Merge branch 'lsaldanha-4620497-batch8' of https://github.com/MicrosoftDocs/windows-docs-pr into lsaldanha-4620497-batch8

windows/client-management/mdm/defender-csp.md

@@ -410,16 +410,45 @@ Valid values are:
 - 1 – Enable.
 - 0 (default) – Disable.
 
-<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>
-Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.
+<a href="" id="configuration-disablecputhrottleonidlescans"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>	
+Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.	
+
+The data type is integer.	
+
+Supported operations are Add, Delete, Get, Replace.	
+
+Valid values are:	
+-	1 – Enable.	
+-	0 (default) – Disable.
+
+<a href="" id="configuration-meteredconnectionupdates"></a>**Configuration/MeteredConnectionUpdates**<br>
+Allow managed devices to update through metered connections. Data charges may apply.
 
 The data type is integer.
 
 Supported operations are Add, Delete, Get, Replace.
 
 Valid values are:
--	1 – Enable.
--	0 (default) – Disable.
+- 1 – Enable.
+- 0 (default) – Disable.
+
+<a href="" id="configuration-allownetworkprotectiononwinserver"></a>**Configuration/AllowNetworkProtectionOnWinServer**<br>
+This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. If false, the value of EnableNetworkProtection will be ignored.
+
+The data type is integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+- 1 – Enable.
+- 0 (default) – Disable.
+
+<a href="" id="configuration-exclusionipaddress"></a>**Configuration/ExclusionIpAddress**<br>
+Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses.
+
+The data type is string.
+
+Supported operations are Add, Delete, Get, Replace.
 
 <a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**  
 Enables or disables file hash computation feature.

windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md

@@ -3,7 +3,7 @@ title: Get machine by ID API
 description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, devices, entity, id
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,18 +12,17 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get machine by ID API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@@ -42,7 +41,7 @@ Retrieves specific [Machine](machine.md) by its device ID or computer name.
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md).
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
@@ -92,39 +91,29 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
 
 
-```json
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
 {
-	"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+```
+    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 	"computerDnsName": "mymachine1.contoso.com",
 	"firstSeen": "2018-08-02T14:55:03.7791856Z",
-	"lastSeen": "2021-01-25T07:27:36.052313Z",
+	"lastSeen": "2018-08-02T14:55:03.7791856Z",
 	"osPlatform": "Windows10",
+	"version": "1709",
 	"osProcessor": "x64",
-	"version": "1901",
-	"lastIpAddress": "10.166.113.46",
-	"lastExternalIpAddress": "167.220.203.175",
-	"osBuild": 19042,
+	"lastIpAddress": "172.17.230.209",
+	"lastExternalIpAddress": "167.220.196.71",
+	"osBuild": 18209,
 	"healthStatus": "Active",
-	"deviceValue": "Normal",
+	"rbacGroupId": 140,
 	"rbacGroupName": "The-A-Team",
 	"riskScore": "Low",
-	"exposureLevel": "Low",
-	"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
-	"machineTags": [
-		"Tag1",
-		"Tag2"
-	],
-	"ipAddresses": [
-		{
-			"ipAddress": "10.166.113.47",
-			"macAddress": "8CEC4B897E73",
-			"operationalStatus": "Up"
-		},
-		{
-			"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
-			"macAddress": "8CEC4B897E73",
-			"operationalStatus": "Up"
-		}
-	]
+	"exposureLevel": "Medium",
+	"isAadJoined": true,
+	"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+	"machineTags": [ "test tag 1", "test tag 2" ]
 }
+
 ```

windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md

@@ -3,7 +3,7 @@ title: Get machine logon users API
 description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, device, log on, users
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get machine logon users API
@@ -87,7 +86,9 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
 
 
-```json
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
 {
 ```
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md

@@ -3,7 +3,7 @@ title: Get machine related alerts API
 description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, devices, related, alerts
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,16 +12,14 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get machine related alerts  API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md

@@ -3,7 +3,7 @@ title: Get MachineAction object API
 description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, machineaction object
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get machineAction API
@@ -76,7 +75,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
 ```
 
@@ -85,7 +84,9 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
 Here is an example of the response.
 
 
-```json
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
     "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",

windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md

@@ -3,7 +3,7 @@ title: List machineActions API
 description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, machineaction collection
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List MachineActions API
@@ -81,7 +80,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
 
 Here is an example of the request on an organization that has three MachineActions.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/machineactions
 ```
 
@@ -90,7 +89,9 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
 Here is an example of the response.
 
 
-```json
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md

@@ -3,7 +3,7 @@ title: List devices by software
 description: Retrieve a list of devices that has this software installed.
 keywords: apis, graph api, supported apis, get, list devices, devices list, list devices by software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List devices by software
@@ -65,7 +64,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
 ```
 
@@ -74,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi
 Here is an example of the response.
 
 ```json
+
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md

@@ -3,7 +3,7 @@ title: List devices by vulnerability
 description: Retrieves a list of devices affected by a vulnerability.
 keywords: apis, graph api, supported apis, get, devices list, vulnerable devices, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List devices by vulnerability
@@ -66,7 +65,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-machines.md

@@ -3,7 +3,7 @@ title: List machines API
 description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud.
 keywords: apis, graph api, supported apis, get, devices
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,19 +12,14 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List machines API
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
@@ -35,12 +30,9 @@ ms.technology: mde
 
 ## API description
 Retrieves a collection of [Machines](machine.md) that have communicated with  Microsoft Defender for Endpoint cloud.
-
-Supports [OData V4 queries](https://www.odata.org/documentation/).
-
-The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
-
-See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md).
+<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
+<br>The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
+<br>See examples at [OData queries with Defender for Endpoint](exposed-apis-odata-samples.md)
 
 
 ## Limitations
@@ -60,8 +52,8 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information).
->- Response will include only devices, that the user have access to, based on device group settings. For more info, see [Create and manage device groups](machine-groups.md).
+>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
+>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
 
 ## HTTP request
 
@@ -97,44 +89,32 @@ GET https://api.securitycenter.microsoft.com/api/machines
 
 Here is an example of the response.
 
-```json
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
 {
 ```
 
 ## Related topics
-			"id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
+- [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md)
 			"computerDnsName": "mymachine1.contoso.com",
 			"firstSeen": "2018-08-02T14:55:03.7791856Z",
-			"lastSeen": "2021-01-25T07:27:36.052313Z",
+			"lastSeen": "2018-08-02T14:55:03.7791856Z",
 			"osPlatform": "Windows10",
+			"version": "1709",
 			"osProcessor": "x64",
-			"version": "1901",
-			"lastIpAddress": "10.166.113.46",
-			"lastExternalIpAddress": "167.220.203.175",
-			"osBuild": 19042,
+			"lastIpAddress": "172.17.230.209",
+			"lastExternalIpAddress": "167.220.196.71",
+			"osBuild": 18209,
 			"healthStatus": "Active",
-			"deviceValue": "Normal",
+			"rbacGroupId": 140,
 			"rbacGroupName": "The-A-Team",
 			"riskScore": "Low",
-			"exposureLevel": "Low",
-			"aadDeviceId": "fd2e4d29-7072-4195-aaa5-1af139b78028",
-			"machineTags": [
-				"Tag1",
-				"Tag2"
-			],
-			"ipAddresses": [
-				{
-					"ipAddress": "10.166.113.47",
-					"macAddress": "8CEC4B897E73",
-					"operationalStatus": "Up"
-				},
-				{
-					"ipAddress": "2a01:110:68:4:59e4:3916:3b3e:4f96",
-					"macAddress": "8CEC4B897E73",
-					"operationalStatus": "Up"
-				}
-			]
-		},
+			"exposureLevel": "Medium",
+			"isAadJoined": true,
+			"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
+			"machineTags": [ "test tag 1", "test tag 2" ]
+        }
 		...
     ]
 }

windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md

@@ -4,7 +4,7 @@ description: Retrieve a collection of device security states using Microsoft Def
 keywords: apis, graph api, supported apis, get, device, security, state
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -13,9 +13,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.technology: mde
+ms.collection: M365-security-compliance 
+ms.topic: article 
 ---
 
 # Get Machines security states collection API
@@ -60,8 +59,9 @@ If successful - 200 OK.
 
 Here is an example of the request.
 
-```http
+```
 GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
+Content-type: application/json
 ```
 
 **Response**
@@ -69,7 +69,9 @@ GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
 Here is an example of the response.
 Field *id* contains device id and equal to the field *id** in devices info. 
 
-```json
+```
+HTTP/1.1 200 OK
+Content-type: application/json
 {
     "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
     "@odata.count":444,

windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md

@@ -3,7 +3,7 @@ title: Get missing KBs by device ID
 description: Retrieves missing security updates by device ID
 keywords: apis, graph api, supported apis, get, list, file, information, device id, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get missing KBs by device ID
@@ -29,11 +28,7 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
-## API description
-Retrieves missing KBs (security updates) by device ID.
-
-## Limitations
-1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
+Retrieves missing KBs (security updates) by device ID
 
 ## HTTP request
 
@@ -61,7 +56,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md

@@ -3,7 +3,7 @@ title: Get missing KBs by software ID
 description: Retrieves missing security updates by software ID
 keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: levinec
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get missing KBs by software ID
@@ -66,7 +65,7 @@ If successful, this method returns 200 OK, with the specified software missing k
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md

@@ -3,7 +3,7 @@ title: Get package SAS URI API
 description: Use this API to get a URI that allows downloading an investigation package.
 keywords: apis, graph api, supported apis, get package, sas, uri
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get package SAS URI API
@@ -71,15 +70,19 @@ If successful, this method returns 200, Ok response code with object that holds
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
+
 ```
 
 **Response**
 
 Here is an example of the response.
 
-```json
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
+
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
     "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md

@@ -1,9 +1,9 @@
 ---
 title: Get recommendation by Id
 description: Retrieves a security recommendation by its ID.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api 
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get recommendation by ID
@@ -67,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md

@@ -1,9 +1,9 @@
 ---
 title: List devices by recommendation
-description: Retrieves a list of devices associated with the security recommendation.
-keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api
+description: Retrieves a list of devices associated with the security recommendation. 
+keywords: apis, graph api, supported apis, get, security recommendation for vulnerable devices, threat and vulnerability management, threat and vulnerability management api 
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List devices by recommendation
@@ -66,7 +65,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md

@@ -1,9 +1,9 @@
 ---
 title: Get recommendation by software
 description: Retrieves a security recommendation related to a specific software.
-keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
+keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api 
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get recommendation by software
@@ -67,7 +66,7 @@ If successful, this method returns 200 OK with the software associated with the
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software 
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md

@@ -1,9 +1,9 @@
 ---
 title: List vulnerabilities by recommendation
 description: Retrieves a list of vulnerabilities associated with the security recommendation.
-keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
+keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api 
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List vulnerabilities by recommendation
@@ -66,7 +65,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md

@@ -3,7 +3,7 @@ title: Get security recommendations
 description: Retrieves a collection of security recommendations related to a given device ID.
 keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per device, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get security recommendations
@@ -31,12 +30,8 @@ ms.technology: mde
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-## API description
 Retrieves a collection of security recommendations related to a given device ID.
 
-## Limitations
-1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
-
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
@@ -70,7 +65,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
 ```
 
@@ -79,7 +74,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
 Here is an example of the response.
 
 
-```json
+```
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md

@@ -1,9 +1,9 @@
 ---
 title: Get software by Id
-description: Retrieves a list of sofware by ID.
+description: Retrieves a list of exposure scores by device group.
 keywords: apis, graph api, supported apis, get, software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get software by Id
@@ -65,7 +64,7 @@ If successful, this method returns 200 OK with the specified software data in th
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 ```
 
@@ -74,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 Here is an example of the response.
 
 ```json
+
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
     "id": "microsoft-_-edge",

windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md

@@ -1,9 +1,9 @@
 ---
-title: List software version distribution
-description: Retrieves a list of your organization's software version distribution
+title: List software version distribution 
+description: Retrieves a list of your organization's software version distribution 
 keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List software version distribution 
@@ -65,7 +64,7 @@ If successful, this method returns 200 OK with a list of software distributions
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
 ```
 
@@ -74,6 +73,7 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr
 Here is an example of the response.
 
 ```json
+
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-software.md

@@ -3,7 +3,7 @@ title: List software
 description: Retrieves a list of software inventory
 keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List software inventory API
@@ -64,7 +63,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/Software
 ```
 

windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md

@@ -5,7 +5,7 @@ description: Learn the steps and requirements to integrate your solution with Mi
 keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -14,9 +14,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.technology: mde
+ms.collection: M365-security-compliance 
+ms.topic: conceptual 
 ---
 
 # Become a Microsoft Defender for Endpoint partner

windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md

@@ -3,7 +3,7 @@ title: List Indicators API
 description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection.
 keywords: apis, public api, supported apis, Indicators collection
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # List Indicators API
@@ -77,7 +76,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
 
 Here is an example of a request that gets all Indicators
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/indicators
 ```
 
@@ -85,7 +84,9 @@ GET https://api.securitycenter.microsoft.com/api/indicators
 
 Here is an example of the response.
 
-```json
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
     "value": [
@@ -138,7 +139,7 @@ Here is an example of the response.
 
 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```
 
@@ -146,7 +147,9 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A
 
 Here is an example of the response.
 
-```json
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
     "value": [

windows/security/threat-protection/microsoft-defender-atp/get-user-information.md

@@ -3,7 +3,7 @@ title: Get user information API
 description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection.
 keywords: apis, graph api, supported apis, get, user, user information
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -12,9 +12,8 @@ author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance
+ms.collection: M365-security-compliance 
 ms.topic: article
-ms.technology: mde
 ---
 
 # Get user information API
@@ -64,8 +63,9 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
 
 Here is an example of the request.
 
-```http
+```
 GET https://api.securitycenter.microsoft.com/api/users/user1
+Content-type: application/json
 ```
 
 **Response**
@@ -73,7 +73,9 @@ GET https://api.securitycenter.microsoft.com/api/users/user1
 Here is an example of the response.
 
 
-```json
+```
+HTTP/1.1 200 OK
+Content-type: application/json
 {
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
     "id": "user1",

windows/security/threat-protection/microsoft-defender-atp/production-deployment.md

@@ -30,7 +30,7 @@ ms.technology: mde
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
-
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 Deploying Defender for Endpoint is a three-phase process:
 
@@ -249,6 +249,5 @@ You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https:
 > As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting.
 
 ## Next step
-|||
-|:-------|:-----|
-|![Phase 3: Onboard](images/onboard.png) <br>[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so that the Microsoft Defender for Endpoint service can get sensor data from them.
+
+![**Phase 3: Onboard**](images/onboard.png) <br>[Phase 3: Onboard](onboarding.md): Onboard devices to the service so that the Microsoft Defender for Endpoint service can get sensor data from them. 

windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md

@@ -27,8 +27,8 @@ ms.technology: mde
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
 
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
 

windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md

@@ -27,7 +27,7 @@ ms.technology: mde
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
-Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Before you begin:
 
@@ -51,7 +51,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 
    In order to get your **Event Hubs resource ID**, go to your Azure Event Hubs namespace page on [Azure](https://ms.portal.azure.com/) > properties tab > copy the text under **Resource ID**:
 
-   ![Image of event hub resource Id](images/event-hub-resource-id.png)
+   ![Image of event hub resource Id1](images/event-hub-resource-id.png)
 
 7. Choose the events you want to stream and click **Save**.
 
@@ -95,7 +95,7 @@ To get the data types for event properties do the following:
 
 - Here is an example for Device Info event: 
 
-  ![Image of event hub resource Id](images/machine-info-datatype-example.png)
+  ![Image of event hub resource Id2](images/machine-info-datatype-example.png)
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)

windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md

@@ -24,10 +24,9 @@ ms.technology: mde
 
 
 **Applies to:**
-
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
-Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Before you begin:
 
@@ -49,7 +48,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 
 6. Type your **Storage Account Resource ID**. In order to get your **Storage Account Resource ID**, go to your Storage account page on [Azure portal](https://ms.portal.azure.com/) > properties tab > copy the text under **Storage account resource ID**:
 
-   ![Image of event hub resource ID](images/storage-account-resource-id.png)
+   ![Image of event hub resource ID1](images/storage-account-resource-id.png)
 
 7. Choose the events you want to stream and click **Save**.
 
@@ -57,7 +56,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 
 - A blob container will be created for each event type: 
 
-  ![Image of event hub resource ID](images/storage-account-event-schema.png)
+  ![Image of event hub resource ID2](images/storage-account-event-schema.png)
 
 - The schema of each row in a blob is the following JSON: 
 
@@ -94,7 +93,7 @@ In order to get the data types for our events properties do the following:
 
 - Here is an example for Device Info event: 
 
-  ![Image of event hub resource ID](images/machine-info-datatype-example.png)
+  ![Image of event hub resource ID3](images/machine-info-datatype-example.png)
 
 ## Related topics
 - [Overview of Advanced Hunting](advanced-hunting-overview.md)

windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md

@@ -22,12 +22,10 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
-
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
-- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Stream Advanced Hunting events to Event Hubs and/or Azure storage account.
 

windows/security/threat-protection/microsoft-defender-atp/rbac.md

@@ -26,8 +26,10 @@ ms.technology: mde
 - Azure Active Directory
 - Office 365
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
+
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-rbac-abovefoldlink)
 
 
 Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the  portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. 

windows/security/threat-protection/microsoft-defender-atp/recommendation.md

@@ -24,7 +24,7 @@ ms.technology: mde
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
 

windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md

@@ -24,7 +24,6 @@ ms.technology: mde
 
 
 **Applies to:**
-
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 [!include[Prerelease information](../../includes/prerelease.md)]

windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md

@@ -22,7 +22,6 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 

windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md

@@ -21,6 +21,9 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
@@ -31,6 +34,7 @@ ms.technology: mde
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
 
+
 ## API description
 Restrict execution of all applications on the device except a predefined set.
 

windows/security/threat-protection/microsoft-defender-atp/review-alerts.md

@@ -25,7 +25,6 @@ ms.technology: mde
 
 
 **Applies to:**
-
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md

@@ -24,12 +24,13 @@ ms.technology: mde
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
+
 Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).
 
 In this section, we share PowerShell samples to retrieve a token and use it to run a query.

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md

@@ -22,7 +22,6 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
@@ -31,6 +30,7 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
+
 Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).
 
 In this section, we share Python samples to retrieve a token and use it to run a query.

windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md

@@ -21,7 +21,6 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
@@ -30,7 +29,6 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
-
 ## API description
 Initiate Microsoft Defender Antivirus scan on a device.
 

windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md

@@ -32,7 +32,9 @@ ms.technology: mde
 - Windows Server, version 1803
 - Windows Server, 2019
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
 

windows/security/threat-protection/microsoft-defender-atp/score.md

@@ -22,9 +22,11 @@ ms.technology: mde
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
-- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
 

windows/security/threat-protection/microsoft-defender-atp/set-device-value.md

@@ -21,6 +21,9 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 

windows/security/threat-protection/microsoft-defender-atp/software.md

@@ -21,6 +21,9 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 

windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md

@@ -21,7 +21,6 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md

@@ -25,7 +25,15 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 # Switch to Microsoft Defender for Endpoint - Phase 3: Onboard
 
-|[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |[![Phase 2: Set up](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |![Phase 3: Onboard](images/phase-diagrams/onboard.png)<br/>Phase 3: Onboard |
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+|[![Phase 1: Prepare](images/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare2](switch-to-microsoft-defender-prepare.md) |[![Phase 2: Set up](images/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up2](switch-to-microsoft-defender-setup.md) |![Phase 3: Onboard1](images/onboard.png)<br/>Phase 3: Onboard |
+|[![Phase 1: Prepare3](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare4](switch-to-microsoft-defender-prepare.md) |[![Phase 2: Set up2](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |![Phase 3: Onboard2](images/phase-diagrams/onboard.png)<br/>Phase 3: Onboard |
+
 |--|--|--|
 || |*You are here!* |
 

windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md

@@ -25,7 +25,15 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 # Switch to Microsoft Defender for Endpoint - Phase 1: Prepare
 
-|![Phase 1: Prepare](images/phase-diagrams/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up](switch-to-microsoft-defender-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up2](switch-to-microsoft-defender-setup.md) |[![Phase 3: Onboard](images/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard2](switch-to-microsoft-defender-onboard.md) |
+|![Phase 1: Prepare2](images/phase-diagrams/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up3](images/phase-diagrams/setup.png)](switch-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up4](switch-to-microsoft-defender-setup.md) |[![Phase 3: Onboard3](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard4](switch-to-microsoft-defender-onboard.md) |
+
 |--|--|--|
 |*You are here!*| | |
 

windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md

@@ -25,7 +25,14 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 # Switch to Microsoft Defender for Endpoint - Phase 2: Setup
 
-|[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare](switch-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard](switch-to-microsoft-defender-onboard.md) |
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+|[![Phase 1: Prepare1](images/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare2](switch-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard1](images/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard2](switch-to-microsoft-defender-onboard.md) |
+|[![Phase 1: Prepare3](images/phase-diagrams/prepare.png)](switch-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare4](switch-to-microsoft-defender-prepare.md) |![Phase 2: Set up2](images/phase-diagrams/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard3](images/phase-diagrams/onboard.png)](switch-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard4](switch-to-microsoft-defender-onboard.md) |
 |--|--|--|
 ||*You are here!* | |
 

windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md

@@ -27,6 +27,12 @@ ms.reviewer: depicker, yongrhee, chriggs
 # Migrate from Symantec to Microsoft Defender for Endpoint
 If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender for Endpoint), you're in the right place. Use this article as a guide.
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 :::image type="content" source="images/symantec-mde-migration.png" alt-text="Overview of migrating from Symantec to Defender for Endpoint":::
 
 When you make the switch from Symantec to Defender for Endpoint, you begin with your Symantec solution in active mode, configure Defender for Endpoint in passive mode, onboard to Defender for Endpoint, and then set Defender for Endpoint to active mode and remove Symantec.

windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md

@@ -25,6 +25,15 @@ ms.reviewer: depicker, yongrhee, chriggs
 
 # Migrate from Symantec - Phase 3: Onboard to Microsoft Defender for Endpoint
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
 |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/phase-diagrams/onboard.png)<br/>Phase 3: Onboard |
 |--|--|--|
 || |*You are here!* |

windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md

@@ -25,6 +25,15 @@ ms.reviewer: depicker, yongrhee, chriggs
 
 # Migrate from Symantec - Phase 1: Prepare for your migration
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
 |![Phase 1: Prepare](images/phase-diagrams/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/phase-diagrams/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
 |*You are here!*| | |

windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md

@@ -25,6 +25,15 @@ ms.reviewer: depicker, yongrhee, chriggs
 
 # Migrate from Symantec - Phase 2: Set up Microsoft Defender for Endpoint
 
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
 |[![Phase 1: Prepare](images/phase-diagrams/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/phase-diagrams/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/phase-diagrams/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
 ||*You are here!* | |

windows/security/threat-protection/microsoft-defender-atp/threat-analytics-analyst-reports.md

@@ -25,6 +25,10 @@ ms.technology: mde
 
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 Each [threat analytics report](threat-analytics.md) includes dynamic sections and a comprehensive written section called the _analyst report_. To access this section, open the report about the tracked threat and select the **Analyst report** tab.
 

windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md

@@ -27,6 +27,9 @@ ms.technology: mde
 
 **Applies to:**
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly:
 

windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md

@@ -26,6 +26,7 @@ ms.technology: mde
 
 **Applies to:**
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
 >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 

windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md

@@ -22,9 +22,9 @@ ms.technology: mde
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
 
 

windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md

@@ -24,8 +24,10 @@ ms.technology: mde
 
 
 **Applies to:**
-
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 ## Integrate with other Microsoft solutions