Merging changes synced from https://github.com/MicrosoftDocs/defender-docs-pr (branch live)

Learn Build Service GitHub App · Learn Build Service GitHub App · commit 99dc02a09fe5 · 2024-11-04T18:37:59.000Z
diff --git a/defender-endpoint/api/get-domain-related-machines.md b/defender-endpoint/api/get-domain-related-machines.md
@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 11/03/2024
 ---
 
 # Get domain-related machines API
@@ -38,27 +38,26 @@ ms.date: 12/18/2020
 Retrieves a collection of [Machines](machine.md) that have communicated to or from a given domain address.
 
 ## Limitations
-
-1. You can query on devices last updated according to your configured retention period.
-2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
+ 
+- You can query on devices last updated according to your configured retention period.
+- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
+- Responses are limited to 500 devices in results.
 
 ## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
-Permission type|Permission|Permission display name
-:---|:---|:---
-Application|Machine.Read.All|'Read all machine profiles'
-Application|Machine.ReadWrite.All|'Read and write all machine information'
-Delegated (work or school account)|Machine.Read|'Read machine information'
-Delegated (work or school account)|Machine.ReadWrite|'Read and write machine information'
+|Permission type|Permission|Permission display name|
+|:---|:---|:---|
+|Application|`Machine.Read.All`|`Read all machine profiles`|
+|Application|`Machine.ReadWrite.All`|`Read and write all machine information`|
+|Delegated (work or school account)|`Machine.Read`|`Read machine information`|
+|Delegated (work or school account)|`Machine.ReadWrite`|`Read and write machine information`|
 
 > [!NOTE]
 > When obtaining a token using user credentials:
->
-> - The user needs to have at least the following role permission: 'View Data' (For more information, see [Create and manage roles](../user-roles.md)
-> - Response will include only devices that the user can access, based on device group settings (For more information, see [Create and manage device groups](../machine-groups.md)
->
+> - The user must have at least the following role permission: `View Data`. For more information, see [Create and manage roles](../user-roles.md).
+> - Responses include only devices that the user can access, based on device group settings. For more information, see [Create and manage device groups](../machine-groups.md).
 > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
 
 ## HTTP request
@@ -69,17 +68,21 @@ GET /api/domains/{domain}/machines
 
 ## Request headers
 
-Name|Type|Description
-:---|:---|:---
-Authorization|String|Bearer {token}. **Required**.
+|Name|Type|Description|
+|:---|:---|:---|
+|Authorization|String|`Bearer {token}`. <br/> **Required**.|
 
 ## Request body
 
 Empty
 
 ## Response
 
-If successful and domain exists - 200 OK with list of [machine](machine.md) entities. If domain doesn't exist - 200 OK with an empty set.
+If successful, and the domain exists: 
+- 200 OK with list of [machine](machine.md) entities 
+
+If domain doesn't exist:
+- 200 OK with an empty set
 
 ## Example
 
@@ -90,4 +93,5 @@ Here's an example of the request.
 ```http
 GET https://api.securitycenter.microsoft.com/api/domains/api.securitycenter.microsoft.com/machines
 ```
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]
diff --git a/defender-xdr/supported-event-types.md b/defender-xdr/supported-event-types.md
@@ -43,6 +43,9 @@ The following table only includes the list of the tables supported in the stream
 |----|----|----|----|----|
 | **[AlertEvidence](advanced-hunting-alertevidence-table.md)** | GA | GA | GA | GA |
 | **[AlertInfo](advanced-hunting-alertinfo-table.md)** | GA | GA | GA | GA |
+| **[BehaviorEntities](advanced-hunting-behaviorentities-table.md)**|Public preview |Not available |Not available  |Not available  |
+| **[BehaviorInfo](advanced-hunting-behaviorinfo-table.md)**|Public preview |Not available |Not available  |Not available |
+| **[CloudAppEvents](advanced-hunting-cloudappevents-table.md)**|GA |GA |GA |GA |
 | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** |GA | GA | GA | GA |
 | **[DeviceFileCertificateInfo](advanced-hunting-DeviceFileCertificateInfo-table.md)** |GA | GA | GA | GA |
 | **[DeviceFileEvents](advanced-hunting-devicefileevents-table.md)** | GA | GA | GA | GA |
@@ -60,7 +63,6 @@ The following table only includes the list of the tables supported in the stream
 | **[IdentityLogonEvents](advanced-hunting-identitylogonevents-table.md)**|GA |GA |GA |GA |
 | **[IdentityQueryEvents](advanced-hunting-identityqueryevents-table.md)**|GA |GA |GA |GA |
 | **[IdentityDirectoryEvents](advanced-hunting-identitydirectoryevents-table.md)**|GA |GA |GA |GA |
-| **[CloudAppEvents](advanced-hunting-cloudappevents-table.md)**|GA |GA |GA |GA |
 | **[UrlClickEvents](advanced-hunting-urlclickevents-table.md)**|Public preview |Not available |Not available |Not available |
 
 ## Related topics
