update images and files affected by settings page

windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/16/2018
 ---
 
 # Configure endpoints using Group Policy
@@ -25,7 +25,7 @@ ms.date: 11/06/2017
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
+[!include[Prerelease information](prerelease.md)]
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
 
@@ -34,11 +34,15 @@ ms.date: 11/06/2017
 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
 ## Onboard endpoints
-1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
+ 
+    a.  In the navigation pane, select **Settings** > **Onboarding**.
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
-
-    b.  Select **Group Policy**, click **Download package** and save the .zip file.
+    b.  Make you select Windows 10 as the operating system.
+    
+    c. In the **Deployment method** field, select **Group policy**.
+    
+    c. Click **Download package** and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
@@ -118,11 +122,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Make you select Windows 10 as the operating system.
+    
+    c. In the **Deployment method** field, select **Group policy**.
 
-    c. Select **Group Policy**, click **Download package** and save the .zip file.
+    d. Click **Download package** and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 

windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/16/2018
 ---
 
 # Configure endpoints using Mobile Device Management tools
@@ -44,11 +44,13 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
 
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Select **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Onboarding**.
 
-    b.  Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+    b. Make you select Windows 10 as the operating system.
 
-      ![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
+    b. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+    
+    c. Click **Download package**, and save the .zip file.
 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named  *WindowsDefenderATP.onboarding*.
 
@@ -128,11 +130,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+   a. In the navigation pane, select **Settings** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Make you select Windows 10 as the operating system.
 
-    c. Select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
+    b. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**.
+    
+    c. Click **Download package**, and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
 

windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 12/12/2017
+ms.date: 04/16/2018
 ---
 
 # Configure non-Windows endpoints
@@ -29,19 +29,21 @@ Windows Defender ATP provides a centralized security operations experience for W
 You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. 
 
 ## Onboard non-Windows endpoints
-You'll need to take the following steps to oboard non-Windows endpoints:
+You'll need to take the following steps to onboard non-Windows endpoints:
 1. Turn on third-party integration
 2. Run a detection test
 
 ### Turn on third-party integration
 
-1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
+1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed.
 
-2. 	Toggle the third-party provider switch button to turn on the third-party solution integration.
+2. 	Make you select Mac and Linux as the operating system.
 
-3. 	Click **Generate access token** button and then **Copy**.
+3. Turn on the third-party solution integration.
 
-4. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
+4. 	Click **Generate access token** button and then **Copy**.
+
+5. 	You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. 
 
 
 >[!WARNING] 
@@ -58,9 +60,9 @@ To effectively offboard the endpoints from the service, you'll need to disable t
 
 1. Follow the third-party documentation to opt-out on the third-party service side.
 
-2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
+2. In the navigation pane, select **Settings** > **Onboarding**.
 
-3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints. 
+3. Turn off the third-party solution integration. 
 
 >[!WARNING]
 >If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. 

windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/16/2018
 ---
 
 # Configure endpoints using System Center Configuration Manager
@@ -48,9 +48,12 @@ You can use existing System Center Configuration Manager functionality to create
 
 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Onboarding**.
+    b. Make you select Windows 10 as the operating system.
 
-    b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+    b. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+    
+    c. Click **Download package**, and save the .zip file.
 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
@@ -122,11 +125,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a. In the navigation pane, select **Settings** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Make you select Windows 10 as the operating system.
 
-    c. Select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+    b. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
+    
+    c. Click **Download package**, and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 

windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/06/2017
+ms.date: 04/16/2018
 ---
 
 # Configure endpoints using a local script
@@ -35,11 +35,15 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 ## Onboard endpoints
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Onboarding**.
 
-    b.  Select **Local Script**, click **Download package** and save the .zip file.
+    b. Make you select Windows 10 as the operating system.
 
+    c.  In the **Deployment method** field, select **Local Script**.
 
+    d. Click **Download package** and save the .zip file.
+
+  
 2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
 3.  Open an elevated command-line prompt on the endpoint and run the script:
@@ -89,11 +93,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a. Click **Endpoint management** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Offboarding**.
 
-    b. Click the **Endpoint offboarding** section.
+    b. Make you select Windows 10 as the operating system.
 
-    c. Select **Group Policy**, click **Download package** and save the .zip file.
+    c.  In the **Deployment method** field, select **Local Script**.
+
+    d. Click **Download package** and save the .zip file.
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 

windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md

@@ -40,9 +40,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m
 
 1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-    a.  Click **Endpoint management** > **Clients** on the **Navigation pane**.
+    a.  In the navigation pane, select **Settings** > **Onboarding**.
 
-    b.  Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file.
+    b. Make you select Windows 10 as the operating system.
+
+    c.  In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**.
+
+    d. Click **Download package** and save the .zip file.
 
 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
 

windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md

@@ -44,11 +44,11 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 
 ### Turn on Server monitoring from the Windows Defender Security Center portal
 
-1. In the navigation pane, select **Endpoint management** > **Servers**. 
+1. In the navigation pane, select **Settings** > **Onboarding**.
 
-2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
-
-    ![Image of server onboarding](images/atp-server-onboarding.png)
+2. Make you select Windows server 2012, 2012R2 and 2016 as the operating system.
+ 
+3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent.
 
 <span id="server-mma"/>
 ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP 

windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md

@@ -29,7 +29,7 @@ ms.date: 04/16/2018
 
 Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
 
-1. In the navigation pane, select **Preference Setup** > **Threat intel API**.
+1. In the navigation pane, select **Settings** > **Threat intel**.
 
   ![Image of threat intel API menu](images/atp-threat-intel-api.png)
 

windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md

@@ -30,7 +30,7 @@ Set the baselines for calculating the score of Windows Defender security control
   >[!NOTE]
   >Changes might take up to a few hours to reflect on the dashboard. 
 
-1. In the navigation pane, select **Settings** > **Security Analytics**.
+1. In the navigation pane, select **Settings** > **General** > **Secure score**.
 
     ![Image of Security Analytics controls from Preferences setup menu](images/atp-enable-security-analytics.png)
 

windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 11/21/2017
+ms.date: 04/16/2018
 ---
 
 # Enable SIEM integration in Windows Defender ATP
@@ -29,7 +29,7 @@ ms.date: 11/21/2017
 
 Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
 
-1. In the navigation pane, select **Settings** > **SIEM integration**.
+1. In the navigation pane, select **Settings** > **API** > **SIEM**.
 
   ![Image of SIEM integration from Settings menu](images/atp-siem-integration.png)
 

windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 10/23/2017
+ms.date: 04/16/2018
 ---
 # Create and build Power BI reports using Windows Defender ATP data
 
@@ -40,7 +40,7 @@ You can access these options from the Windows Defender ATP portal. Both the Powe
 ## Create a Windows Defender ATP dashboard on Power BI service
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 
-1. In the navigation pane, select **Settings** > **Power BI reports**.
+1. In the navigation pane, select **Settings** > **General** > **Power BI reports**.
 
 2.	Click **Create dashboard**. This opens up a new tab in your browser and loads the Power BI service with data from your organization.
 
@@ -65,7 +65,7 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t
 ### Before you begin
 1.	Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
 
-2.	In the Windows Defender ATP portal navigation pane, select **Settings** > **Power BI reports**.
+2.	In the navigation pane, select **Settings** > **General** > **Power BI reports**.
 
 3.	Click **Download connector** to download the WDATPPowerBI.zip file and extract it.
 

windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md

@@ -36,9 +36,7 @@ You'll have access to upcoming features which you can provide feedback on to hel
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
-1. In the navigation pane, select **Settings** > **General** > **Advanced features**.
-JOEY UPDATE IMAGE!!
-    ![Image of settings and preview experience](images/atp-preview-features.png)
+1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**.
 
 2. Toggle the setting between **On** and **Off** and select **Save preferences**.
 

windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md

@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/06/2018
+ms.date: 04/16/2018
 ---
 
 # Take response actions on a file
@@ -116,13 +116,12 @@ You can prevent further propagation of an attack in your organization by banning
 
 
 ### Enable the block file feature
-1.	In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**.
+1.	In the navigation pane, select **Settings** > **Advanced features** > **Block file**.
 
 2.	Toggle the setting between **On** and **Off** and select **Save preferences**.
-
-  ![Image of settings](images/atp-preferences-setup.png)
-
-
+    
+    ![Image of advanced settings for block file feature](images/atp-preferences-setup.png)
+  
 3. Type a comment and select **Yes, block file** to take action on the file.
 
     The Action center shows the submission information: