Merge remote-tracking branch 'refs/remotes/origin/master' into sfb-11375502

windows/deploy/TOC.md

@@ -1,4 +1,5 @@
 # [Deploy Windows 10](index.md)
+## [What's new in Windows 10 deployment](deploy-whats-new.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 ## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md)
 ### [Upgrade Readiness architecture](upgrade-readiness-architecture.md)
@@ -26,6 +27,7 @@
 ### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
 ### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
 ### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
+### [Perform an in-place upgrade to Windows 10 with MDT](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 ### [Configure MDT settings](configure-mdt-settings.md)
 #### [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 #### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
@@ -48,8 +50,7 @@
 ### [Monitor the Windows 10 deployment with Configuration Manager](monitor-windows-10-deployment-with-configuration-manager.md)
 ### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
 ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
+### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
 ## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md)
 ## [Convert MBR partition to GPT](mbr-to-gpt.md)
 ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)

windows/deploy/change-history-for-deploy-windows-10.md

@@ -14,6 +14,9 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
 ## March 2017
 | New or changed topic | Description |
 |----------------------|-------------|
+| [What's new in Windows 10 deployment](deploy-whats-new.md) | New | 
+| [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) | Topic moved under [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) in the table of contents and title adjusted to clarify in-place upgrade. | 
+| [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) | Topic moved under [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) in the table of contents and title adjusted to clarify in-place upgrade. | 
 | [Convert MBR partition to GPT](mbr-to-gpt.md) | New | 
 
 ## February 2017

windows/deploy/deploy-whats-new.md

@@ -0,0 +1,83 @@
+---
+title: What's new in Windows 10 deployment
+description: Changes and new features related to Windows 10 deployment
+keywords: deployment, automate, tools, configure, news
+ms.mktglfcycl: deploy
+localizationpriority: high
+ms.prod: w10
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# What's new in Windows 10 deployment
+
+**Applies to**
+-   Windows 10
+
+This topic provides a summary of many new features and changes that are related to deploying Windows 10 in your organization.
+
+For a detailed list of changes to Windows 10 ITPro TechNet library content, see the [Online content change history](#online-content-change-history) section in this topic.
+
+For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index)
+
+## Deployment solutions and tools
+
+### MBR2GPT
+
+MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT. 
+
+There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface.  Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
+
+For more information, see [MBR2GPT.EXE](mbr-to-gpt).
+
+### Microsoft Deployment Toolkit (MDT)
+
+MDT build 884 is available, including support for:
+- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016.
+- The Windows ADK for Windows 10, version 1607.
+- Integration with Configuration Manager version 1606.
+
+For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/en-US/windows/dn475741).
+
+### Upgrade Readiness
+
+The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. 
+
+Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. To use Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
+
+The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics:
+
+- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/)
+- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness)
+
+### Update Compliance
+
+Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
+
+Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues.
+
+For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md).
+
+## Testing and validation guidance
+
+### Windows 10 deployment proof of concept (PoC)
+
+The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual environment and become familiar with deployment tools such as MDT and Configuration Manager. The PoC guide provides step-by-step instructions for installing and using Hyper-V to create a virtual lab environment. The guide makes extensive use of Windows PowerShell to streamline each phase of the installation and setup. 
+
+For more information, see the following guides:
+
+- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt)
+- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr)
+
+## Online content change history
+
+The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10.
+
+[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
+<BR>[Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md)
+<BR>[Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
+<BR>[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
+
+ 

windows/deploy/index.md

@@ -16,13 +16,12 @@ Learn about deploying Windows 10 for IT professionals.
 
 |Topic |Description |
 |------|------------|
+|[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
 |[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
 |[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
-|[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) task sequence to completely automate the process. |
-|[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. |
 |[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
 |[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |

windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md

@@ -1,6 +1,6 @@
 ---
-title: Upgrade to Windows 10 with System Center Configuration Manager (Windows 10)
-description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process.
+title: Perform an in-place upgrade to Windows 10 using Configuration Manager (Windows 10)
+description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 author: mtniehaus
 ---
 
-# Upgrade to Windows 10 with System Center Configuration Manager
+# Perform an in-place upgrade to Windows 10 using Configuration Manager
 
 
 **Applies to**

windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md

@@ -1,5 +1,5 @@
 ---
-title: Upgrade to Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
+title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
 description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
 ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
 keywords: upgrade, update, task sequence, deploy
@@ -11,7 +11,7 @@ ms.pagetype: mdt
 author: mtniehaus
 ---
 
-# Upgrade to Windows 10 with the Microsoft Deployment Toolkit
+# Perform an in-place upgrade to Windows 10 with MDT
 
 **Applies to**
 -   Windows 10

windows/deploy/windows-10-poc-mdt.md

@@ -5,6 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
+keywords: deployment, automate, tools, configure, mdt
+localizationpriority: high
 author: greg-lindsay
 ---
 

windows/deploy/windows-10-poc-sc-config-mgr.md

@@ -5,6 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
+keywords: deployment, automate, tools, configure, sccm, configuration manager
+localizationpriority: high
 author: greg-lindsay
 ---
 

windows/deploy/windows-10-poc.md

@@ -5,6 +5,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
+keywords: deployment, automate, tools, configure, mdt, sccm
+localizationpriority: high
 author: greg-lindsay
 ---
 

windows/keep-secure/TOC.md

@@ -781,6 +781,7 @@
 ##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
 ##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
 ##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
 ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)
 ##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)

windows/keep-secure/code/example-script.ps1

@@ -0,0 +1,60 @@
+$authUrl = 'Your Authorization URL'
+$clientId = 'Your Client ID'
+$clientSecret = 'Your Client Secret'
+
+
+Try
+{
+    $tokenPayload = @{
+        "resource" = 'https://graph.windows.net'
+        "client_id" = $clientId
+        "client_secret" = $clientSecret
+        "grant_type"='client_credentials'}
+
+    "Fetching an access token"
+    $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
+    $token = $response.access_token
+    "Token fetched successfully"
+
+    $headers = @{
+        "Content-Type" = "application/json"
+        "Accept" = "application/json"
+        "Authorization" = "Bearer {0}" -f $token }
+
+    $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/"
+
+    $alertDefinitionPayload = @{
+        "Name" = "Test Alert"
+        "Severity" = "Medium"
+        "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature"
+        "Title" = "Test alert."
+        "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled."
+        "RecommendedAction" = "No recommended action for this test alert."
+        "Category" = "SuspiciousNetworkTraffic"
+        "Enabled" = "true"}
+    "Creating an Alert Definition"
+    $alertDefinition =
+        Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) `
+            -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json)
+    "Alert Definition created successfully"
+    $alertDefinitionId = $alertDefinition.Id
+
+    $iocPayload = @{
+        "Type"="IpAddress"
+        "Value"="52.184.197.12"
+        "DetectionFunction"="Equals"
+        "Enabled"="true"
+        "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId }
+
+    "Creating an Indicator of Compromise"
+    $ioc =
+        Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) `
+             -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json)
+    "Indicator of Compromise created successfully"
+
+    "All done!"
+}
+Catch
+{
+    'Something went wrong! Got the following exception message: {0}' -f $_.Exception.Message
+}

windows/keep-secure/code/example.ps1

@@ -1,8 +1,6 @@
-$tenantId = '{Your Tenant ID}'
-$clientId = '{Your Client ID}'
-$clientSecret = '{Your Client Secret}'
-
-$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId
+$authUrl = 'Your Authorization URL'
+$clientId = 'Your Client ID'
+$clientSecret = 'Your Client Secret'
 
 $tokenPayload = @{
     "resource"='https://graph.windows.net'

windows/keep-secure/code/example.py

@@ -2,11 +2,9 @@ import json
 import requests
 from pprint import pprint
 
-tenant_id="{your tenant ID}"
-client_id="{your client ID}"
-client_secret="{your client secret}"
-
-auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id)
+auth_url="Your Authorization URL"
+client_id="Your Client ID"
+client_secret="Your Client Secret"
 
 payload = {"resource": "https://graph.windows.net",
            "client_id": client_id,

windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md

@@ -27,6 +27,8 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
 
 1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
 
+  ![Image of threat intel API menu](images/atp-threat-intel-api.png)
+
 2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
 
 3. Copy the individual values or select **Save details to file** to download a file that contains all the values.

windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md

@@ -0,0 +1,85 @@
+---
+title: Experiment with custom threat intelligence alerts
+description: Use this end-to-end guide to start using the Windows Defender ATP threat intelligence API.
+keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Experiment with custom threat intelligence (TI) alerts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+
+With the Windows Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization.  
+
+For more information about threat intelligence concepts, see [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md).
+
+This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
+
+You'll be guided through sample steps so you can experience how the threat intelligence API feature works. Sample steps include creating alerts definitions and indicators of compromise (IOCs), and examples of how triggered custom TI alerts look like.
+
+## Step 1: Enable the threat intelligence API and obtain authentication details
+To use the threat intelligence API feature, you'll need to enable the feature. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
+
+This step is required to generate security credentials that you need to use while working with the API.
+
+## Step 2: Create a sample alert definition and IOCs
+This step will guide you in creating an alert definition and an IOC for a malicious IP.
+
+1. Open a Windows PowerShell ISE.
+
+2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert.
+
+    NOTE:<br>
+    Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application.
+
+    [!code[ExampleScript](./code/example-script.ps1#L1-L60)]
+
+3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines.
+
+    ![Image of the script running](images/atp-running-script.png)
+
+    NOTE:<br>
+    If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script:
+
+    ```syntax
+    $webclient=New-Object System.Net.WebClient
+    $creds=Get-Credential
+    $webclient.Proxy.Credentials=$creds
+    ```
+
+## Step 3: Simulate a custom TI alert
+This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert.
+
+1. Open a Windows PowerShell ISE in the machine you onboarded to Windows Defender ATP.
+
+2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to a Microsoft's dedicated demo server that will raise an alert based on the custom alert definition.
+
+    ![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png)
+
+## Step 4: Explore the custom alert in the portal
+This step will guide you in exploring the custom alert in the portal.
+
+1.	Open the [Windows Defender ATP portal](http: /securitycenter.windows.com/) on a browser.
+
+2.	Log in with your Windows Defender ATP credentials.
+
+3.	The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack.
+
+    ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png)
+
+> [!NOTE]
+> It can take up to 15 minutes for the alert to appear in the portal.

windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md

@@ -36,7 +36,7 @@ These code examples demonstrate the following tasks:
 ## Step 1: Obtain an Azure AD access token
 The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
 
-Replace the *tenantid*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal:
 
 [!code[CustomTIAPI](./code/example.ps1#L1-L14)]
 

windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md

@@ -37,7 +37,7 @@ These code examples demonstrate the following tasks:
 ## Step 1: Obtain an Azure AD access token
 The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token.
 
-Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
+Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal:
 
 [!code[CustomTIAPI](./code/example.py#L1-L17)]