Merge branch 'master' into whfbtroubleshoot

windows/security/threat-protection/microsoft-defender-atp/gov.md

@@ -91,10 +91,11 @@ Defender for Endpoint GCC High specific | `winatp-gw-usgt.microsoft.com`<br>`win
 ## API
 Instead of the public URIs listed in our [API documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro), you'll need to use the following URIs:
 
-Environment | Login endpoint | Defender for Endpoint API endpoint
+Endpoint type | GCC | GCC High
 :---|:---|:---
-GCC | `https://login.microsoftonline.com` | `https://api-gcc.securitycenter.microsoft.us`
+Login | `https://login.microsoftonline.com` | `https://login.microsoftonline.us`
-GCC High | `https://login.microsoftonline.us` | `https://api-gov.securitycenter.microsoft.us`
+Defender for Endpoint API | `https://api-gcc.securitycenter.microsoft.us` | `https://api-gov.securitycenter.microsoft.us`
+SIEM | Rolling out | `https://wdatp-alertexporter-us.securitycenter.windows.us`
 
 <br>
 

windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md

@@ -1,5 +1,5 @@
 ---
-title: Minimum requirements for Microsoft Defender ATP
+title: Minimum requirements for Microsoft Defender for Endpoint
 description: Understand the licensing requirements and requirements for onboarding devices to the service
 keywords: minimum requirements, licensing, comparison table
 search.product: eADQiWindows 10XVcnh
@@ -42,15 +42,16 @@ Microsoft Defender for Endpoint requires one of the following Microsoft volume l
 - Microsoft 365 A5 (M365 A5)
 - Microsoft 365 E5 Security
 - Microsoft 365 A5 Security
+- Microsoft Defender for Endpoint
 
 > [!NOTE]
 > Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices.
 > Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP).
 
-Microsoft Defender for Endpoint, on Windows Server, requires one of the following licensing options:
+Microsoft Defender for Endpoint for servers requires one of the following licensing options:
 
 - [Azure Security Center with Azure Defender enabled](https://docs.microsoft.com/azure/security-center/security-center-pricing)
-- Defender for Endpoint for Servers (one per covered server)
+- Microsoft Defender for Endpoint for Server (one per covered server)
 
 > [!NOTE]
 > Customers may acquire server licenses (one per covered server Operating System Environment (OSE)) for Microsoft Defender for Endpoint for Servers if they have a combined minimum of 50 licenses for one or more of the following user licenses:

windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md

@@ -1,6 +1,6 @@
 ---
-title: Pull Microsoft Defender ATP detections using REST API
+title: Pull Microsoft Defender for Endpoint detections using REST API
-description: Learn how call an Microsoft Defender ATP endpoint to pull detections in JSON format using the SIEM REST API.
+description: Learn how call an Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
 keywords: detections, pull detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -26,6 +26,8 @@ ms.topic: article
 
 - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
 >[!Note]
 >- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
 >- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.