updating download wmi + next steps

Shereen-Bhar · Shereen-Bhar · commit 54c9a513409b · 2023-04-19T15:57:46.000+03:00
diff --git a/articles/defender-for-iot/organizations/configure-windows-endpoint-monitoring.md b/articles/defender-for-iot/organizations/configure-windows-endpoint-monitoring.md
@@ -177,6 +177,7 @@ If you'll be using a non-admin account to run your WEM scans, this procedure is
 
 For more information, see:
 
+- [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md)
 - [View your device inventory from a sensor console](how-to-investigate-sensor-detections-in-a-device-inventory.md)
 - [View your device inventory from the Azure portal](how-to-manage-device-inventory-for-organizations.md)
 - [Configure active monitoring for OT networks](configure-active-monitoring.md)
diff --git a/articles/defender-for-iot/organizations/detect-windows-endpoints-script.md b/articles/defender-for-iot/organizations/detect-windows-endpoints-script.md
@@ -64,7 +64,7 @@ The script detects enriched Windows data, and is run as a utility and not an ins
 
 1. Run the `run.bat` file.
 
-    After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the system name, date, and time of the snapshot with the following syntax: `CX-snaphot_SystemName_Month_Year_Time`
+    After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
 
 Files generated by the script include:
 
@@ -88,21 +88,9 @@ After having run the script as described [earlier](#download-and-run-the-script)
 
     :::image type="content" source="media/detect-windows-endpoints-script/import-wmi-script.png" alt-text="Screenshot of where to import WMI script." lightbox="media/detect-windows-endpoints-script/import-wmi-script.png":::
 
-1. Select **Close**. The device registry information is imported and a successful confirmation message is shown.
-
-    If there's a problem uploading one of the files, you'll be informed which file upload failed.
-
-## Offline WMI
-
-To preform offline WMI:
-
-1. [Download the script](#download-and-run-the-script), then extract it.
+## View devices applications report
 
-1. Run `run.bat` as administrator directly on the Windows endpoint.
-
-    After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
-
-1. [Import](#import-device-details) the received output file to the sensor.
+After [downloading and running](#download-and-run-the-script) the script, then [importing](#import-device-details) the generated data to your sensor, you can view your devices applications with a custom data mining report.
 
 **To view the devices applications:**
 
@@ -112,6 +100,8 @@ To preform offline WMI:
 
     :::image type="content" source="media/detect-windows-endpoints-script/devices-applications-report.png" alt-text="Screenshot of creating devices applications custom report." lightbox="media/detect-windows-endpoints-script/devices-applications-report.png":::
 
+1. Your devices applications report is shown in the **My reports** area.
+
 Based on this information, the Windows device CVE list will be displayed in Azure if the sensor is cloud-connected.
 
 ## Next steps
