add live response

windows/security/threat-protection/TOC.md

@@ -67,6 +67,8 @@
 ####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
 ####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
  
+###### [Investigate entities using Live response](windows-defender-atp/live-response.md)
+#######[Live response command examples](windows-defender-atp/live-response-command-examples.md)
 
 #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
 ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)

windows/security/threat-protection/microsoft-defender-atp/TOC.md

@@ -70,7 +70,10 @@
 ###### [Submit files for analysis](respond-file-alerts.md#submit-files-for-analysis)
 ###### [View deep analysis reports](respond-file-alerts.md#view-deep-analysis-reports)
 ###### [Troubleshoot deep analysis](respond-file-alerts.md#troubleshoot-deep-analysis)
- 
+
+##### [Investigate entities using Live response](live-response.md)
+###### [Live response command examples](live-response-command-examples.md)
+
 ### [Automated investigation and remediation](automated-investigations.md)
 #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
 

windows/security/threat-protection/microsoft-defender-atp/advanced-features.md

@@ -31,6 +31,15 @@ Use the following advanced features to get better protected from potentially mal
 ## Automated investigation
 When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations.md).
 
+## Live response
+When you enable this feature, users with the appropriate permissions can initiate a live response session on machines. 
+
+For more information on role assignments see, [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md). 
+
+## Live response unsigned script execution
+Enabling this feature allows you to run unsigned scripts in a live response session. 
+
+
 ## Auto-resolve remediated alerts
 For tenants created on or after Windows 10, version 1809 the automated investigations capability is configured by default to resolve alerts where the automated analysis result status is "No threats found" or "Remediated".  If you don’t want to have alerts auto-resolved, you’ll need to manually turn off the feature.
 

windows/security/threat-protection/microsoft-defender-atp/user-roles.md

@@ -46,6 +46,18 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
             >This setting is only available in the Microsoft Defender ATP administrator (default) role. 
 
 		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
+
+		  - **Live response capabilities** - Users can take basic or advanced live response commands. <br>
+			- Basic commands allow users to:
+			- Start a live response session
+			- Run read only live response commands on a remote machine 
+			- Advanced commands allow users to:
+			- Run basic actions
+			- Download a file from the remote machine
+			- View a script from the files library
+			- Run a script on the remote machine from the files library take read and write commands. 
+			
+			For more information on the available commands, see [Investigate machines using Live response](live-response.md).
 		  
 4.	Click **Next** to assign the role to an Azure AD group.