Merge branch 'master' into Dansimp-patch-7

windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md

@@ -63,10 +63,13 @@ Assigning read-only access rights requires adding the users to the "Security Rea
 Use the following steps to assign security roles:
 
 - For **read and write** access, assign users to the security administrator role by using the following command:
+
   ```PowerShell
   Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
   ```
+  
 - For **read-only** access, assign users to the security reader role by using the following command:
+
   ```PowerShell
   Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com"
   ```

windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md

@@ -51,7 +51,8 @@ Delegated (work or school account) | Ip.Read.All |	'Read IP address profiles'
 >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
 
 ## HTTP request
-```
+
+```http
 GET /api/ips/{ip}/stats
 ```
 
@@ -75,7 +76,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
 
 Here is an example of the request.
 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
 ```
 
@@ -84,7 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
 Here is an example of the response.
 
 
-```
+```http
 HTTP/1.1 200 OK
 Content-type: application/json
 {

windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md

@@ -94,6 +94,7 @@ This action takes effect on devices with Windows 10, version 1703 or later, wher
    ![Image of stop and quarantine file modal window](images/atp-stop-quarantine.png)
 
    The Action center shows the submission information:
+   
    ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png)
 
    - **Submission time** - Shows when the action was submitted.
@@ -118,13 +119,13 @@ You can roll back and remove a file from quarantine if you’ve determined that
 
 1. Open an elevated command–line prompt on the device:
 
-   a. Go to **Start** and type _cmd_.
+   1. Go to **Start** and type _cmd_.
 
-   b. Right–click **Command prompt** and select **Run as administrator**.
+   1. Right–click **Command prompt** and select **Run as administrator**.
 
 2. Enter the following command, and press **Enter**:
 
-   ```Powershell
+   ```powershell
    “%ProgramFiles%\Windows Defender\MpCmdRun.exe” –Restore –Name EUS:Win32/CustomEnterpriseBlock –All
    ```
 
@@ -273,11 +274,14 @@ The details provided can help you investigate if there are indications of a pote
 If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps.
 
 1. Ensure that the file in question is a PE file. PE files typically have _.exe_ or _.dll_ extensions (executable programs or applications).
+
 1. Ensure the service has access to the file, that it still exists, and has not been corrupted or modified.
+
 1. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error.
+
 1. If the sample collection policy is not configured, then the default behavior is to allow sample collection. If it is configured, then verify the policy setting allows sample collection before submitting the file again. When sample collection is configured, then check the following registry value:
 
-    ```Powershell
+    ```powershell
     Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
     Name: AllowSampleCollection
     Type: DWORD
@@ -287,6 +291,7 @@ If you encounter a problem when trying to submit a file, try each of the followi
     ```
 
 1. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp.md).
+
 1. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com).
 
 ## Related topics