api update

windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Prevent a file from being executed in the organization using Windows Defender.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Collect investigation package from a machine.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Get MachineAction object
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Get MachineAction object
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Get a Uri that allows downloading an investigation package.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Isolates a machine from accessing external network.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. 
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -111,6 +111,7 @@ This feature is designed to prevent suspected malware (or potentially malicious
 
 
     The Action center shows the submission information:
+
     ![Image of block file](images/atp-blockfile.png)
 
   - **Submission time** - Shows when the action was submitted. <br>
@@ -233,4 +234,4 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
 > If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
 
 ## Related topics
-– [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)

windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md

@@ -117,6 +117,11 @@ The action to restrict an application from running applies a code integrity poli
 When the application execution restriction configuration is applied, a new event is reflected in the machine timeline.
 
 
+**Notification on machine user**:</br>
+When an app is restricted, the following notification is displayed to inform the user that an app is being restricted from running:
+
+![Image of app restriction](images/atp-app-restriction.png) 
+
 ## Remove app restriction 
 Depending on the severity of the attack and the state of the machine, you can choose to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated.
 

windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Restrict execution of set of predefined applications.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Initiate Windows Defender Antivirus scan on the machine.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md

@@ -87,7 +87,7 @@ You can take the following actions to increase the overall security score of you
 > For the Windows Defender Antivirus properties to show,  you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint. 
 
 - Fix antivirus reporting
-  - This recommendation is displayed when the Windows Defender Antivirus configuration on a machines is not properly configured. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
+  - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
 - Turn on antivirus
 - Update antivirus definitions
 - Turn on cloud-based protection

windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Stop execution of a file on a machine and ensure it’s not executed again on that machine.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Allow a file to be executed in the organization, using Windows Defender.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Remove machine from isolation.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```

windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md

@@ -17,7 +17,7 @@ ms.date: 09/01.2017
 Remove code execution restriction.
 
 ## Permissions
-User needs to have “secop” permissions.
+Users need to have Security administrator or Global admin directory roles.
 
 ## HTTP request
 ```