s

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -75,12 +75,17 @@ If you are not familiar with user permissions on WDATP, please refer to [Manage
 
 6. Click **Select permissions** > check **Read alerts** & **Collect forensics** > **Select**.
 	
-	**Important note**: You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an examples!
+	**Important note**: You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an example!
 
     ![Image of select permissions](images/nativeapp-select-permissions.png)
 
-	- In order to send TI events to WDATP, check 'Read and write IOCs belonging to the app' permission
+	For instance,
-	- In order to run advanced queries in WDATP, check 'Run advanced queries' permission
+
+       - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission
+       - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission
+
+       To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
+
 
 7. Click **Done**
 
@@ -146,7 +151,7 @@ Sanity check to make sure you got a correct token:
 ## Use the token to access Windows Defender ATP API
 
 - Choose the API you want to use - [Supported Windows Defender ATP APIs](exposed-apis-list.md)
-- Set the Authorization header in the Http request you send to "Bearer {token}" (Bearer is the Authorization scheme)
+- Set the Authorization header in the HTTP request you send to "Bearer {token}" (Bearer is the Authorization scheme)
 - The Expiration time of the token is 1 hour (you can send more then one request with the same token)
 
 - Example of sending a request to get a list of alerts **using C#** 

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md

@@ -111,7 +111,7 @@ This page explains how to create an app, get an access token to Windows Defender
 	![Image of multi tenant](images/webapp-edit-multitenant.png)
 
 
-### Application consent (for multi tenant apps only)
+**Note**:
 
 	You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.
 
@@ -147,7 +147,7 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
 	```
 	string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here
 	string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
-	string appSecret = GetTheSecretFromSafePlace(); // Paste your own app secret here for a test, and then store it in a safe place! 
+	string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! 
 
 	const string authority = "https://login.windows.net";
 	const string wdatpResourceId = "https://api.securitycenter.windows.com/";