2

2025-05-14 22:37:22 +00:00 · 2021-01-24 14:57:21 +02:00 · 2021-01-24 14:57:21 +02:00 · b54bd97a85
commit b54bd97a85
parent b7ac564fd7
32 changed files with 82 additions and 107 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@ -90,9 +90,11 @@ If successful, this method returns 200 - Ok response code and the updated Machin

 Here is an example of a request that adds machine tag.

-```http
+```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
-Content-type: application/json
+```
+
+```json
 {
  "Value" : "test Tag 2",
  "Action": "Add"
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@ -83,7 +83,9 @@ Here is an example of the request.

 ```
 POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Collect forensics due to alert 1234"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044

 Here is an example of the response.

-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",    
 	"value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@ -88,9 +88,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "contoso\\user1",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookB
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
 	"host": "example.com",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
 	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
    "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/investigations

 Here is an example of the response:

-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBac
 Here is an example of the response.


-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
    "ipAddress": "10.209.67.177",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@ -61,18 +61,15 @@ If successful - 200 OK.

 Here is an example of the request.

-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/KbInfo
-Content-type: application/json
 ```

 **Response**

 Here is an example of the response.

-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
    "@odata.count": 271,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.


-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.


-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@ -77,7 +77,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]

 Here is an example of the request.

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
 ```

@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
 Here is an example of the response.


-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
    "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@ -82,7 +82,7 @@ If successful, this method returns 200, Ok response code with a collection of [m

 Here is an example of the request on an organization that has three MachineActions.

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions
 ```

@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
 Here is an example of the response.


-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@ -92,9 +92,7 @@ GET https://api.securitycenter.microsoft.com/api/machines

 Here is an example of the response.

-```http
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@ -60,9 +60,8 @@ If successful - 200 OK.

 Here is an example of the request.

-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
-Content-type: application/json
 ```

 **Response**
@ -70,9 +69,7 @@ Content-type: application/json
 Here is an example of the response.
 Field *id* contains device id and equal to the field *id** in devices info. 

-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
    "@odata.count":444,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@ -73,19 +73,15 @@ If successful, this method returns 200, Ok response code with object that holds

 Here is an example of the request.

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
-
 ```

 **Response**

 Here is an example of the response.

-```
-HTTP/1.1 200 Ok
-Content-type: application/json
-
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
    "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@ -78,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I

 Here is an example of a request that gets all Indicators

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators
 ```

@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators

 Here is an example of the response.

-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
@ -141,7 +139,7 @@ Content-type: application/json

 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```

@ -149,9 +147,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A

 Here is an example of the response.

-```
-HTTP/1.1 200 Ok
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@ -64,9 +64,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.

 Here is an example of the request.

-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1
-Content-type: application/json
 ```

 **Response**
@ -74,9 +73,7 @@ Content-type: application/json
 Here is an example of the response.


-```
-HTTP/1.1 200 OK
-Content-type: application/json
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "user1",
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Investigatio

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
-Content-type: application/json
+```
+
+```json
 {
-  "Comment": "Test investigation",
+  "Comment": "Test investigation"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@ -90,13 +90,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```console
+```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Isolate machine due to alert 1234",
-  “IsolationType”: “Full” 
+  "IsolationType": "Full" 
 }
 ```

- To unisolate a device, see [Release device from isolation](unisolate-machine.md).
+- To release a device from isolation, see [Release device from isolation](unisolate-machine.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@ -87,9 +87,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Offboard machine by automation"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@ -83,14 +83,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution 
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Restrict code execution due to alert 1234"
 }

 ```

- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).
-
+- To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@ -35,10 +35,10 @@ ms.technology: mde
 1. You can only run a query on data from the last 30 days.
 2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant:
-   - API calls: Up to 15 calls per minute
-   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day
+   - API calls: Up to 45 calls per minute.
+   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
-5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
+5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. 

 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -82,9 +82,11 @@ Request

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
-Content-type: application/json
+```
+
+```json
 {
 	"Query":"DeviceProcessEvents  
    | where InitiatingProcessFileName =~ 'powershell.exe'
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@ -91,9 +91,11 @@ If successful, this method returns 201, Created response code and _MachineAction

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan 
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Check machine for viruses due to alert 3212",
  “ScanType”: “Full”
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
  "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Unisolate machine since it was clean and validated"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@ -82,9 +82,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
-Content-type: application/json
+```
+
+```json
 {
  "Comment": "Unrestrict code execution since machine was cleaned and validated"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@ -91,10 +91,11 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in

 Here is an example of the request.

-```
+```http
 PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442
-Content-Type: application/json
+```

+```json
 {
    "status": "Resolved",
 	"assignedTo": "secop2@contoso.com",