From b7ac564fd79b1e104204a9c2155adb1968e9e98e Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 24 Jan 2021 14:30:32 +0200
Subject: [PATCH] 1

---
 .../microsoft-defender-atp/find-machines-by-tag.md  | 13 ++++++++++---
 .../get-discovered-vulnerabilities.md               |  4 ++++
 .../microsoft-defender-atp/get-domain-statistics.md |  7 ++++++-
 .../microsoft-defender-atp/get-file-statistics.md   |  7 ++++++-
 .../microsoft-defender-atp/get-ip-statistics.md     |  7 ++++++-
 .../get-missing-kbs-machine.md                      |  6 +++++-
 .../get-security-recommendations.md                 |  4 ++++
 .../microsoft-defender-atp/import-ti-indicators.md  |  2 +-
 8 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
index c077f850b8..e34e5962d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@@ -32,7 +32,7 @@ ms.topic: article
 
 ## API description
 Find [Machines](machine.md) by [Tag](machine-tags.md).
-
+<br>```startswith``` query is supported. 
 
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
@@ -56,7 +56,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 
 ## HTTP request
 ```
-GET /api/machines/findbytag(tag='{tag}')
+GET /api/machines/findbytag?tag={tag}&useStartsWithFilter={true/false}
 ```
 
 ## Request headers
@@ -65,6 +65,13 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+tag | String | The tag name. **Required**.
+useStartsWithFilter | Boolean | When set to true, the search will find all devices with tag name that starts with the given tag in the query. Defaults to false. **Optional**.
+
 ## Request body
 Empty
 
@@ -78,5 +85,5 @@ If successful - 200 OK with list of the machines in the response body.
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
+GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true
 ```
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
index 773a35d073..258209f10d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@@ -30,8 +30,12 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
+## API description
 Retrieves a collection of discovered vulnerabilities related to a given device ID.
 
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
+
 ## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
index dda241406d..3720025ad9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@@ -62,6 +62,11 @@ Header | Value
 :---|:---
 Authorization | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -77,7 +82,7 @@ If successful and domain exists - 200 OK, with statistics object in the response
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
+GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
index 45c0c7f97f..ac9da34d73 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@@ -62,6 +62,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -77,7 +82,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
 Here is an example of the request.
 
 ```
-GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
+GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
index e720d2f338..5ba7c77cd7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@@ -63,6 +63,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 
+## Request URI parameters
+
+Name | Type | Description
+:---|:---|:---
+lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 
 ## Request body
 Empty
@@ -78,7 +83,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
 Here is an example of the request.
 
 ```http
-GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
+GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBackHours=48
 ```
 
 **Response**
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
index 9ac01f22cf..abb4bd89f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@@ -30,7 +30,11 @@ ms.technology: mde
 
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 
-Retrieves missing KBs (security updates) by device ID
+## API description
+Retrieves missing KBs (security updates) by device ID.
+
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
 
 ## HTTP request
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
index 1d2dfe41dd..f08ce4f926 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@@ -31,8 +31,12 @@ ms.technology: mde
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
+## API description
 Retrieves a collection of security recommendations related to a given device ID.
 
+## Limitations
+1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
+
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
index 822e0f9985..8e33f2ae5c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@@ -37,7 +37,7 @@ Submits or Updates batch of [Indicator](ti-indicator.md) entities.
 ## Limitations
 1. Rate limitations for this API are 30 calls per minute.
 2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant. 
-
+3. Maximum batch size for one API call is 500.
 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)