s

windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md

@@ -27,7 +27,7 @@ ms.date: 11/15/2018
 
 - [Alert](alerts-windows-defender-advanced-threat-protection-new.md): Id, IncidentId, AlertCreationTime, Status, Severity and Category.
 - [Machine](machine-windows-defender-advanced-threat-protection-new.md): Id, ComputerDnsName, LastSeen, LastIpAddress, HealthStatus, OsPlatform, RiskScore, MachineTags and RbacGroupId.
-- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type and CreationDateTimeUtc.
+- [MachineAction](machineaction-windows-defender-advanced-threat-protection-new.md): Id, Status, MachineId, Type, Requestor and CreationDateTimeUtc.
 
 ### Example 1
 

windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md

@@ -23,7 +23,7 @@ ms.date: 12/08/2017
 
 - Gets collection of actions done on machines. 
 - Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
-- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type" and "CreationDateTimeUtc".
+- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
 - See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
 
 ## Permissions

windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md

@@ -0,0 +1,104 @@
+---
+title: Stop and quarantine file API
+description: Use this API to stop and quarantine file.
+keywords: apis, graph api, supported apis, stop and quarantine file
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/08/2017
+---
+
+# Stop and quarantine file API
+
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease<73>information](prerelease.md)]
+
+- Stop execution of a file on a machine and delete it.
+
+[!include[Machine actions note](machineactionsnote.md)]
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Machine.StopAndQuarantine |	'Stop And Quarantine'
+Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quarantine'
+
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
+## HTTP request
+```
+POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+Content-Type | string | application/json. **Required**.
+
+## Request body
+In the request body, supply a JSON object with the following parameters:
+
+Parameter |	Type	| Description
+:---|:---|:---
+Comment |	String |	Comment to associate with the action. **Required**.
+
+## Response
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) in the response body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```
+POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
+Content-type: application/json
+{
+  "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
+  "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"
+}
+
+```
+**Response**
+
+Here is an example of the response.
+
+[!include[Improve request performance](improverequestperformance-new.md)]
+
+```
+HTTP/1.1 201 Created
+Content-type: application/json
+{
+    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
+    "id": "141408d1-384c-4c19-8b57-ba39e378011a",
+    "type": "StopAndQuarantineFile",
+    "requestor": "Analyst@contoso.com ",
+    "requestorComment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
+    "status": "InProgress",
+    "machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+    "creationDateTimeUtc": "2018-12-04T12:15:04.3825985Z",
+    "lastUpdateTimeUtc": "2018-12-04T12:15:04.3825985Z",
+	"relatedFileInfo": {
+        "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9",
+        "fileIdentifierType": "Sha1"
+	}
+}
+
+```
+