diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md
index 85e190979f..c7bc773f92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md
@@ -91,10 +91,11 @@ Defender for Endpoint GCC High specific | `winatp-gw-usgt.microsoft.com`
`win
## API
Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro), you'll need to use the following URIs:
-Environment | Login endpoint | Defender for Endpoint API endpoint
+Endpoint type | GCC | GCC High
:---|:---|:---
-GCC | `https://login.microsoftonline.com` | `https://api-gcc.securitycenter.microsoft.us`
-GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter.microsoft.us`
+Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
+Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
+SIEM | Rolling out | `https://wdatp-alertexporter-us.securitycenter.windows.us`
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index 7e1c5f470f..be00d43191 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -1,5 +1,5 @@
---
-title: Minimum requirements for Microsoft Defender ATP
+title: Minimum requirements for Microsoft Defender for Endpoint
description: Understand the licensing requirements and requirements for onboarding devices to the service
keywords: minimum requirements, licensing, comparison table
search.product: eADQiWindows 10XVcnh
@@ -42,15 +42,16 @@ Microsoft Defender for Endpoint requires one of the following Microsoft volume l
- Microsoft 365 A5 (M365 A5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 Security
+- Microsoft Defender for Endpoint
> [!NOTE]
> Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices.
> Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP).
-Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options:
+Microsoft Defender for Endpoint for servers requires one of the following licensing options:
- [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Defender for Endpoint for Servers (one per covered server)
+- Microsoft Defender for Endpoint for Server (one per covered server)
> [!NOTE]
> Customers may acquire server licenses (one per covered server Operating System Environment (OSE)) for Microsoft Defender for Endpoint for Servers if they have a combined minimum of 50 licenses for one or more of the following user licenses:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 9587df251a..ad55a65531 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
---
-title: Pull Microsoft Defender ATP detections using REST API
-description: Learn how call an Microsoft Defender ATP endpoint to pull detections in JSON format using the SIEM REST API.
+title: Pull Microsoft Defender for Endpoint detections using REST API
+description: Learn how call an Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
keywords: detections, pull detections, rest api, request, response
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@@ -26,6 +26,8 @@ ms.topic: article
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
>[!Note]
>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.