Merge branch 'master' into fpfn-mdav-mdatp

2025-05-14 22:37:22 +00:00 · 2021-01-25 15:17:08 -08:00 · 2021-01-25 15:17:08 -08:00 · c418bcf283
commit c418bcf283
parent 2e2653dbb8 d4c5f09ae9
69 changed files with 181 additions and 175 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@ -90,9 +90,11 @@ If successful, this method returns 200 - Ok response code and the updated Machin
 Here is an example of a request that adds machine tag.
-```http
+```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
-Content-type: application/json
+```
 ```json
 {
  "Value" : "test Tag 2",
  "Action": "Add"
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@ -81,9 +81,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Collect forensics due to alert 1234"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@ -96,9 +96,10 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
 ```
 ```json
 {
 	"machineId": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@ -73,6 +73,6 @@ If Indicator with the specified id was not found - 404 Not Found.
 Here is an example of the request.
-```
+```http
 DELETE https://api.securitycenter.microsoft.com/api/indicators/995
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@ -80,6 +80,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-tag.md
@ -32,7 +32,7 @@ ms.topic: article
 ## API description
 Find [Machines](machine.md) by [Tag](machine-tags.md).
-
+<br>```startswith``` query is supported. 
 ## Limitations
 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
@ -56,7 +56,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 ## HTTP request
 ```
-GET /api/machines/findbytag(tag='{tag}')
+GET /api/machines/findbytag?tag={tag}&useStartsWithFilter={true/false}
 ```
 ## Request headers
@ -65,6 +65,13 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 ## Request URI parameters
 Name | Type | Description
 :---|:---|:---
 tag | String | The tag name. **Required**.
 useStartsWithFilter | Boolean | When set to true, the search will find all devices with tag name that starts with the given tag in the query. Defaults to false. **Optional**.
 ## Request body
 Empty
@ -77,6 +84,6 @@ If successful - 200 OK with list of the machines in the response body.
 Here is an example of the request.
-```
+```http
-GET https://api.securitycenter.microsoft.com/api/machines/findbytag(tag='testTag')
+GET https://api.securitycenter.microsoft.com/api/machines/findbytag?tag=testTag&useStartsWithFilter=true
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@ -77,7 +77,7 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains
 ```
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@ -77,7 +77,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files
 ```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@ -78,7 +78,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips
 ```
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_213628044
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",    
 	"value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@ -79,7 +79,7 @@ If successful and alert and device exist - 200 OK. If alert not found or device
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine
 ```
@ -88,9 +88,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@ -78,7 +78,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user
 ```
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_21362
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "contoso\\user1",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@ -88,7 +88,7 @@ If successful, this method returns 200 OK, and a list of [alert](alerts.md) obje
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts
 ```
@ -152,7 +152,7 @@ Here is an example of the response.
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=evidence
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
@ -72,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@ -61,18 +61,15 @@ If successful and map exists - 200 OK.
 Here is an example of the request.
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/CveKbMap
 Content-type: application/json
 ```
 **Response**
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
    "@odata.count": 4168,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/configurationScore
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@ -30,8 +30,12 @@ ms.technology: mde
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
 ## API description
 Retrieves a collection of discovered vulnerabilities related to a given device ID.
 ## Limitations
 1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -67,7 +71,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
 ```
@ -75,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
 Here is an example of the response.
-```
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@ -62,6 +62,11 @@ Header | Value
 :---|:---
 Authorization | Bearer {token}. **Required**.
 ## Request URI parameters
 Name | Type | Description
 :---|:---|:---
 lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 ## Request body
 Empty
@ -76,8 +81,8 @@ If successful and domain exists - 200 OK, with statistics object in the response
 Here is an example of the request.
-```
+```http
-GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
+GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats?lookBackHours=48
 ```
 **Response**
@ -85,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
 	"host": "example.com",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/exposureScore
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@ -76,7 +76,7 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
 ```
@ -85,9 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
 	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
 	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@ -79,6 +79,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@ -62,6 +62,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 ## Request URI parameters
 Name | Type | Description
 :---|:---|:---
 lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 ## Request body
 Empty
@ -76,8 +81,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
 Here is an example of the request.
-```
+```http
-GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
+GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats?lookBackHours=48
 ```
 **Response**
@ -85,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
    "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@ -90,9 +90,7 @@ GET https://api.securitycenter.microsoft.com/api/investigations
 Here is an example of the response:
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@ -79,6 +79,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@ -63,6 +63,11 @@ Name | Type | Description
 :---|:---|:---
 Authorization | String | Bearer {token}. **Required**.
 ## Request URI parameters
 Name | Type | Description
 :---|:---|:---
 lookBackHours | Int32 | Defines the hours we search back to get the statistics. Defaults to 30 days. **Optional**.
 ## Request body
 Empty
@ -78,7 +83,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
 Here is an example of the request.
 ```http
-GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
+GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats?lookBackHours=48
 ```
 **Response**
@ -86,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
 Here is an example of the response.
-```http
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
    "ipAddress": "10.209.67.177",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@ -61,18 +61,15 @@ If successful - 200 OK.
 Here is an example of the request.
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/KbInfo
 Content-type: application/json
 ```
 **Response**
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
    "@odata.count": 271,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
-```http
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
@ -70,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@ -87,9 +87,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c29
 Here is an example of the response.
-```http
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@ -77,7 +77,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
 ```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-42
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
    "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@ -82,7 +82,7 @@ If successful, this method returns 200, Ok response code with a collection of [m
 Here is an example of the request on an organization that has three MachineActions.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions
 ```
@ -91,9 +91,7 @@ GET https://api.securitycenter.microsoft.com/api/machineactions
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
 ```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machi
 Here is an example of the response.
 ```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@ -92,9 +92,7 @@ GET https://api.securitycenter.microsoft.com/api/machines
 Here is an example of the response.
-```http
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@ -60,9 +60,8 @@ If successful - 200 OK.
 Here is an example of the request.
-```
+```http
 GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
 Content-type: application/json
 ```
 **Response**
@ -70,9 +69,7 @@ Content-type: application/json
 Here is an example of the response.
 Field *id* contains device id and equal to the field *id** in devices info. 
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
    "@odata.count":444,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@ -30,7 +30,11 @@ ms.technology: mde
 [!include[Improve request performance](../../includes/improve-request-performance.md)]
-Retrieves missing KBs (security updates) by device ID
+## API description
 Retrieves missing KBs (security updates) by device ID.
 ## Limitations
 1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
 ## HTTP request
@ -58,7 +62,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
@ -68,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@ -73,19 +73,15 @@ If successful, this method returns 200, Ok response code with object that holds
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
 ```
 **Response**
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
    "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software 
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@ -31,8 +31,12 @@ ms.technology: mde
 [!include[Prerelease information](../../includes/prerelease.md)]
 ## API description
 Retrieves a collection of security recommendations related to a given device ID.
 ## Limitations
 1. Rate limitations for this API are 50 calls per minute and 1500 calls per hour.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -66,7 +70,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
 ```
@ -75,7 +79,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf4
 Here is an example of the response.
-```
+```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@ -1,6 +1,6 @@
 ---
 title: Get software by Id
-description: Retrieves a list of exposure scores by device group.
+description: Retrieves a list of sofware by ID.
 keywords: apis, graph api, supported apis, get, software, mdatp tvm api
 search.product: eADQiWindows 10XVcnh
 ms.prod: m365-security
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 ```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 Here is an example of the response.
 ```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
    "id": "microsoft-_-edge",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
 ```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distr
 Here is an example of the response.
 ```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
@ -66,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@ -78,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
 Here is an example of a request that gets all Indicators
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators
 ```
@ -86,9 +86,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
@ -141,7 +139,7 @@ Content-type: application/json
 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```
@ -149,9 +147,7 @@ GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'A
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@ -64,9 +64,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1
 Content-type: application/json
 ```
 **Response**
@ -74,9 +73,7 @@ Content-type: application/json
 Here is an example of the response.
-```
+```json
 HTTP/1.1 200 OK
 Content-type: application/json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "user1",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@ -81,6 +81,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@ -82,6 +82,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/users/user1/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities 
 ```
@ -76,7 +76,6 @@ GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulne
 Here is an example of the response.
 ```json
 {
    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
    "value": [
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
@ -67,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 Here is an example of the request.
-```
+```http
 GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-ti-indicators.md
@ -37,7 +37,7 @@ Submits or Updates batch of [Indicator](ti-indicator.md) entities.
 ## Limitations
 1. Rate limitations for this API are 30 calls per minute.
 2. There is a limit of 15,000 active [Indicators](ti-indicator.md) per tenant. 
-
+3. Maximum batch size for one API call is 500.
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -79,9 +79,10 @@ Indicators | List<[Indicator](ti-indicator.md)> | List of [Indicators](ti-indica
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/indicators/import
 ```
 ```json
 {
 	"Indicators":
--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@ -84,9 +84,12 @@ If successful, this method returns 201 - Created response code and [Investigatio
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
-Content-type: application/json
+```
 ```json
 {
-  "Comment": "Test investigation",
+  "Comment": "Test investigation"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
@ -40,7 +40,7 @@ Represent an Automated Investigation entity in Defender for Endpoint.
 Method|Return Type |Description
 :---|:---|:---
 [List Investigations](get-investigation-collection.md) | Investigation collection | Get collection of Investigation
-[Get single Investigation](get-investigation-collection.md) | Investigation entity | Gets single Investigation entity.
+[Get single Investigation](get-investigation-object.md) | Investigation entity | Gets single Investigation entity.
 [Start Investigation](initiate-autoir-investigation.md) | Investigation entity | Starts Investigation on a device.
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@ -90,13 +90,15 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```console
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Isolate machine due to alert 1234",
-  “IsolationType”: “Full” 
+  "IsolationType": "Full" 
 }
 ```
- To unisolate a device, see [Release device from isolation](unisolate-machine.md).
+- To release a device from isolation, see [Release device from isolation](unisolate-machine.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@ -62,7 +62,7 @@ version | String | Operating system Version.
 osBuild | Nullable long | Operating system build number.
 lastIpAddress | String | Last IP on local NIC on the [machine](machine.md).
 lastExternalIpAddress | String | Last IP through which the [machine](machine.md) accessed the internet.
-healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
+healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData", "NoSensorDataImpairedCommunication" and "Unknown". 
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
 riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@ -87,9 +87,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Offboard machine by automation"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@ -89,9 +89,10 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/indicators
 ```
 ```json
 {
    "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@ -83,9 +83,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution 
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Restrict code execution due to alert 1234"
 }
@ -93,4 +95,3 @@ Content-type: application/json
 ```
 - To remove code execution restriction from a device, see [Remove app restriction](unrestrict-code-execution.md).
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@ -35,10 +35,10 @@ ms.technology: mde
 1. You can only run a query on data from the last 30 days.
 2. The results will include a maximum of 100,000 rows.
 3. The number of executions is limited per tenant:
-   - API calls: Up to 15 calls per minute
+   - API calls: Up to 45 calls per minute.
-   - Execution time: 10 minutes of running time every hour and 4 hours of running time a day
+   - Execution time: 10 minutes of running time every hour and 3 hours of running time a day.
 4. The maximal execution time of a single request is 10 minutes.
-5. 429 response will represent reaching quota limit either by number of requests or by CPU. The 429 response body will also indicate the time until the quota is renewed. 
+5. 429 response will represent reaching quota limit either by number of requests or by CPU. Read response body to understand what limit has been reached. 
 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
@ -82,9 +82,11 @@ Request
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
-Content-type: application/json
+```
 ```json
 {
 	"Query":"DeviceProcessEvents  
    | where InitiatingProcessFileName =~ 'powershell.exe'
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@ -91,12 +91,14 @@ If successful, this method returns 201, Created response code and _MachineAction
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan 
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Check machine for viruses due to alert 3212",
-  “ScanType”: “Full”
+  "ScanType": "Full"
 }
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
  "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9"
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@ -84,9 +84,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Unisolate machine since it was clean and validated"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@ -82,9 +82,11 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.
-```
+```http
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
-Content-type: application/json
+```
 ```json
 {
  "Comment": "Unrestrict code execution since machine was cleaned and validated"
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md
@ -91,10 +91,11 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in
 Here is an example of the request.
-```
+```http
 PATCH https://api.securitycenter.microsoft.com/api/alerts/121688558380765161_2136280442
-Content-Type: application/json
+```
 ```json
 {
    "status": "Resolved",
 	"assignedTo": "secop2@contoso.com",