update images

windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md

@@ -25,11 +25,11 @@ ms.date: 09/03/2018
 [!include[Prerelease information](prerelease.md)]
 
 
-This pages describes how to create an application to get programmatical access to Windows Defender ATP on behalf of a user.
+These pages describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user.
 
-If you need programmatical access Windows Defender ATP without a user, please refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md)
+If you need programmatical access Windows Defender ATP without a user, refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md).
 
-If you are not sure which access you need, you'd better read the [Introduction page](exposed-apis-intro.md)
+If you are not sure which access you need, read the [Introduction page](exposed-apis-intro.md).
 
 Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
@@ -40,10 +40,12 @@ In general, you’ll need to take the following steps to use the APIs:
 
 This page explains how to create an app, get an access token to Windows Defender ATP and validate the token includes the required permission.
 
-**Note**: When accessing WDATP API on behalf of a user, you will need the correct app permission and user permission.
-If you are not familiar with user permissions on WDATP, please refer to [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md)
+>[!NOTE]
+> When accessing Windows Defender ATP API on behalf of a user, you will need the correct app permission and user permission.
+> If you are not familiar with user permissions on Windows Defender ATP, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md). 
 
-**Rule of thumb for user permissions:** If you have the permission to perform an action in the portal, you have the permission to perform the action in the API. 
+>[!TIP]
+> If you have the permission to perform an action in the portal, you have the permission to perform the action in the API. 
 
 ## Create an app
 
@@ -74,16 +76,17 @@ If you are not familiar with user permissions on WDATP, please refer to [Manage
 
 6. Click **Select permissions** > check **Read alerts** & **Collect forensics** > **Select**.
 	
-	**Important note**: You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an example!
+	>[!IMPORTANT]
+    >You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an example.
 
     ![Image of select permissions](images/nativeapp-select-permissions.png)
 
 	For instance,
 
-    - In order to [run advanced queries](run-advanced-query-api.md), check 'Run advanced queries' permission
-    - In order to [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), check 'Isolate machine' permission
+    - To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
+    - To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
 
-       To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
+       To determine which permission you need, look at the **Permissions** section in the API you are interested to call.
 
 
 7. Click **Done**

windows/security/threat-protection/windows-defender-atp/exposed-apis-intro.md

@@ -33,20 +33,22 @@ In general, you’ll need to take the following steps to use the APIs:
 
 As a developer, you decide which permissions for Windows Defender ATP your app requests. When a user signs in to your app they (or, in some cases, an administrator) are given a chance to give consent to these permissions. If the user provides consent, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-approved to by an administrator when the app is installed or during sign-up.
 
-# #Delegated permissions, application permissions, and effective permissions
+## Delegated permissions, application permissions, and effective permissions
 
 Windows Defender ATP has two types of permissions: delegated permissions and application permissions.
 
-- Delegated permissions are used by apps that have a signed-in user present. For these apps either the user or an administrator provides consent to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
-- Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
+- **Delegated permissions** <br> 
+    Used by apps that have a signed-in user present. For these apps either the user or an administrator provides consent to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
+- **Application permissions** <br>
+    Used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
 
-Effective permissions are the permissions that your app will have when making requests to Windows Defender ATP. It is important to understand the difference between the delegated and application permissions that your app is granted and its effective permissions when making calls to Windows Defender ATP.
+Effective permissions are permissions that your app will have when making requests to Windows Defender ATP. It is important to understand the difference between the delegated and application permissions that your app is granted and its effective permissions when making calls to Windows Defender ATP.
 
 - For delegated permissions, the effective permissions of your app will be the least privileged intersection of the delegated permissions the app has been granted (via consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user. Within organizations, the privileges of the signed-in user may be determined by policy or by membership in one or more administrator roles. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles).
 
-	For example, assume your app has been granted the Machine.CollectForensics delegated permission. This permission nominally grants your app permission to collect investigation package from a machine. If the signed-in user has 'Alerts Investigation' permission, your app will be able to collect investigation package from a machine, if the machine belongs to a group the user is exposed to. However, if the signed-in user doesn't have 'Alerts Investigation' permission, your app won't be able to collect investigation package from any machine.
+	For example, assume your app has been granted the `Machine.CollectForensics` delegated permission. This permission nominally grants your app permission to collect investigation package from a machine. If the signed-in user has 'Alerts Investigation' permission, your app will be able to collect investigation package from a machine, if the machine belongs to a group the user is exposed to. However, if the signed-in user doesn't have 'Alerts Investigation' permission, your app won't be able to collect investigation package from any machine.
 
-- For application permissions, the effective permissions of your app will be the full level of privileges implied by the permission. For example, an app that has the Machine.CollectForensics application permission can collect investigation package from any machine in the organization.
+- For application permissions, the effective permissions of your app will be the full level of privileges implied by the permission. For example, an app that has the `Machine.CollectForensics` application permission can collect investigation package from any machine in the organization.
 
 
 ## Related topics