updates

Author: DebLanger

ATADocs/docfx.json

@@ -46,7 +46,10 @@
       "layout": "Conceptual",
       "breadcrumb_path": "/advanced-threat-analytics/bread/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "searchScope": ["ATA"]
+      "searchScope": ["ATA"],
+      "contributors_to_exclude": [
+        "beccarobins"
+      ]
     },
     "markdownEngineName": "markdig"
   }

CloudAppSecurityDocs/docfx.json

@@ -42,7 +42,10 @@
       "ms.author": "bagol",
       "ms.collection": "M365-security-compliance",
       "ms.service": "defender-for-cloud-apps",
-      "ms.suite": "ems"
+      "ms.suite": "ems",
+      "contributors_to_exclude": [
+        "beccarobins"
+      ]
     },
     "fileMetadata": {},
     "template": [],

CloudAppSecurityDocs/ops-guide/ops-guide-daily.md

@@ -13,7 +13,7 @@ This article lists daily operational activities that we recommend you perform wi
 
 Alerts and incidents are two of the most important items your security operations (SOC) team should be reviewing on a daily basis.
 
-- Triage incidents and alerts regularly from the [incidents queue](https://security.microsoft.com/incidents-queue) in Microsoft Defender XDR, prioritizing high and medium severity alerts.
+- Triage incidents and alerts regularly from the [incidents queue](https://security.microsoft.com/incidents) in Microsoft Defender XDR, prioritizing high and medium severity alerts.
 
 - If you're working with a SIEM system, your SIEM system is usually the first stop for triage. SIEM systems provide more context with extra logs and SOAR functionality. Then, use Microsoft Defender XDR for a deeper understanding of an alert or incident timeline.
 

defender-business/docfx.json

@@ -59,7 +59,8 @@
         "v-stchambers",
         "Stacyrch140",
         "garycentric",
-        "alekyaj"
+        "alekyaj",
+        "beccarobins"
       ]
     },
     "fileMetadata": {},

defender-endpoint/TOC.yml

@@ -11,7 +11,7 @@
     - name: Trial user guide - Microsoft Defender for Endpoint
       href: defender-endpoint-trial-user-guide.md
     - name: Pilot and deploy Defender for Endpoint
-      href: /defender-xdr/pilot-deploy-defender-endpoint?toc=/defender-xdr/TOC.json&bc=/defender-xdr/breadcrumb/toc.json
+      href: /defender-xdr/pilot-deploy-defender-endpoint?toc=/defender-endpoint/TOC.json&bc=/defender-endpoint/breadcrumb/toc.json
     - name: Minimum requirements
       href: minimum-requirements.md
     - name: Supported Microsoft Defender for Endpoint capabilities by platform

defender-endpoint/api/get-domain-related-machines.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 11/03/2024
 ---
 
 # Get domain-related machines API
@@ -38,27 +38,26 @@ ms.date: 12/18/2020
 Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
 
 ## Limitations
-
-1. You can query on devices last updated according to your configured retention period.
-2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
+ 
+- You can query on devices last updated according to your configured retention period.
+- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
+- Responses are limited to 500 devices in results.
 
 ## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
-Permission type|Permission|Permission display name
-:---|:---|:---
-Application|Machine.Read.All|'Read all machine profiles'
-Application|Machine.ReadWrite.All|'Read and write all machine information'
-Delegated (work or school account)|Machine.Read|'Read machine information'
-Delegated (work or school account)|Machine.ReadWrite|'Read and write machine information'
+|Permission type|Permission|Permission display name|
+|:---|:---|:---|
+|Application|`Machine.Read.All`|`Read all machine profiles`|
+|Application|`Machine.ReadWrite.All`|`Read and write all machine information`|
+|Delegated (work or school account)|`Machine.Read`|`Read machine information`|
+|Delegated (work or school account)|`Machine.ReadWrite`|`Read and write machine information`|
 
 > [!NOTE]
 > When obtaining a token using user credentials:
->
-> - The user needs to have at least the following role permission: 'View Data' (For more information, see [Create and manage roles](../user-roles.md)
-> - Response will include only devices that the user can access, based on device group settings (For more information, see [Create and manage device groups](../machine-groups.md)
->
+> - The user must have at least the following role permission: `View Data`. For more information, see [Create and manage roles](../user-roles.md).
+> - Responses include only devices that the user can access, based on device group settings. For more information, see [Create and manage device groups](../machine-groups.md).
 > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
 
 ## HTTP request
@@ -69,17 +68,21 @@ GET /api/domains/{domain}/machines
 
 ## Request headers
 
-Name|Type|Description
-:---|:---|:---
-Authorization|String|Bearer {token}. **Required**.
+|Name|Type|Description|
+|:---|:---|:---|
+|Authorization|String|`Bearer {token}`. <br/> **Required**.|
 
 ## Request body
 
 Empty
 
 ## Response
 
-If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain doesn't exist - 200 OK with an empty set.
+If successful, and the domain exists: 
+- 200 OK with list of [machine](machine.md) entities 
+
+If domain doesn't exist:
+- 200 OK with an empty set
 
 ## Example
 
@@ -90,4 +93,5 @@ Here's an example of the request.
 ```http
 GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines
 ```
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]