Merge pull request #4469 from MicrosoftDocs/master

Publish 12/28/2020, 3:30 PM
2025-05-17 07:47:22 +00:00 · 2020-12-28 15:45:09 -08:00 · 2020-12-28 15:45:09 -08:00 · e4d418c8fb
commit e4d418c8fb
parent 6fca90a0d8 fd647f6b3a
103 changed files with 715 additions and 366 deletions
--- a/windows/security/includes/improve-request-performance.md
+++ b/windows/security/includes/improve-request-performance.md
@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---

->[!NOTE]
+>[!TIP]
 >For better performance, you can use server closer to your geo location:
 > - api-us.securitycenter.microsoft.com
 > - api-eu.securitycenter.microsoft.com
--- a/windows/security/includes/microsoft-defender-api-usgov.md
+++ b/windows/security/includes/microsoft-defender-api-usgov.md
@ -0,0 +1,20 @@
+---
+title: Microsoft Defender for Endpoint API URIs for US Government
+description: Microsoft Defender for Endpoint API URIs for US Government
+keywords: defender, endpoint, api, government, gov
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+>[!NOTE]
+>If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government GCC High customers](../threat-protection/microsoft-defender-atp/gov.md#api).
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: medium
+ms.localizationpriority: high
 author: denisebmsft
 ms.author: deniseb
 ms.date: 12/16/2020
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@ -23,7 +23,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description

@ -54,7 +59,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 ## HTTP request

 ```http
-POST https://api.securitycenter.windows.com/api/machines/{id}/tags
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/tags
 ```

 ## Request headers
@ -84,10 +89,8 @@ If successful, this method returns 200 - Ok response code and the updated Machin

 Here is an example of a request that adds machine tag.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```http
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags
 Content-type: application/json
 {
  "Value" : "test Tag 2",
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@ -21,9 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)

 ## Methods

@ -71,7 +76,7 @@ comments | List of Alert comments | Alert Comment is an object that contains: co
 ### Response example for getting single alert:

 ```
-GET https://api.securitycenter.windows.com/api/alerts/da637084217856368682_-292920499
+GET https://api.securitycenter.microsoft.com/api/alerts/da637084217856368682_-292920499
 ```

 ```json
--- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
@ -26,6 +26,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## Get Alerts using a simple PowerShell script

@ -103,8 +107,8 @@ $tenantId = '' ### Paste your tenant ID here
 $appId = '' ### Paste your Application ID here
 $appSecret = '' ### Paste your Application secret here

-$resourceAppIdUri = 'https://api.securitycenter.windows.com'
-$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
+$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
 $authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -142,7 +146,7 @@ $dateTime = (Get-Date).ToUniversalTime().AddHours(-48).ToString("o")

 # The URL contains the type of query and the time filter we create above
 # Read more about other query options and filters at   Https://TBD- add the documentation link
-$url = "https://api.securitycenter.windows.com/api/alerts?`$filter=alertCreationTime ge $dateTime"
+$url = "https://api.securitycenter.microsoft.com/api/alerts?`$filter=alertCreationTime ge $dateTime"

 # Set the WebRequest headers
 $headers = @{ 
--- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
@ -24,7 +24,7 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

 Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes.

--- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
@ -24,7 +24,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 In this section you will learn create a Power BI report on top of Defender for Endpoint APIs.

@ -48,7 +52,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
 	let 
 		AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20",

-		HuntingUrl = "https://api.securitycenter.windows.com/api/advancedqueries",
+		HuntingUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries",

 		Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])),

@ -114,7 +118,7 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a

 		Query = "MachineActions",

-		Source = OData.Feed("https://api.securitycenter.windows.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true])
+		Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true])
 	in
 		Source

--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@ -22,10 +22,9 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:** 
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

 Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).

--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@ -24,7 +24,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Collect investigation package from a device.
@ -49,7 +54,7 @@ Delegated (work or school account) |	Machine.CollectForensics |	'Collect forensi

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/collectInvestigationPackage
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/collectInvestigationPackage
 ```

 ## Request headers
@ -76,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
+POST https://api.securitycenter.microsoft.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage
 Content-type: application/json
 {
  "Comment": "Collect forensics due to alert 1234"
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -56,7 +60,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
 ## HTTP request

 ```
-POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
+POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
 ```

 ## Request headers
@ -91,10 +95,8 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference
+POST https://api.securitycenter.microsoft.com/api/alerts/CreateAlertByReference
 ```
 ```json
 {
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -45,12 +49,9 @@ Application |	Ti.ReadWrite.All |	'Read and write Indicators'

 ## HTTP request
 ```
-Delete https://api.securitycenter.windows.com/api/indicators/{id}
+Delete https://api.securitycenter.microsoft.com/api/indicators/{id}
 ```

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ## Request headers

 Name | Type | Description
@ -72,5 +73,5 @@ If Indicator with the specified id was not found - 404 Not Found.
 Here is an example of the request.

 ```
-DELETE https://api.securitycenter.windows.com/api/indicators/995
+DELETE https://api.securitycenter.microsoft.com/api/indicators/995
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md
@ -26,6 +26,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
 This page describes how to create an application to get programmatic access to Defender for Endpoint on behalf of a user.

 If you need programmatic access Microsoft Defender for Endpoint without a user, refer to [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md).
@ -127,9 +131,9 @@ For more information on AAD tokens, see [Azure AD tutorial](https://docs.microso

        public static class WindowsDefenderATPUtils
        {
-            private const string Authority = "https://login.windows.net";
+            private const string Authority = "https://login.microsoftonline.com";

-            private const string WdatpResourceId = "https://api.securitycenter.windows.com";
+            private const string WdatpResourceId = "https://api.securitycenter.microsoft.com";

            public static async Task<string> AcquireUserTokenAsync(string username, string password, string appId, string tenantId)
            {
@ -175,7 +179,7 @@ Verify to make sure you got a correct token:
    ```csharp
    var httpClient = new HttpClient();

-    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts");
+    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");

    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md
@ -25,6 +25,11 @@ ms.topic: article
 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
 This page describes how to create an Azure Active Directory (Azure AD) application to get programmatic access to Microsoft Defender for Endpoint on behalf of your customers.


@ -139,8 +144,8 @@ $tenantId = '' ### Paste your tenant ID here
 $appId = '' ### Paste your Application ID here
 $appSecret = '' ### Paste your Application key here

-$resourceAppIdUri = 'https://api.securitycenter.windows.com'
-$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
+$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
 $authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -172,8 +177,8 @@ return $token
    string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
    string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! 

-    const string authority = "https://login.windows.net";
-    const string wdatpResourceId = "https://api.securitycenter.windows.com";
+    const string authority = "https://login.microsoftonline.com";
+    const string wdatpResourceId = "https://api.securitycenter.microsoft.com";

    AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/");
    ClientCredential clientCredential = new ClientCredential(appId, appSecret);
@ -227,7 +232,7 @@ Sanity check to make sure you got a correct token:
    ```
    var httpClient = new HttpClient();

-    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts");
+    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");

    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md
@ -26,6 +26,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
 This page describes how to create an application to get programmatic access to Defender for Endpoint without a user. If you need programmatic access to Defender for Endpoint on behalf of a user, see [Get access with user context](exposed-apis-create-app-nativeapp.md). If you are not sure which access you need, see [Get started](apis-intro.md).

 Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate work flows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
@ -117,8 +121,8 @@ $tenantId = '' ### Paste your tenant ID here
 $appId = '' ### Paste your Application ID here
 $appSecret = '' ### Paste your Application key here

-$resourceAppIdUri = 'https://api.securitycenter.windows.com'
-$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
+$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
 $authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -150,8 +154,8 @@ The following code was tested with NuGet Microsoft.IdentityModel.Clients.ActiveD
    string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
    string appSecret = "22222222-2222-2222-2222-222222222222"; // Paste your own app secret here for a test, and then store it in a safe place! 

-    const string authority = "https://login.windows.net";
-    const string wdatpResourceId = "https://api.securitycenter.windows.com";
+    const string authority = "https://login.microsoftonline.com";
+    const string wdatpResourceId = "https://api.securitycenter.microsoft.com";

    AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}/");
    ClientCredential clientCredential = new ClientCredential(appId, appSecret);
@ -204,7 +208,7 @@ The following is an example of sending a request to get a list of alerts **using
 ```
    var httpClient = new HttpClient();

-    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.windows.com/api/alerts");
+    var request = new HttpRequestMessage(HttpMethod.Get, "https://api.securitycenter.microsoft.com/api/alerts");

    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md
@ -22,8 +22,13 @@ ms.date: 09/24/2018

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 Full scenario using multiple APIs from Microsoft Defender for Endpoint.
@ -63,7 +68,7 @@ $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret
 $suspiciousUrl = 'www.suspiciousUrl.com' # Paste your own URL here

 $resourceAppIdUri = 'https://securitycenter.onmicrosoft.com/windowsatpservice'
-$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
 $authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -75,7 +80,7 @@ $aadToken = $authResponse.access_token


 #Get latest alert
-$alertUrl = "https://api.securitycenter.windows.com/api/alerts?`$top=10"
+$alertUrl = "https://api.securitycenter.microsoft.com/api/alerts?`$top=10"
 $headers = @{ 
    'Content-Type' = 'application/json'
    Accept = 'application/json'
@ -108,7 +113,7 @@ $query = "NetworkCommunicationEvents
 | where RemoteUrl  == `"$suspiciousUrl`"
 | summarize ConnectionsCount = count() by MachineId"

-$queryUrl = "https://api.securitycenter.windows.com/api/advancedqueries/run"
+$queryUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"

 $queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query }
 $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
@ -30,9 +30,9 @@ ms.topic: article

 ### Endpoint URI:

-> The service base URI is: https://api.securitycenter.windows.com
+> The service base URI is: https://api.securitycenter.microsoft.com
 > 
-> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.windows.com/api/alerts
+> The queries based OData have the '/api' prefix. For example, to get Alerts you can send GET request to https://api.securitycenter.microsoft.com/api/alerts

 ### Versioning:

@ -40,9 +40,14 @@ ms.topic: article
 > 
 > The current version is **V1.0**.
 > 
-> To use a specific version, use this format: `https://api.securitycenter.windows.com/api/{Version}`. For example: `https://api.securitycenter.windows.com/api/v1.0/alerts`
+> To use a specific version, use this format: `https://api.securitycenter.microsoft.com/api/{Version}`. For example: `https://api.securitycenter.microsoft.com/api/v1.0/alerts`
 > 
-> If you don't specify any version (e.g. https://api.securitycenter.windows.com/api/alerts ) you will get to the latest version.
+> If you don't specify any version (e.g. https://api.securitycenter.microsoft.com/api/alerts ) you will get to the latest version.
+
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
--- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md
@ -22,9 +22,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)

@ -150,14 +154,14 @@ HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$top=10&$expand=ev
 Get all the alerts last updated after 2019-11-22 00:00:00

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z
+HTTP GET  https://api.securitycenter.microsoft.com/api/alerts?$filter=lastUpdateTime+ge+2019-11-22T00:00:00Z
 ```

 **Response:**

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Alerts",
    "value": [
        {
            "id": "da637308392288907382_-880718168",
@ -206,14 +210,14 @@ HTTP GET  https://api.securitycenter.windows.com/api/alerts?$filter=lastUpdateTi
 Get all the devices with 'High' 'RiskScore'

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=riskScore+eq+'High'
+HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=riskScore+eq+'High'
 ```

 **Response:**

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -245,14 +249,14 @@ HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=riskScore+
 Get top 100 devices with 'HealthStatus' not equals to 'Active'

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 
+HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=healthStatus+ne+'Active'&$top=100 
 ```

 **Response:**

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -284,14 +288,14 @@ HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=healthStat
 Get all the devices that last seen after 2018-10-20

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen gt 2018-08-01Z
+HTTP GET  https://api.securitycenter.microsoft.com/api/machines?$filter=lastSeen gt 2018-08-01Z
 ```

 **Response:**

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
@ -323,14 +327,14 @@ HTTP GET  https://api.securitycenter.windows.com/api/machines?$filter=lastSeen g
 Get all the Anti-Virus scans that the user Analyst@examples.onmicrosoft.com created using Microsoft Defender for Endpoint

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
+HTTP GET  https://api.securitycenter.microsoft.com/api/machineactions?$filter=requestor eq 'Analyst@contoso.com' and type eq 'RunAntiVirusScan'
 ```

 **Response:**

 ```json
 json{
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
    "value": [
        {
            "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba",
@ -355,7 +359,7 @@ json{
 Get the count of open alerts for a specific device:

 ```http
-HTTP GET  https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'
+HTTP GET  https://api.securitycenter.microsoft.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'
 ```

 **Response:**
--- a/windows/security/threat-protection/microsoft-defender-atp/files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/files.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 Represent a file entity in Defender for Endpoint.

 ## Methods
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md
@ -21,9 +21,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Find a device by internal IP.

--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Find [Machines](machine.md) seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp.
@ -75,8 +79,6 @@ If the timestamp is not in the past 30 days - 400 Bad Request.

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
+GET https://api.securitycenter.microsoft.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2019-09-22T08:44:05Z)
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves specific [Alert](alerts.md) by its ID.
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves all domains related to a specific alert.
@ -72,10 +76,8 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains
+GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/domains
 ```

 **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/$metadata#Domains",
+    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Domains",
    "value": [
        {
            "host": "www.example.com"
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves all files related to a specific alert.
@ -72,10 +76,8 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files
+GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/files
 ```

 **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files",
    "value": [
        {
            "sha1": "f2a00fd2f2de1be0214b8529f1e9f67096c1aa70",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves all IPs related to a specific alert.
@ -73,10 +77,8 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips
+GET https://api.securitycenter.microsoft.com/alerts/636688558380765161_2136280442/ips
 ```

 **Response**
@ -88,7 +90,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/$metadata#Ips",    
+    "@odata.context": "https://api.securitycenter.microsoft.com/$metadata#Ips",    
 	"value": [
 				{
 					"id": "104.80.104.128"
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves [Device](machine.md) related to a specific alert.
@ -74,11 +78,8 @@ If successful and alert and device exist - 200 OK. If alert not found or device

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```
-GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/machine
+GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/machine
 ```

 **Response**
@ -90,7 +91,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines/$entity",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
    "computerDnsName": "mymachine1.contoso.com",
    "firstSeen": "2018-08-02T14:55:03.7791856Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves the User related to a specific alert.
@ -73,11 +77,8 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```
-GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/user
+GET https://api.securitycenter.microsoft.com/api/alerts/636688558380765161_2136280442/user
 ```

 **Response**
@ -89,7 +90,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "contoso\\user1",
    "accountName": "user1",
    "accountDomain": "contoso",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of Alerts.
@ -87,9 +91,6 @@ Here is an example of the request.
 GET https://api.securitycenter.microsoft.com/api/alerts
 ```

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 **Response**

 Here is an example of the response.
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md
@ -20,8 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of security recommendati
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/recommendations
+GET https://api.securitycenter.microsoft.com/api/recommendations
 ```

 **Response**
@ -71,7 +77,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
    "value": [
        {
            "id": "va-_-microsoft-_-windows_10",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md
@ -23,6 +23,13 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 Retrieves a list of all the vulnerabilities affecting the organization per [machine](machine.md) and [software](software.md).
 - If the vulnerability has a fixing KB, it will appear in the response.
 - Supports [OData V4 queries](https://www.odata.org/documentation/).
@ -65,7 +72,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/vulnerabilities/machinesVulnerabilities
+GET https://api.securitycenter.microsoft.com/api/vulnerabilities/machinesVulnerabilities
 ```

 **Response**
@ -75,7 +82,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicAssetVulnerabilityDto)",
    "value": [
        {
            "id": "5afa3afc92a7c63d4b70129e0a6f33f63a427e21-_-CVE-2020-6494-_-microsoft-_-edge_chromium-based-_-81.0.416.77-_-",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md
@ -20,8 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the list of vulnerabilities in th
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Vulnerabilities
+GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
 ```

 **Response**
@ -71,7 +77,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities",
    "value": [
        {
            "id": "CVE-2019-0608",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md
@ -23,9 +23,13 @@ ROBOTS: NOINDEX
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Retrieves a map of CVE's to KB's and CVE details.

--- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md
@ -23,11 +23,13 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

->[!NOTE]
->If you are a US Gov customer, please refer to API endpoints listed in [here](gov.md#api). 
-
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 Retrieves your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. 

 ## Permissions
@ -66,7 +68,7 @@ If successful, this method returns 200 OK, with the device secure score data in
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/configurationScore
+GET https://api.securitycenter.microsoft.com/api/configurationScore
 ```

 ### Response
@ -78,7 +80,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ConfigurationScore/$entity",
    "time": "2019-12-03T09:15:58.1665846Z",
    "score": 340
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md
@ -21,8 +21,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Retrieves a collection of discovered vulnerabilities related to a given device ID.

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
+GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
 ```

 ### Response
@ -71,7 +76,7 @@ Here is an example of the response.

 ```
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
    "value": [
        {
            "id": "CVE-2019-1348",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of [Alerts](alerts.md) related to a given domain address.
@ -74,8 +78,6 @@ If successful and domain exists - 200 OK with list of [alert](alerts.md) entitie

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```http
-GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts
+GET https://api.securitycenter.microsoft.com/api/domains/client.wns.windows.com/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
@ -21,10 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:** [Microsoft Defender for Endpoint(https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
@ -75,9 +79,6 @@ If successful and domain exists - 200 OK with list of [machine](machine.md) enti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```http
-GET https://api.securitycenter.windows.com/api/domains/api.securitycenter.windows.com/machines
+GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves the statistics on the given domain.
@ -71,10 +75,8 @@ If successful and domain exists - 200 OK, with statistics object in the response

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/domains/example.com/stats
+GET https://api.securitycenter.microsoft.com/api/domains/example.com/stats
 ```

 **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-	"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
+	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgDomainStats",
 	"host": "example.com",
    "orgPrevalence": "4070",
    "orgFirstSeen": "2017-07-30T13:23:48Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 [!include[Prerelease information](../../includes/prerelease.md)]

 Retrieves the organizational exposure score.
@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with the exposure data in the respons
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/exposureScore
+GET https://api.securitycenter.microsoft.com/api/exposureScore
 ```

 ### Response
@ -77,7 +82,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore/$entity",
    "time": "2019-12-03T07:23:53.280499Z",
    "score": 33.491554051195706
 }
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a [File](files.md) by identifier Sha1, or Sha256
@ -71,10 +75,8 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
+GET https://api.securitycenter.microsoft.com/api/files/4388963aaa83afe2042a46a3c017ad50bdcdafb3
 ```

 **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-	"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Files/$entity",
+	"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Files/$entity",
 	"sha1": "4388963aaa83afe2042a46a3c017ad50bdcdafb3",
 	"sha256": "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462",
 	"globalPrevalence": 180022,
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of alerts related to a given file hash.
@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
+GET https://api.securitycenter.microsoft.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of [Machines](machine.md) related to a given file hash.
@ -74,8 +78,6 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
+GET https://api.securitycenter.microsoft.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves the statistics for the given file.
@ -71,10 +75,8 @@ If successful and file exists - 200 OK with statistical data in the body. If fil

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
+GET https://api.securitycenter.microsoft.com/api/files/0991a395da64e1c5fbe8732ed11e6be064081d9f/stats
 ```

 **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats",
    "sha1": "0991a395da64e1c5fbe8732ed11e6be064081d9f",
    "orgPrevalence": "14850",
    "orgFirstSeen": "2019-12-07T13:44:16Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md
@ -20,8 +20,13 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the installed software informatio
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
+GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
 ```

 **Response**
@ -71,7 +76,7 @@ Here is an example of the response.

 ```
 {
-"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software",
+"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software",
 "value": [
        {
 "id": "microsoft-_-internet_explorer",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of [Investigations](investigation.md).
@ -54,7 +58,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/investigations
+GET https://api.securitycenter.microsoft.com/api/investigations
 ```

 ## Request headers
@ -71,30 +75,25 @@ Empty
 If successful, this method returns 200, Ok response code with a collection of [Investigations](investigation.md) entities.


-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ## Example

 **Request**

 Here is an example of a request to get all investigations: 

-
 ```
-GET https://api.securitycenter.windows.com/api/investigations
+GET https://api.securitycenter.microsoft.com/api/investigations
 ```

 **Response**

 Here is an example of the response:

-
 ```
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Investigations",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Investigations",
    "value": [
        {
            "id": "63017",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 ## API description
 Retrieves specific [Investigation](investigation.md) by its ID.
 <br> ID can be the investigation ID or the investigation triggering alert ID.
@ -50,7 +55,7 @@ Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/investigations/{id}
+GET https://api.securitycenter.microsoft.com/api/investigations/{id}
 ```

 ## Request headers
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -74,9 +78,6 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```
-GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/alerts
+GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -71,10 +75,8 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats
+GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats
 ```

 **Response**
@ -86,7 +88,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats",
    "ipAddress": "10.209.67.177",
    "orgPrevalence": "63515",
    "orgFirstSeen": "2017-07-30T13:36:06Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md
@ -23,9 +23,13 @@ ROBOTS: NOINDEX
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Retrieves a collection of KB's and KB details.

--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -77,10 +81,8 @@ If machine with the specified ID was not found - 404 Not Found.

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```http
-GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07
+GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07
 ```

 **Response**
@ -92,7 +94,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machine",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machine",
    "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
 	"computerDnsName": "mymachine1.contoso.com",
 	"firstSeen": "2018-08-02T14:55:03.7791856Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md
@ -23,7 +23,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -65,7 +70,7 @@ If successful, this method returns 200 OK, with a list of exposure score per dev
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups
+GET https://api.securitycenter.microsoft.com/api/exposureScore/ByMachineGroups
 ```

 ### Response
@ -75,7 +80,7 @@ Here is an example of the response.
 ```json

 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#ExposureScore",
    "value": [
        {
            "time": "2019-12-03T09:51:28.214338Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of logged on users on a specific device.
@ -73,10 +77,8 @@ If successful and device exists - 200 OK with list of [user](user.md) entities i

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```http
-GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers
+GET https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers
 ```

 **Response**
@ -88,7 +90,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users",
    "value": [
        {
            "id": "contoso\\user1",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -50,7 +54,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/machineactions/{id}
+GET https://api.securitycenter.microsoft.com/api/machineactions/{id}
 ```

 ## Request headers
@ -72,10 +76,8 @@ If successful, this method returns 200, Ok response code with a [Machine Action]

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
+GET https://api.securitycenter.microsoft.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
 ```

 **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
    "id": "5382f7ea-7557-4ab7-9782-d50480024a4e",
    "type": "Isolate",
 	"scope": "Selective",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -54,7 +58,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/machineactions
+GET https://api.securitycenter.microsoft.com/api/machineactions
 ```

 ## Request headers
@ -77,10 +81,8 @@ If successful, this method returns 200, Ok response code with a collection of [m

 Here is an example of the request on an organization that has three MachineActions.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/machineactions
+GET https://api.securitycenter.microsoft.com/api/machineactions
 ```

 **Response**
@ -92,7 +94,7 @@ Here is an example of the response.
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
    "value": [
        {
            "id": "69dc3630-1ccc-4342-acf3-35286eec741d",
@ -147,20 +149,18 @@ Content-type: application/json
 Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions.

 ```
-GET https://api.securitycenter.windows.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2
+GET https://api.securitycenter.microsoft.com/api/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2
 ```

 **Response**

 Here is an example of the response.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineActions",
    "value": [
        {
            "id": "69dc3630-1ccc-4342-acf3-35286eec741d",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md
@ -23,9 +23,14 @@ ms.date: 10/07/2018
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 Retrieves a collection of RBAC device groups.

--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md
@ -21,9 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK and a list of devices with the softwar
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences
+GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/machineReferences
 ```

 **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
 ```json

 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
    "value": [
        {
            "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md
@ -20,9 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences
+GET https://api.securitycenter.microsoft.com/api/vulnerabilities/CVE-2019-0608/machineReferences
 ```

 **Response**
@ -72,7 +77,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
    "value": [
        {
            "id": "235a2e6278c63fcf85bab9c370396972c58843de",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -56,7 +60,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
 ## HTTP request

 ```http
-GET https://api.securitycenter.windows.com/api/machines
+GET https://api.securitycenter.microsoft.com/api/machines
 ```

 ## Request headers
@ -79,11 +83,8 @@ If successful and machines exists - 200 OK with list of [machine](machine.md) en

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```http
-GET https://api.securitycenter.windows.com/api/machines
+GET https://api.securitycenter.microsoft.com/api/machines
 ```

 **Response**
@ -94,7 +95,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Machines",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Machines",
    "value": [
        {
            "id": "1e5bc9d7e413ddd7902c2932e418702b84d0cc07",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md
@ -22,9 +22,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Retrieves a collection of devices security states.

--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
 Retrieves missing KBs (security updates) by device ID

 ## HTTP request
@ -54,7 +58,7 @@ If successful, this method returns 200 OK, with the specified device missing kb
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
+GET https://api.securitycenter.microsoft.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs 
 ```

 ### Response
--- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md
@ -23,7 +23,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 Retrieves missing KBs (security updates) by software ID

@ -63,7 +68,7 @@ If successful, this method returns 200 OK, with the specified software missing k
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs
+GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/getmissingkbs
 ```

 ### Response
--- a/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -45,7 +49,7 @@ Delegated (work or school account) | Machine.CollectForensics |	'Collect forensi

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/machineactions/{machine action id}/getPackageUri
+GET https://api.securitycenter.microsoft.com/api/machineactions/{machine action id}/getPackageUri
 ```

 ## Request headers
@ -69,7 +73,7 @@ If successful, this method returns 200, Ok response code with object that holds
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
+GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri

 ```

@ -77,15 +81,12 @@ GET https://api.securitycenter.windows.com/api/machineactions/7327b54fd718525cbc

 Here is an example of the response.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```
 HTTP/1.1 200 Ok
 Content-type: application/json

 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.String",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Edm.String",
    "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\""
 }

--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md
@ -22,6 +22,13 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 [!include[Prerelease information](../../includes/prerelease.md)]

 Retrieves a security recommendation by its ID.
@ -60,7 +67,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome
+GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome
 ```

 **Response**
@ -69,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations/$entity",
    "id": "va-_-google-_-chrome",
    "productName": "chrome",
    "recommendationName": "Update Chrome",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md
@ -20,9 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the list of devices associated wi
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences
+GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/machineReferences
 ```

 **Response**
@ -71,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#MachineReferences",
    "value": [
        {
            "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md
@ -20,9 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the software associated with the
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software 
+GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/software 
 ```

 **Response**
@ -71,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
    "id": "google-_-chrome",
    "name": "chrome",
    "vendor": "google",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md
@ -20,9 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK, with the list of vulnerabilities asso
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
+GET https://api.securitycenter.microsoft.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
 ```

 **Response**
@ -71,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
    "value": [
        {
            "id": "CVE-2019-13748",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md
@ -20,9 +20,13 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +66,7 @@ If successful, this method returns 200 OK with the security recommendations in t
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
+GET https://api.securitycenter.microsoft.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
 ```

 **Response**
@ -72,7 +76,7 @@ Here is an example of the response.

 ```
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
    "value": [
        {
            "id": "va-_-git-scm-_-git",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md
@ -21,9 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with the specified software data in th
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge
+GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge
 ```

 **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
 ```json

 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software/$entity",
    "id": "microsoft-_-edge",
    "name": "edge",
    "vendor": "microsoft",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md
@ -21,9 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a list of software distributions
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions
+GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/distributions
 ```

 **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
 ```json

 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Distributions",
    "value": [
        {
            "version": "11.0.17134.1039",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md
@ -23,7 +23,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 Retrieves the organization software inventory.

@ -61,7 +66,7 @@ If successful, this method returns 200 OK with the software inventory in the bod
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software
+GET https://api.securitycenter.microsoft.com/api/Software
 ```

 **Response**
@ -71,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Software",
    "value": [
 			{
 				"id": "microsoft-_-edge",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Retrieves a collection of all active [Indicators](ti-indicator.md).
@ -48,11 +52,9 @@ Delegated (work or school account) |	Ti.ReadWrite |	'Read and write Indicators'

 ## HTTP request
 ```
-GET https://api.securitycenter.windows.com/api/indicators
+GET https://api.securitycenter.microsoft.com/api/indicators
 ```

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ## Request headers

 Name | Type | Description
@ -76,7 +78,7 @@ If successful, this method returns 200, Ok response code with a collection of [I
 Here is an example of a request that gets all Indicators

 ```
-GET https://api.securitycenter.windows.com/api/indicators
+GET https://api.securitycenter.microsoft.com/api/indicators
 ```

 **Response**
@ -87,7 +89,7 @@ Here is an example of the response.
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
        {
 			"id": "995",
@ -139,7 +141,7 @@ Content-type: application/json
 Here is an example of a request that gets all Indicators with 'AlertAndBlock' action 

 ```
-GET https://api.securitycenter.windows.com/api/indicators?$filter=action+eq+'AlertAndBlock'
+GET https://api.securitycenter.microsoft.com/api/indicators?$filter=action+eq+'AlertAndBlock'
 ```

 **Response**
@ -150,7 +152,7 @@ Here is an example of the response.
 HTTP/1.1 200 Ok
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Indicators",
    "value": [
        {
 			"id": "997",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md
@ -20,8 +20,13 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 Retrieve a User entity by key (user name).
@ -58,10 +63,8 @@ If successful and user exists - 200 OK with [user](user.md) entity in the body.

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/users/user1
+GET https://api.securitycenter.microsoft.com/api/users/user1
 Content-type: application/json
 ```

@ -74,7 +77,7 @@ Here is an example of the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 {
-    "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Users/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Users/$entity",
    "id": "user1",
    "firstSeen": "2018-08-02T00:00:00Z",
    "lastSeen": "2018-08-04T00:00:00Z",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -76,8 +80,6 @@ If successful and user exists - 200 OK. If the user does not exist - 404 Not Fou

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/users/user1/alerts
+GET https://api.securitycenter.microsoft.com/api/users/user1/alerts
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -77,8 +81,6 @@ If successful and user exists - 200 OK with list of [machine](machine.md) entiti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-GET https://api.securitycenter.windows.com/api/users/user1/machines
+GET https://api.securitycenter.microsoft.com/api/users/user1/machines
 ```
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md
@ -21,9 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -62,7 +67,7 @@ If successful, this method returns 200 OK with a a list of vulnerabilities expos
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities 
+GET https://api.securitycenter.microsoft.com/api/Software/microsoft-_-edge/vulnerabilities 
 ```

 **Response**
@ -72,7 +77,7 @@ Here is an example of the response.
 ```json

 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
    "value": [
 			{
 				"id": "CVE-2017-0140",
--- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md
@ -20,8 +20,14 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 [!include[Prerelease information](../../includes/prerelease.md)]

@ -61,7 +67,7 @@ If successful, this method returns 200 OK with the vulnerability information in
 Here is an example of the request.

 ```
-GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608
+GET https://api.securitycenter.microsoft.com/api/Vulnerabilities/CVE-2019-0608
 ```

 **Response**
@ -70,7 +76,7 @@ Here is an example of the response.

 ```json
 {
-    "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity",
+    "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities/$entity",
    "id": "CVE-2019-0608",
    "name": "CVE-2019-0608",
    "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@ -109,7 +109,8 @@ Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com``


 ## API
-Login endpoint: ```https://login.microsoftonline.us```
-Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us```
+- Login endpoint: ```https://login.microsoftonline.us```
+
+- Microsoft Defender for Endpoint API endpoint: ```https://api-gov.securitycenter.microsoft.us```


--- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -79,8 +83,6 @@ If successful, this method returns 201 - Created response code and [Investigatio

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
 POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation
 Content-type: application/json
--- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md
@ -25,7 +25,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 Represent an Automated Investigation entity in Defender for Endpoint.
 <br> See [Overview of automated investigations](automated-investigations.md) for more information.
--- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -52,7 +56,7 @@ Delegated (work or school account) | Machine.Isolate |	'Isolate machine'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/isolate
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/isolate
 ```

 ## Request headers
@ -85,10 +89,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```console
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate
 Content-type: application/json
 {
  "Comment": "Isolate machine due to alert 1234",
--- a/windows/security/threat-protection/microsoft-defender-atp/machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
 [!include[Prerelease information](../../includes/prerelease.md)]

 ## Methods
--- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 - For more information, see [Response Actions](respond-machine-alerts.md). 

 | Method                                                            | Return Type                        | Description                                                 |
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -55,7 +59,7 @@ Delegated (work or school account) |	Machine.Offboard |	'Offboard machine'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/offboard
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/offboard
 ```

 ## Request headers
@ -82,10 +86,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/offboard
 Content-type: application/json
 {
  "Comment": "Offboard machine by automation"
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md
@ -22,8 +22,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. 

@ -56,7 +62,7 @@ You'll need to have access to:
 5. Enter the following HTTP fields:

   - Method: "GET" as a value to get the list of devices.
-   - URI: Enter `https://api.securitycenter.windows.com/api/machines`.
+   - URI: Enter `https://api.securitycenter.microsoft.com/api/machines`.
   - Authentication: Select "Active Directory OAuth".
   - Tenant: Sign-in to https://portal.azure.com and navigate to **Azure Active Directory > App Registrations** and get the Tenant ID value.
   - Audience: `https://securitycenter.onmicrosoft.com/windowsatpservice\`
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@ -21,9 +21,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -47,12 +51,9 @@ Delegated (work or school account) |	Ti.ReadWrite |	'Read and write Indicators'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/indicators
+POST https://api.securitycenter.microsoft.com/api/indicators
 ```

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ## Request headers

 Name | Type | Description
@ -88,7 +89,7 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
 Here is an example of the request.

 ```
-POST https://api.securitycenter.windows.com/api/indicators
+POST https://api.securitycenter.microsoft.com/api/indicators
 Content-type: application/json
 {
    "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@ -22,12 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

-
-
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

 >[!Note]
 >- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
@ -203,7 +200,7 @@ Here is an example return value:
 The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender for Endpoint SIEM API.

 ```csharp
-AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
+AuthenticationContext context = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantId));
 ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret);
 AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult();
 ```
@ -218,7 +215,7 @@ $appId = '' ### Paste your Application ID here
 $appSecret = '' ### Paste your Application secret here

 $resourceAppIdUri = 'https://graph.windows.net'
-$oAuthUri = "https://login.windows.net/$tenantId/oauth2/token"
+$oAuthUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
 $authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -237,7 +234,7 @@ tenantId='' ### Paste your tenant ID here
 appId='' ### Paste your Application ID here
 appSecret='' ### Paste your Application secret here
 resourceAppIdUri='https://graph.windows.net'
-oAuthUri="https://login.windows.net/$tenantId/oauth2/token"
+oAuthUri="https://login.microsoftonline.com/$tenantId/oauth2/token"
 scriptDir=$(pwd)

 apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\
--- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md
@ -23,7 +23,12 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 [!include[Prerelease information](../../includes/prerelease.md)]

--- a/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/restrictCodeExecution
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/restrictCodeExecution
 ```

 ## Request headers
@ -79,7 +83,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.

 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution 
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/restrictCodeExecution 
 Content-type: application/json
 {
  "Comment": "Restrict code execution due to alert 1234"
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md
@ -24,7 +24,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 ## Limitations
 1. You can only run a query on data from the last 30 days.
@ -50,7 +54,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/advancedqueries/run
+POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
 ```

 ## Request headers
@ -77,11 +81,8 @@ Request

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
-
 ```
-POST https://api.securitycenter.windows.com/api/advancedqueries/run
+POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
 Content-type: application/json
 {
 	"Query":"DeviceProcessEvents  
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md
@ -21,9 +21,13 @@ ms.topic: article

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]

-**Applies to:**
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Run advanced queries using PowerShell, see [Advanced Hunting API](run-advanced-query-api.md).

@ -51,8 +55,8 @@ $tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID he
 $appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here
 $appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here

-$resourceAppIdUri = 'https://api.securitycenter.windows.com'
-$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
+$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
 $body = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
@ -75,7 +79,7 @@ Run the following query:
 ```
 $query = 'RegistryEvents | limit 10' # Paste your own query here

-$url = "https://api.securitycenter.windows.com/api/advancedqueries/run"
+$url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
 $headers = @{ 
    'Content-Type' = 'application/json'
    Accept = 'application/json'
--- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md
@ -22,9 +22,13 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]

 Run advanced queries using Python, see [Advanced Hunting API](run-advanced-query-api.md).

@ -46,9 +50,9 @@ tenantId = '00000000-0000-0000-0000-000000000000' # Paste your own tenant ID her
 appId = '11111111-1111-1111-1111-111111111111' # Paste your own app ID here
 appSecret = '22222222-2222-2222-2222-222222222222' # Paste your own app secret here

-url = "https://login.windows.net/%s/oauth2/token" % (tenantId)
+url = "https://login.microsoftonline.com/%s/oauth2/token" % (tenantId)

-resourceAppIdUri = 'https://api.securitycenter.windows.com'
+resourceAppIdUri = 'https://api.securitycenter.microsoft.com'

 body = {
    'resource' : resourceAppIdUri,
@ -78,7 +82,7 @@ where
 ```
 query = 'RegistryEvents | limit 10' # Paste your own query here

-url = "https://api.securitycenter.windows.com/api/advancedqueries/run"
+url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
 headers = { 
 	'Content-Type' : 'application/json',
 	'Accept' : 'application/json',
--- a/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md
@ -23,7 +23,11 @@ ms.topic: article

 **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]


 ## API description
@ -51,7 +55,7 @@ Delegated (work or school account) |	Machine.Scan |	'Scan machine'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/runAntiVirusScan
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/runAntiVirusScan
 ```

 ## Request headers
@ -87,7 +91,7 @@ If successful, this method returns 201, Created response code and _MachineAction
 Here is an example of the request.

 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan 
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/runAntiVirusScan 
 Content-type: application/json
 {
  "Comment": "Check machine for viruses due to alert 3212",
--- a/windows/security/threat-protection/microsoft-defender-atp/score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/score.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 [!include[Prerelease information](../../includes/prerelease.md)]

 ## Methods
--- a/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/set-device-value.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 ## API description

 Set the device value of a specific [Machine](machine.md).<br>
--- a/windows/security/threat-protection/microsoft-defender-atp/software.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/software.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 [!include[Prerelease information](../../includes/prerelease.md)]

 ## Methods
--- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Stop execution of a file on a device and delete it.
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.StopAndQuarantine | 'Stop And Quara

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/StopAndQuarantineFile
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/StopAndQuarantineFile
 ```

 ## Request headers
@ -80,7 +84,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
 Here is an example of the request.

 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/StopAndQuarantineFile 
 Content-type: application/json
 {
  "Comment": "Stop and quarantine file on machine due to alert 441688558380765161_2136280442",
--- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@ -25,6 +25,11 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
 - See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. 

 Method|Return Type |Description
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md
@ -22,9 +22,9 @@ ms.topic: troubleshooting
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-**Applies to:**
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 


 >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink)
@ -78,8 +78,8 @@ You'll need to allow the `securitycenter.windows.com` and all subdomains under i
 ## Portal communication issues
 If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are allowed and open for communication.

- `*.blob.core.windows.net 
-crl.microsoft.com`
+- `*.blob.core.windows.net`
+- `crl.microsoft.com`
 - `https://*.microsoftonline-p.com`
 - `https://*.securitycenter.windows.com` 
 - `https://automatediracs-eus-prd.securitycenter.windows.com`
--- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md
@ -26,6 +26,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Undo isolation of a device.
@ -52,7 +56,7 @@ Delegated (work or school account) |	Machine.Isolate |	'Isolate machine'

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/unisolate
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/unisolate
 ```

 ## Request headers
@ -80,10 +84,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unisolate 
 Content-type: application/json
 {
  "Comment": "Unisolate machine since it was clean and validated"
--- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md
@ -25,6 +25,10 @@ ms.topic: article

 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 

+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+

 ## API description
 Enable execution of any application on the device.
@ -51,7 +55,7 @@ Delegated (work or school account) | Machine.RestrictExecution | 'Restrict code

 ## HTTP request
 ```
-POST https://api.securitycenter.windows.com/api/machines/{id}/unrestrictCodeExecution
+POST https://api.securitycenter.microsoft.com/api/machines/{id}/unrestrictCodeExecution
 ```

 ## Request headers
@ -77,10 +81,8 @@ If successful, this method returns 201 - Created response code and [Machine Acti

 Here is an example of the request.

-[!include[Improve request performance](../../includes/improve-request-performance.md)]
-
 ```
-POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
+POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/unrestrictCodeExecution 
 Content-type: application/json
 {
  "Comment": "Unrestrict code execution since machine was cleaned and validated"
--- a/Show More
+++ b/Show More