diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index 05863a21ee..0951729d56 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 11/06/2017 +ms.date: 04/16/2018 --- # Configure endpoints using Group Policy @@ -25,7 +25,7 @@ ms.date: 11/06/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - +[!include[Prerelease information](prerelease.md)] >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) @@ -34,11 +34,15 @@ ms.date: 11/06/2017 > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. ## Onboard endpoints -1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): +1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): + + a. In the navigation pane, select **Settings** > **Onboarding**. - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. - - b. Select **Group Policy**, click **Download package** and save the .zip file. + b. Make you select Windows 10 as the operating system. + + c. In the **Deployment method** field, select **Group policy**. + + c. Click **Download package** and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*. @@ -118,11 +122,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Offboarding**. - b. Click the **Endpoint offboarding** section. + b. Make you select Windows 10 as the operating system. + + c. In the **Deployment method** field, select **Group policy**. - c. Select **Group Policy**, click **Download package** and save the .zip file. + d. Click **Download package** and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index 1da2319b09..317fc0946d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 11/06/2017 +ms.date: 04/16/2018 --- # Configure endpoints using Mobile Device Management tools @@ -44,11 +44,13 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Select **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Onboarding**. - b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. + b. Make you select Windows 10 as the operating system. - ![Endpoint onboarding](images/atp-mdm-onboarding-package.png) + b. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**. + + c. Click **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*. @@ -128,11 +130,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Offboarding**. - b. Click the **Endpoint offboarding** section. + b. Make you select Windows 10 as the operating system. - c. Select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file. + b. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**. + + c. Click **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index f98fcf98cf..39c21278d8 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 12/12/2017 +ms.date: 04/16/2018 --- # Configure non-Windows endpoints @@ -29,19 +29,21 @@ Windows Defender ATP provides a centralized security operations experience for W You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. ## Onboard non-Windows endpoints -You'll need to take the following steps to oboard non-Windows endpoints: +You'll need to take the following steps to onboard non-Windows endpoints: 1. Turn on third-party integration 2. Run a detection test ### Turn on third-party integration -1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed. +1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed. -2. Toggle the third-party provider switch button to turn on the third-party solution integration. +2. Make you select Mac and Linux as the operating system. -3. Click **Generate access token** button and then **Copy**. +3. Turn on the third-party solution integration. -4. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. +4. Click **Generate access token** button and then **Copy**. + +5. You’ll need to copy and paste the token to the third-party solution you’re using. The implementation may vary depending on the solution. >[!WARNING] @@ -58,9 +60,9 @@ To effectively offboard the endpoints from the service, you'll need to disable t 1. Follow the third-party documentation to opt-out on the third-party service side. -2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**. +2. In the navigation pane, select **Settings** > **Onboarding**. -3. Toggle the third-party provider switch button to turn stop diagnostic data from endpoints. +3. Turn off the third-party solution integration. >[!WARNING] >If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index de4aa4ddca..1c839f02be 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 11/06/2017 +ms.date: 04/16/2018 --- # Configure endpoints using System Center Configuration Manager @@ -48,9 +48,12 @@ You can use existing System Center Configuration Manager functionality to create 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Onboarding**. + b. Make you select Windows 10 as the operating system. - b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. + b. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. + + c. Click **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. @@ -122,11 +125,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Offboarding**. - b. Click the **Endpoint offboarding** section. + b. Make you select Windows 10 as the operating system. - c. Select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file. + b. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. + + c. Click **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index f1219c9897..e548098f53 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 11/06/2017 +ms.date: 04/16/2018 --- # Configure endpoints using a local script @@ -35,11 +35,15 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You ## Onboard endpoints 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Onboarding**. - b. Select **Local Script**, click **Download package** and save the .zip file. + b. Make you select Windows 10 as the operating system. + c. In the **Deployment method** field, select **Local Script**. + d. Click **Download package** and save the .zip file. + + 2. Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. 3. Open an elevated command-line prompt on the endpoint and run the script: @@ -89,11 +93,13 @@ For security reasons, the package used to offboard endpoints will expire 30 days 1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Offboarding**. - b. Click the **Endpoint offboarding** section. + b. Make you select Windows 10 as the operating system. - c. Select **Group Policy**, click **Download package** and save the .zip file. + c. In the **Deployment method** field, select **Local Script**. + + d. Click **Download package** and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md index 2eef428bbc..ce90aa07b9 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -40,9 +40,13 @@ You can onboard VDI machines using a single entry or multiple entries for each m 1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/): - a. Click **Endpoint management** > **Clients** on the **Navigation pane**. + a. In the navigation pane, select **Settings** > **Onboarding**. - b. Select **VDI onboarding scripts for non-persistent endpoints** then click **Download package** and save the .zip file. + b. Make you select Windows 10 as the operating system. + + c. In the **Deployment method** field, select **VDI onboarding scripts for non-persistent endpoints**. + + d. Click **Download package** and save the .zip file. 2. Copy the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index 757c32721c..c833178d41 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -44,11 +44,11 @@ To onboard your servers to Windows Defender ATP, you’ll need to: ### Turn on Server monitoring from the Windows Defender Security Center portal -1. In the navigation pane, select **Endpoint management** > **Servers**. +1. In the navigation pane, select **Settings** > **Onboarding**. -2. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. - - ![Image of server onboarding](images/atp-server-onboarding.png) +2. Make you select Windows server 2012, 2012R2 and 2016 as the operating system. + +3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index 3e8727774a..04642f53a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -29,7 +29,7 @@ ms.date: 04/16/2018 Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal. -1. In the navigation pane, select **Preference Setup** > **Threat intel API**. +1. In the navigation pane, select **Settings** > **Threat intel**. ![Image of threat intel API menu](images/atp-threat-intel-api.png) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md index 1fd82b03ba..387c56511c 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md @@ -30,7 +30,7 @@ Set the baselines for calculating the score of Windows Defender security control >[!NOTE] >Changes might take up to a few hours to reflect on the dashboard. -1. In the navigation pane, select **Settings** > **Security Analytics**. +1. In the navigation pane, select **Settings** > **General** > **Secure score**. ![Image of Security Analytics controls from Preferences setup menu](images/atp-enable-security-analytics.png) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index 292a68c8ac..e5cbafb041 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 11/21/2017 +ms.date: 04/16/2018 --- # Enable SIEM integration in Windows Defender ATP @@ -29,7 +29,7 @@ ms.date: 11/21/2017 Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API. -1. In the navigation pane, select **Settings** > **SIEM integration**. +1. In the navigation pane, select **Settings** > **API** > **SIEM**. ![Image of SIEM integration from Settings menu](images/atp-siem-integration.png) diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png index 1918a2064d..4da25bc842 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-create-dashboard.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png index 9405ae0d6e..f4bd111ec1 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-download-connector.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png index 1fa1650882..c41e49977b 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png index f978ee5cc8..9dd1e801dd 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-machine-health-details.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png index 74b6e5fae6..3a25f98351 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-preferences-setup.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png index e0df9b32df..f3de71739d 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-sensor-filter.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png index 2ce7dbc637..dade9d98cf 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-siem-integration.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png index 70a7ce9fee..5d6dbeec95 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-intel-api.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 40d43aa06d..7b8309f291 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 10/23/2017 +ms.date: 04/16/2018 --- # Create and build Power BI reports using Windows Defender ATP data @@ -40,7 +40,7 @@ You can access these options from the Windows Defender ATP portal. Both the Powe ## Create a Windows Defender ATP dashboard on Power BI service Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. -1. In the navigation pane, select **Settings** > **Power BI reports**. +1. In the navigation pane, select **Settings** > **General** > **Power BI reports**. 2. Click **Create dashboard**. This opens up a new tab in your browser and loads the Power BI service with data from your organization. @@ -65,7 +65,7 @@ You can create a custom dashboard in Power BI Desktop to create visualizations t ### Before you begin 1. Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/). -2. In the Windows Defender ATP portal navigation pane, select **Settings** > **Power BI reports**. +2. In the navigation pane, select **Settings** > **General** > **Power BI reports**. 3. Click **Download connector** to download the WDATPPowerBI.zip file and extract it. diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 5eec568c16..ede26bb2d4 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -36,9 +36,7 @@ You'll have access to upcoming features which you can provide feedback on to hel Turn on the preview experience setting to be among the first to try upcoming features. -1. In the navigation pane, select **Settings** > **General** > **Advanced features**. -JOEY UPDATE IMAGE!! - ![Image of settings and preview experience](images/atp-preview-features.png) +1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**. 2. Toggle the setting between **On** and **Off** and select **Save preferences**. diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index a521be1763..28d5bb5e12 100644 --- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 03/06/2018 +ms.date: 04/16/2018 --- # Take response actions on a file @@ -116,13 +116,12 @@ You can prevent further propagation of an attack in your organization by banning ### Enable the block file feature -1. In the navigation pane, select **Preference Setup** > **Advanced features** > **Block file**. +1. In the navigation pane, select **Settings** > **Advanced features** > **Block file**. 2. Toggle the setting between **On** and **Off** and select **Save preferences**. - - ![Image of settings](images/atp-preferences-setup.png) - - + + ![Image of advanced settings for block file feature](images/atp-preferences-setup.png) + 3. Type a comment and select **Yes, block file** to take action on the file. The Action center shows the submission information: