diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index bc1d1edae3..e249568df7 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -781,11 +781,11 @@
 ######## [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
 ######## [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
 #### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
 ##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
 #### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
 ##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
 ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
index 011897e94c..31ea81e97e 100644
--- a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
@@ -51,7 +51,7 @@ For more information, see [Pull Windows Defender ATP alerts using REST API](pull
 Topic | Description
 :---|:---
 [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Preferences setup** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
-[Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
-[Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
+[Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
+[Configure ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
 [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
 [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 5498802fbb..9a231875f8 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -23,6 +23,8 @@ localizationpriority: high
 
 There are some minimum requirements for onboarding your network and endpoints.
 
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
+
 ## Minimum requirements
 You must be on Windows 10, version 1607 at a minimum.
 For more information, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy).
@@ -114,3 +116,5 @@ When Windows Defender is not the active antimalware in your organization and you
 If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
diff --git a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
index 0306678e79..fb768346fe 100644
--- a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
@@ -49,4 +49,4 @@ The following features are included in the preview release:
 - [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) - Create custom threat intelligence alerts using the threat intelligence API to generate alerts that are applicable to your organization.
 
 >[!NOTE]
-> All response actions require machines to be on the latest Windows 10 Insider Preview build.
+> All response actions require machines to be on the latest Windows 10, version 1703.
diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
index e9d223c9d6..c768906d08 100644
--- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -34,13 +34,13 @@ You can contain an attack in your organization by stopping the malicious process
 
 The **Stop & Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
 
-The action takes effect on machines with the latest Windows 10 Insider Preview build where the file was observed in the last 30 days.
+The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days.
 
 ### Stop and quarantine files
 1.	Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
 
-    – **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
-    – **Search box** - select File from the drop–down menu and enter the file name
+  - **Alerts** - click the corresponding links from the Description or Details in the Alert timeline
+  - **Search box** - select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions menu** and select **Stop & Quarantine File**.
     ![Image of stop and quarantine file action](images/atp-stop-quarantine-file.png)
@@ -50,11 +50,11 @@ The action takes effect on machines with the latest Windows 10 Insider Preview b
   The Action center shows the submission information:
     ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png)
 
-    –	**Submission time** - Shows when the action was submitted.
-    –	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
-    –	**Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.
-    –	**Success** - Shows the number of machines where the file has been stopped and quarantined.
-    –	**Failed** - Shows the number of machines where the action failed and details about the failure.
+    -	**Submission time** - Shows when the action was submitted. <br>
+    -	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
+    -	**Pending** - Shows the number of machines where the file is yet to be stopped and quarantined from. This can take time for cases when the machine is offline or not connected to the network.<br>
+    -	**Success** - Shows the number of machines where the file has been stopped and quarantined.<br>
+    -	**Failed** - Shows the number of machines where the action failed and details about the failure.<br>
 
 4. Select any of the status indicators to view more information about the action. For example, select **Failed** to see where the action failed.
 
@@ -108,9 +108,9 @@ The Action center shows the submission information:
 
   ![Image of block file](images/atp-blockfile.png)
 
-  – **Submission time** - Shows when the action was submitted.
-  –	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon.
-  –	**Status** - Indicates whether the file was added to or removed from the blacklist.
+  - **Submission time** - Shows when the action was submitted. <br>
+  -	**Submitting user** - Shows who submitted the action on the file. You can view the comments provided by the user by selecting the information icon. <br>
+  -	**Status** - Indicates whether the file was added to or removed from the blacklist.
 
 When the file is blocked, there will be a new event in the machine timeline.</br>
 
@@ -129,9 +129,9 @@ For prevalent files in the organization, a warning is shown before an action is
 ### Remove file from blocked list
 1.	Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
 
-  –	**Alerts** - Click the file links from the Description or Details in the Alert timeline
-  –	**Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
-  –	**Search box** - Select File from the drop–down menu and enter the file name
+  -	**Alerts** - Click the file links from the Description or Details in the Alert timeline <br>
+  -	**Machines list** - Click the file links in the Description or Details columns in the Observed on machine section <br>
+  -	**Search box** - Select File from the drop–down menu and enter the file name
 
 2.	Open the **Actions** menu and select **Remove file from blocked list**.
 
@@ -173,10 +173,10 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
 
 **Submit files for deep analysis:**
 
-1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
-  – Alerts - click the file links from the **Description** or **Details** in the Alert timeline
-  – **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section
-  – Search box - select **File** from the drop–down menu and enter the file name
+1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views: <br>
+  - Alerts - click the file links from the **Description** or **Details** in the Alert timeline <br>
+  - **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section <br>
+  - Search box - select **File** from the drop–down menu and enter the file name <br>
 2. In the **Deep analysis** section of the file view, click **Submit**.
 
 ![You can only submit PE files in the file details section](images/submit-file.png)