId = "https://api.securitycenter.windows.com/";
+	const string wdatpResourceId = "https://api.securitycenter.windows.com";
 
 	string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here
 	string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md

@@ -152,7 +152,7 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
 	string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! 
 
 	const string authority = "https://login.windows.net";
-	const string wdatpResourceId = "https://api.securitycenter.windows.com/";
+	const string wdatpResourceId = "https://api.securitycenter.windows.com";
 
 	AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/");
 	ClientCredential clientCredential = new ClientCredential(appId, appSecret);

windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md

@@ -201,7 +201,7 @@ In general, if you know of a specific threat name, CVE, or KB, you can identify
 
 
 ## Related topic
-- [**Beta** Create custom Power BI reports](run-advanced-query-sample-power-bi.md)
+- [**Beta** Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
 
 
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md

@@ -13,13 +13,15 @@ ms.localizationpriority: medium
 ms.date: 30/07/2018
 ---
 
-# Create custom reports using Power BI
+# Create custom reports using Power BI (app authentication)
 
 Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
 
-In this section we share Power BI query sample to run a query using application token.
+In this section we share Power BI query sample to run a query using **application token**.
 
->**Prerequisite**: You first need to [create an app](exposed-apis-intro.md).
+If you want to use **user token** instead please refer to [this](run-advanced-query-sample-power-bi-user-token.md) tutorial.
+
+>**Prerequisite**: You first need to [create an app](exposed-apis-create-app-webapp.md).
 
 ## Run a query
 
@@ -33,7 +35,7 @@ In this section we share Power BI query sample to run a query using application
 
     ![Image of open advanced editor](images/power-bi-open-advanced-editor.png)
 
-- Copy the below and paste it in the editor, after you update the values of _TenantId, _AppId, _AppSecret, _Query
+- Copy the below and paste it in the editor, after you update the values of TenantId, AppId, AppSecret, Query
 
 	```
 	let 
@@ -43,7 +45,7 @@ In this section we share Power BI query sample to run a query using application
 		AppSecret = "22222222-2222-2222-2222-222222222222", // Paste your own app secret here
 		Query = "MachineInfo | where EventTime > ago(7d) | summarize EventCount=count(), LastSeen=max(EventTime) by MachineId", // Paste your own query here
     
-		ResourceAppIdUrl = "https://securitycenter.onmicrosoft.com/windowsatpservice",
+		ResourceAppIdUrl = "https://api.securitycenter.windows.com",
 		OAuthUrl = Text.Combine({"https://login.windows.net/", TenantId, "/oauth2/token"}, ""),
 
 		Resource = Text.Combine({"resource", Uri.EscapeDataString(ResourceAppIdUrl)}, "="),
@@ -108,7 +110,7 @@ In this section we share Power BI query sample to run a query using application
 
 - Select **Anonymous** and click **Connect**
 
-    ![Image of set credentials](images/power-bi-set-credentials.png)
+    ![Image of set credentials](images/power-bi-set-credentials-anonymous.png)
 
 - Repeat the previous step for the second URL
 
@@ -125,6 +127,7 @@ In this section we share Power BI query sample to run a query using application
     ![Image of query results](images/power-bi-query-results.png)
 
 ## Related topic
+- [Create custom Power BI reports with user authentication](run-advanced-query-sample-power-bi-user-token.md)
 - [Windows Defender ATP APIs](exposed-apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md

@@ -0,0 +1,112 @@
+---
+title: Advanced Hunting API
+description: Use this API to run advanced queries
+keywords: apis, supported apis, advanced hunting, query
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 30/07/2018
+---
+
+# Create custom reports using Power BI (user authentication)
+
+Run advanced queries and show results in Microsoft Power BI. Please read about [Advanced Hunting API](run-advanced-query-api.md) before.
+
+In this section we share Power BI query sample to run a query using **user token**.
+
+If you want to use **application token** instead please refer to [this](run-advanced-query-sample-power-bi-app-token.md) tutorial.
+
+>**Prerequisite**: You first need to [create an app](exposed-apis-create-app-nativeapp.md).
+
+## Run a query
+
+- Open Microsoft Power BI
+
+- Click **Get Data** > **Blank Query**
+
+    ![Image of create blank query](images/power-bi-create-blank-query.png)
+
+- Click **Advanced Editor**
+
+    ![Image of open advanced editor](images/power-bi-open-advanced-editor.png)
+
+- Copy the below and paste it in the editor, after you update the values of Query
+
+	```
+	let 
+
+		Query = "MachineInfo | where EventTime > ago(7d) | summarize EventCount=count(), LastSeen=max(EventTime) by MachineId",
+    
+		AdvancedHuntingUrl = "https://api.securitycenter.windows.com/advancedqueries/query",
+    
+		Response = Json.Document(Web.Contents(
+			AdvancedHuntingUrl, 
+			[
+				Query=[#"queryText"=Query]
+			]
+		)),
+
+		TypeMap = #table(
+			{ "Type", "PowerBiType" },
+			{
+				{ "Double",   Double.Type },
+				{ "Int64",    Int64.Type },
+				{ "Int32",    Int32.Type },
+				{ "Int16",    Int16.Type },
+				{ "UInt64",   Number.Type },
+				{ "UInt32",   Number.Type },
+				{ "UInt16",   Number.Type },
+				{ "Byte",     Byte.Type },
+				{ "Single",   Single.Type },
+				{ "Decimal",  Decimal.Type },
+				{ "TimeSpan", Duration.Type },
+				{ "DateTime", DateTimeZone.Type },
+				{ "String",   Text.Type },
+				{ "Boolean",  Logical.Type },
+				{ "SByte",    Logical.Type },
+				{ "Guid",     Text.Type }
+			}),
+
+		Schema = Table.FromRecords(Response[Schema]),
+		TypedSchema = Table.Join(Table.SelectColumns(Schema, {"Name", "Type"}), {"Type"}, TypeMap , {"Type"}),
+		Results = Response[Results],
+		Rows = Table.FromRecords(Results, Schema[Name]),
+		Table = Table.TransformColumnTypes(Rows, Table.ToList(TypedSchema, (c) => {c{0}, c{2}}))
+        
+	in Table
+
+	```
+
+- Click **Done**
+
+    ![Image of create advanced query](images/power-bi-create-advanced-query.png)
+
+- Click **Edit Credentials**
+
+    ![Image of edit credentials](images/power-bi-edit-credentials.png)
+
+- Select **Organizational account** > **Sign in**
+
+    ![Image of set credentials](images/power-bi-set-credentials-organizational.png)
+
+- Enter your credentials and wait to be signed in
+
+- Click **Connect**
+
+    ![Image of set credentials](images/power-bi-set-credentials-organizational-cont.png)
+
+- View the results of your query
+
+    ![Image of query results](images/power-bi-query-results.png)
+
+## Related topic
+- [Create custom Power BI reports with app authentication](run-advanced-query-sample-power-bi-app-token.md)
+- [Windows Defender ATP APIs](exposed-apis-intro.md)
+- [Advanced Hunting API](run-advanced-query-api.md)
+- [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
+- [Schedule Advanced Hunting](run-advanced-query-sample-ms-flow.md)

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md

@@ -40,7 +40,7 @@ $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID he
 $appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here
 $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here
 
-$resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice'
+$resourceAppIdUri = 'https://api.securitycenter.windows.com'
 $oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
 $body = [Ordered] @{
 	resource = "$resourceAppIdUri"

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md

@@ -37,7 +37,7 @@ appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret h
 
 url = "https://login.windows.net/%s/oauth2/token" % (tenantId)
 
-resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice'
+resourceAppIdUri = 'https://api.securitycenter.windows.com'
 
 body = {
     'resource' : resourceAppIdUri,