Fixes

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -100,7 +100,7 @@
 ### [**Beta!** Use Windows Defender ATP APIs](exposed-apis-windows-defender-advanced-threat-protection-new.md)
 #### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection-new.md)
 ##### [Advanced Hunting](run-advanced-query-windows-defender-advanced-threat-protection.md)
-#### [Examples how to use APIs]
+#### How to use APIs - Samples
 ##### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-windows-defender-advanced-threat-protection-sample-ms-flow.md)
 ##### [Advanced Hunting using PowerShell](run-advanced-query-windows-defender-advanced-threat-protection-sample-powershell.md)
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection-sample-ms-flow.md

@@ -59,24 +59,24 @@ You will find below a very basic flow example:
 
 ## Expand the flow to use the query results
 
-The below section shows how to use the parsed results to insert them in SQL database.
+	The below section shows how to use the parsed results to insert them in SQL database.
 
-This is an example only, you could perform on your results any other action supported by Microsoft Flow.
+	This is an example only, you could perform on your results any other action supported by Microsoft Flow.
 
 	- Add an 'Apply to each' action
 	- Select the Results json (which was an output of the last parse action)
 	- Add an 'Insert row' action – you will need to supply the connection details
 	- Select the table you want to update and define the mapping between the WD-ATP output to the SQL. Note it is possible to manipulate the data inside the flow. In the example I changed the type of the EventTime.
 
-	![Image of select from DB](images/ms-flow-insert-db.png)
+	![Image of insert into DB](images/ms-flow-insert-db.png)
 
-The output in the SQL DB is getting updates and can be used for correlation with other data sources. You can now read from your table:
+	The output in the SQL DB is getting updates and can be used for correlation with other data sources. You can now read from your table:
 
 	![Image of select from DB](images/ms-flow-read-db.png)
 
 You can find below the full definition
 
-	![Image of select from DB](images/ms-flow-e2e.png)
+	![Image of E2E flow](images/ms-flow-e2e.png)
 
 ## Related topic
 - [Advanced Hunting API](run-advanced-query-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/run-advanced-query-windows-defender-advanced-threat-protection-sample-powershell.md

@@ -26,11 +26,13 @@ In this section we share PowerShell samples to retrieve a token and use it to ru
 ```
 Set-ExecutionPolicy -ExecutionPolicy Bypass
 ```
+
 >For more details, refer to [PowerShell documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy)
 
 ## Get token
 
-- Run
+- Run the below
+
 ```
 $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID here
 $appId = '00000000-0000-0000-0000-000000000000' # Paste your own app ID here
@@ -48,6 +50,7 @@ $response = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $body -ErrorActi
 $aadToken = $response.access_token
 
 ```
+
 where
 - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
 - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)