updates

windows/threat-protection/TOC.md

@@ -70,21 +70,6 @@
 #### [Python code examples](windows-defender-atp\python-example-code-windows-defender-advanced-threat-protection.md)
 #### [Experiment with custom threat intelligence alerts](windows-defender-atp\experiment-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot custom threat intelligence issues](windows-defender-atp\troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-### [Use the Windows Defender ATP exposed APIs](windows-defender-atp\exposed-apis-windows-defender-advanced-threat-protection.md)
-#### [Supported Windows Defender ATP APIs](windows-defender-atp\supported-apis-windows-defender-advanced-threat-protection.md)
-##### [Collect investigation package](windows-defender-atp\collect-investigation-package-windows-defender-advanced-threat-protection.md)
-##### [Isolate machine](windows-defender-atp\isolate-machine-windows-defender-advanced-threat-protection.md)
-##### [Unisolate machine](windows-defender-atp\unisolate-machine-windows-defender-advanced-threat-protection.md)
-##### [Restrict code execution](windows-defender-atp\restrict-code-execution-windows-defender-advanced-threat-protection.md)
-##### [Unrestrict code execution](windows-defender-atp\unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-##### [Run antivirus scan](windows-defender-atp\run-av-scan-windows-defender-advanced-threat-protection.md)
-##### [Stop and quarantine files](windows-defender-atp\stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-##### [Request sample](windows-defender-atp\request-sample-windows-defender-advanced-threat-protection.md)
-##### [Block file](windows-defender-atp\block-file-windows-defender-advanced-threat-protection.md)
-##### [Unblock file](windows-defender-atp\unblock-file-windows-defender-advanced-threat-protection.md)
-##### [Get package SAS URI](windows-defender-atp\get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-##### [Get MachineAction object](windows-defender-atp\get-machineaction-object-windows-defender-advanced-threat-protection.md)
-##### [Get FileMachineAction object](windows-defender-atp\get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
 ### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
 ### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
 #### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)

windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md

@@ -14,7 +14,7 @@ ms.date: 09/01.2017
 ---
 
 # Block file 
-Prevent a file from being executed in the organization using Windows Defender.
+Prevent a file from being executed in the organization using Windows Defender Antivirus.
 
 ## Permissions
 Users need to have Security administrator or Global admin directory roles.

windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md

@@ -60,12 +60,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
   Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
 
 6. Test your solution:
-  a. Create a pool with one machine.
+
-  b. Logon to machine.
+      a. Create a pool with one machine.
-  c. Logoff from machine.
+      b. Logon to machine.
-  d. Logon to machine with another user.
+      c. Logoff from machine.
-  e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
+      d. Logon to machine with another user.
-**For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
+      e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
+    **For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
 
 7. Click **Machines list** on the Navigation pane.
 

windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md

@@ -14,7 +14,7 @@ ms.date: 09/01.2017
 ---
 
 # Get FileMachineAction object
-Get MachineAction object
+Get MachineAction object.
 
 ## Permissions
 Users need to have Security administrator or Global admin directory roles.
@@ -59,7 +59,7 @@ Content-type: application/json
 {
     "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity",
     "id": " 7327b54fd718525cbca07dacde913b5ac3c85673",
-    "sha1": <EFBFBD>1163788484e3258ab9fcf692f7db7938f72ddfc2<EFBFBD>,
+    "sha1": "1163788484e3258ab9fcf692f7db7938f72ddfc2",
     "type": "StopAndQuarantineFile",
     "status": "Succeeded",
     "machineId": "970a58d5f61786bb7799dfdb5395ec364ffceace",

windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md

@@ -14,7 +14,7 @@ ms.date: 09/01.2017
 ---
 
 # Get package SAS URI
-Get a Uri that allows downloading an investigation package.
+Get a URI that allows downloading an investigation package.
 
 ## Permissions
 Users need to have Security administrator or Global admin directory roles.

windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/isolate
 
 Header | Value 
 :---|:---
-Authorization | Bearer {token}. Required.
+Authorization | Bearer {token}. **Required**.
 Content-Type	| application/json
 
 ## Request body

windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -65,9 +65,6 @@ Machine group and tags support proper mapping of the network, enabling you to at
 - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
 Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
 
-- [Use the Windows Defender ATP exposed APIs](configure-server-endpoints-windows-defender-advanced-threat-protection.md)<br>
-Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. 
-
 
     
 

windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md

@@ -37,7 +37,7 @@ In the request body, supply a JSON object with the following parameters:
 Parameter |	Type	| Description
 :---|:---|:---
 Comment |	String |	Comment to associate with the action. **Required**.
-SHA1 |	String	 | Sha1 of the file to upload to the secure storage. **Required**.
+Sha1 |	String	 | Sha1 of the file to upload to the secure storage. **Required**.
 
 ## Response
 If successful, this method returns 201, Created response code and *FileMachineAction*  object in the response body.

windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/restrictCodeExecution
 
 Header | Value 
 :---|:---
-Authorization | Bearer {token}. Required.
+Authorization | Bearer {token}. **Required**.
 Content-Type	| application/json
 
 ## Request body

windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/runAntiVirusScan
 
 Header | Value 
 :---|:---
-Authorization | Bearer {token}. Required.
+Authorization | Bearer {token}. **Required**.
 Content-Type	| application/json
 
 ## Request body

windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md

@@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/stopAndQuarantineFile
 
 Header | Value 
 :---|:---
-Authorization | Bearer {token}. Required.
+Authorization | Bearer {token}. **Required**.
 Content-Type	| application/json
 
 ## Request body
@@ -37,7 +37,7 @@ In the request body, supply a JSON object with the following parameters:
 Parameter |	Type	| Description
 :---|:---|:---
 Comment |	String |	Comment to associate with the action. **Required**.
-SHA1 |	String	 | Sha1 of the file to stop and quarantine on the machine. **Required**.
+Sha1 |	String	 | Sha1 of the file to stop and quarantine on the machine. **Required**.
 
 ## Response
 If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body.

windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md

@@ -14,7 +14,7 @@ ms.date: 09/01.2017
 ---
 
 # Unisolate machine
-Remove machine from isolation.
+Undo isolation of a machine.
 
 ## Permissions
 Users need to have Security administrator or Global admin directory roles.
@@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/unisolate
 
 Header | Value 
 :---|:---
-Authorization | Bearer {token}. Required.
+Authorization | Bearer {token}. **Required**.
 Content-Type	| application/json
 
 ## Request body

windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md

@@ -14,7 +14,7 @@ ms.date: 09/01.2017
 ---
 
 # Unrestrict code execution
-Remove code execution restriction.
+Unrestrict execution of set of predefined applications.
 
 ## Permissions
 Users need to have Security administrator or Global admin directory roles.