diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index 852dfacc9f..f6ac3a4c36 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -97,8 +97,8 @@ The following steps assume that you have completed all the required steps in [Be
      For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file.</td>
      </tr>
      <td>Events URL</td>
-     <td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> **For EU**:  https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME
-  </br>**For US:** https://<i></i>wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME</td>
+     <td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> **For EU**:  https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br>
+  </br>**For US:** https://<i></i>wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME <br> <br> **For UK**:  https://<i></i>wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME</td>
      <tr>
      <td>Authentication Type</td>
      <td>OAuth 2</td>
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
index 2177e72018..259719c095 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -69,7 +69,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
   </tr>
   <tr>
   <td>Endpoint URL</td>
-  <td>Depending on the location of your datacenter, select either the EU or the US URL: </br></br> **For EU**:  `https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts`</br>**For US:**` https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts`
+  <td>Depending on the location of your datacenter, select any of the following URL: </br></br> **For EU**:  `https://wdatp-alertexporter-eu.securitycenter.windows.com/api/alerts`<br></br>**For US:**` https://wdatp-alertexporter-us.securitycenter.windows.com/api/alerts` <br><br> **For UK:**` https://wdatp-alertexporter-uk.securitycenter.windows.com/api/alerts`
   </tr>
   <tr>
   <td>HTTP Method</td>
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 69d7354d93..e33cf0d910 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 11/19/2018
 ---
 
 # Pull Windows Defender ATP alerts using REST API
@@ -93,7 +92,7 @@ With an access token, your app can make authenticated requests to the Windows De
 ### Request syntax
 Method | Request URI
 :---|:---|
-GET| Use the URI applicable for your region. <br><br> **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts`
+GET| Use the URI applicable for your region. <br><br> **For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts` </br> **For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts` <br> **For UK**: `https://wdatp-alertexporter-uk.windows.com/api/alerts` 
 
 ### Request header
 Header | Type | Description|
@@ -134,7 +133,7 @@ The return value is an array of alert objects in JSON format.
 
 Here is an example return value:
 
-```json
+```json 
 {"AlertTime":"2017-01-23T07:32:54.1861171Z",
 "ComputerDnsName":"desktop-bvccckk",
 "AlertTitle":"Suspicious PowerShell commandline",