diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 0d4fa4bb60..52adb7569f 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,6 +1,11 @@
{
"redirections": [
{
+"source_path": "windows/application-management/msix-app-packaging-tool-walkthrough.md",
+"redirect_url": "https://docs.microsoft.com/windows/msix/mpt-overview",
+"redirect_document_id": true
+},
+{
"source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md",
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility",
"redirect_document_id": true
@@ -5426,6 +5431,21 @@
"redirect_document_id": true
},
{
+"source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md",
+"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/layout/",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md",
+"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-public-preview-apps.md",
+"redirect_url": "https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps",
+"redirect_document_id": true
+},
+{
"source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
"redirect_url": "/surface-hub/provisioning-packages-for-surface-hub",
"redirect_document_id": true
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index a4fd0d717f..bec5bec56b 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -10,8 +10,5 @@
## [Share HoloLens with multiple people](hololens-multiple-users.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
## [Install apps on HoloLens](hololens-install-apps.md)
-## [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md)
-### [Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md)
-### [Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
index 95f7f92bed..d3b18496cd 100644
--- a/devices/hololens/change-history-hololens.md
+++ b/devices/hololens/change-history-hololens.md
@@ -9,13 +9,21 @@ author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2018
+ms.date: 10/08/2018
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
+## October 2018
+
+New or changed topic | Description
+--- | ---
+[Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Removed, and redirected to [Mixed reality apps](https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps)
+[Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) | Removed, and redirected to [Overview of Dynamics 365 Remote Assist](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/)
+[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/)
+
## July 2018
New or changed topic | Description
diff --git a/devices/hololens/hololens-microsoft-dynamics-365-layout-app.md b/devices/hololens/hololens-microsoft-dynamics-365-layout-app.md
deleted file mode 100644
index fa1227574a..0000000000
--- a/devices/hololens/hololens-microsoft-dynamics-365-layout-app.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Microsoft Dynamics 365 Layout
-description: How to get and deploy the Microsoft Dynamics 365 Layout app throughout your organization
-ms.prod: hololens
-ms.sitesec: library
-author: alhopper-msft
-ms.author: alhopper
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 05/21/2018
----
-# Microsoft Dynamics 365 Layout
-
-Bring designs from concept to completion with confidence and speed. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical space or virtual reality and edit with stakeholders in real time. With Dynamics 365 Layout, see ideas in context, saving valuable time and money.
-
-## Device options and technical requirements
-
-Below are the device options, and technical requirements, to use and deploy Dynamics 365 Layout throughout your organization.
-
-### Device options
-
-Dynamics 365 Layout works with a HoloLens, or with a Windows Mixed Reality headset with motion controllers.
-
-#### HoloLens requirements
-
-| OS requirements | Details |
-|:----------------------------------|:-----------------------------------------------------------|
-| Build 10.0.17134.77 or above | See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens) for instructions on upgrading to this build. |
-
-#### Windows Mixed Reality headset requirements
-
-| Requirements | Details |
-|:----------------------------------------------|:-----------------------------------------------------------|
-| Windows 10 PC with build 16299.0 or higher | The Windows 10 PC hardware must be able to support the headset. See [Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) for specific hardware requirements. We recommend following the **Windows Mixed Reality Ultra** hardware guidelines. |
-| Motion controllers | Motion controllers are hardware accessories that allow users to take action in mixed reality. See [Motion controllers](https://docs.microsoft.com/en-us/windows/mixed-reality/motion-controllers) to learn more. |
-
-### Technical requirements
-
-Have the following technical requirements in place to start using Dynamics 365 Layout.
-
-| Requirement | Details | Learn more |
-|:----------------------------------|:------------------|:------------------|
-| Azure Active Directory (Azure AD) | Required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can also install Layout on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) |
-| Network connectivity | Internet access is required to download the app, and utilize all of its features. There are no bandwidth requirements. | |
-| Apps for sharing | Video calling or screen sharing requires a separate app, such as Microsoft Remote Assist on HoloLens, or Skype or Skype for Business on Windows Mixed Reality headsets.
A Windows 10 PC that meets the Windows Mixed Reality Ultra specifications is also required for video calling or screen sharing when using Layout with a Windows Mixed Reality headset. | [Remote Assist](hololens-microsoft-remote-assist-app.md)
[Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) |
-| Import Tool for Dynamics 365 Layout | The Import Tool for Dynamics 365 Layout is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Dynamics 365 Layout, so they can be viewed and edited from the HoloLens or mixed reality headset. The Import Tool is also required to transfer Visio space dimensions to the HoloLens or Windows Mixed Reality headset. | [Import Tool for Dynamics 365 Layout](#get-and-deploy-the-import-tool-for-microsoft-layout) |
-
-## Get and deploy Dynamics 365 Layout
-
-Dynamics 365 Layout is available from the Microsoft Store for Business for free for a limited time:
-
-1. Go to the [Dynamics 365 Layout](https://businessstore.microsoft.com/en-us/store/details/microsoft-dynamics-365-layout/9N20MQ2V3XCW) app in the Microsoft Store for Business.
-1. Click **Get the app**. Dynamics 365 Layout is added to the **Products and Services** tab for your private store.
-1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps.
-
-For a limited time, users can also [Get Dynamics 365 Layout from the Microsoft Store](https://www.microsoft.com/store/productId/9n20mq2v3xcw) for free.
-
-### Get and deploy the Import Tool for Dynamics 365 Layout
-
-The **Import Tool for Dynamics 365 Layout** is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Dynamics 365 Layout, for viewing and editing on Microsoft HoloLens or a Windows Mixed Reality headset.
-
-The companion app is available in both the Microsoft Store for Business, and the Microsoft Store, for free for a limited time:
-
-* [Get the Dynamics 365 Layout Import Tool](https://businessstore.microsoft.com/en-us/store/details/app/9N88Q3RXPLP0) from the Microsoft Store for Business. See [Distribute apps to your employees from Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business) for instructions on using the Microsoft Store for Business, and/or MDM, to deploy Windows 10 apps throughout your organization.
-* Alternately, have your users [Get the Dynamics 365 Layout Import Tool](https://www.microsoft.com/store/productId/9N88Q3RXPLP0) from the Microsoft Store to install the app on their Windows 10 PC.
-
-## Use Dynamics 365 Layout
-
-For guidance on using the features of the Dynamics 365 Layout app, please see [Set up and use Dynamics 365 Layout](https://support.microsoft.com/help/4294437).
-
-## Questions and support
-
-You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
\ No newline at end of file
diff --git a/devices/hololens/hololens-microsoft-remote-assist-app.md b/devices/hololens/hololens-microsoft-remote-assist-app.md
deleted file mode 100644
index 221c650ada..0000000000
--- a/devices/hololens/hololens-microsoft-remote-assist-app.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Microsoft Remote Assist
-description: How to get and deploy the Microsoft Remote Assist app throughout your organization
-ms.prod: hololens
-ms.sitesec: library
-author: alhopper-msft
-ms.author: alhopper
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 05/22/2018
----
-# Microsoft Remote Assist
-
-Collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. Firstline workers can share what they see with any expert on Microsoft Teams, while staying hands on to solve problems and complete tasks together, faster. Backed by enterprise-level security, Microsoft Remote Assist enables communication with peace of mind.
-
-## Technical requirements
-
-Below are the technical requirements to deploy and use Microsoft Remote Assist throughout your organization.
-
-### Device requirements
-
-| Device | OS requirements | Details |
-|:---------------------------|:----------------------------------|:-----------------------------------------------------------|
-| HoloLens | Build 10.0.14393.0 or above | See [Manage updates to HoloLens](https://docs.microsoft.com/en-us/HoloLens/hololens-updates) for instructions on using Windows Update for Business, MDM, and Windows Server Update Service (WSUS) to deploy updates to HoloLens. |
-| Windows 10 PC (optional) | Any Windows 10 build | A Windows 10 PC can collaborate with the HoloLens using Microsoft Teams. |
-
-> [!Note]
-> HoloLens build 10.0.14393.0 is the minimum that supports Remote Assist. We recommend updating the HoloLens to newer versions when they are available.
-
-### Licensing & product requirements
-
-| Product required | Details | Learn more |
-|:----------------------------------|:------------------|:------------------|
-| Azure Active Directory (Azure AD) | Required to log users into the Remote Assist app through Microsoft Teams. Also required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can alternately install Remote Assist on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) |
-| Microsoft Teams | Microsoft Teams facilitates communication in Remote Assist. Microsoft Teams must be installed on any device that will make calls to the HoloLens. | [Overview of Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/teams-overview) |
-| Microsoft Office 365 | Because Microsoft Teams is part of Office 365, each user who will make calls from their PC/phone to the HoloLens will need an Office 365 license. | [Office 365 licensing for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/office-365-licensing) |
-
-### Network requirements
-
-1.5 MB/s is the recommended bandwidth for optimal performance of Microsoft Remote Assist. Though audio/video calls may be possible in environments with reduced bandwidth, you may experience HoloLens feature degradation, limiting the user experience. To test your company’s network bandwidth, follow these steps:
-
- 1. Have a Teams user video call another Teams user.
- 2. Add another separate video call between a 3rd and 4th user, and another for a 5th and 6th user.
- 3. Continue adding video callers to stress test your network bandwidth until confident that multiple users can successfully connect on video calls at the same time.
-
-See [Preparing your organization's network for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/prepare-network) to learn more.
-
-## Get and deploy Microsoft Remote Assist
-
-Microsoft Remote Assist is available from the Microsoft Store for Business for free for a limited time:
-
-1. Go to the [Microsoft Remote Assist](https://businessstore.microsoft.com/en-us/store/details/app/9PPJSDMD680S) app in the Microsoft Store for Business.
-1. Click **Get the app**. Microsoft Remote Assist is added to the **Products and Services** tab for your private store.
-1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps.
-
-For a limited time, users can also [Get Microsoft Remote Assist from the Microsoft Store](https://www.microsoft.com/store/productId/9PPJSDMD680S) for free.
-
-## Use Microsoft Remote Assist
-
-For guidance on using the features of the Microsoft Remote Assist app, please see [Set up and use Microsoft Remote Assist](https://support.microsoft.com/en-us/help/4294812).
-
-## Questions and support
-
-You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
diff --git a/devices/hololens/hololens-public-preview-apps.md b/devices/hololens/hololens-public-preview-apps.md
deleted file mode 100644
index 845548ef54..0000000000
--- a/devices/hololens/hololens-public-preview-apps.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Preview new mixed reality apps for HoloLens
-description: Here's how to download and distribute new mixed reality apps for HoloLens, free for a limited time during public preview
-ms.prod: hololens
-ms.sitesec: library
-author: alhopper
-ms.author: alhopper
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 05/21/2018
----
-# Preview new mixed reality apps for HoloLens
-
-Microsoft has just announced two new mixed reality apps coming to HoloLens: Microsoft Remote Assist and Microsoft Dynamics 365 Layout.
-
-The gap between the real and digital world limits our ability to take advantage of new technologies and transform how we work, learn, create, communicate, and live. **Mixed reality is here to close that gap**.
-
-Mixed reality has the potential to help customers and businesses across the globe do things that until now, have never been possible. Mixed reality helps businesses and employees complete crucial tasks faster, safer, more efficiently, and create new ways to connect to customers and partners.
-
-Ready to get started? Check out the links below to learn more about how you can download and deploy Microsoft's new commercial-focused mixed reality apps.
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Microsoft Remote Assist](hololens-microsoft-remote-assist-app.md) | Microsoft Remote Assist enables collaboration in mixed reality to solve problems faster. Firstline workers can collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. They can share what they see with an expert on Microsoft Teams, while staying hands-on to solve problems and complete tasks together, faster. |
-| [Microsoft Dynamics 365 Layout](hololens-microsoft-dynamics-365-layout-app.md ) | Bring designs from concept to completion with confidence and speed using Microsoft Dynamics 365Layout. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical or virtual space and edit in real time. With Microsoft Layout, you can see ideas in context, saving valuable time and money. |
-
-## Questions and support
-
-You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
\ No newline at end of file
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 786b38a1e3..2f5741df7e 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -32,7 +32,6 @@ ms.date: 07/27/2018
[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens |
-| [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Download and deploy new mixed reality apps for HoloLens, free for a limited time during public preview |
| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens |
| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. |
diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md
index a57f6f1a55..110f01c7b0 100644
--- a/windows/application-management/TOC.md
+++ b/windows/application-management/TOC.md
@@ -5,7 +5,6 @@
## [Understand apps in Windows 10](apps-in-windows-10.md)
## [Add apps and features in Windows 10](add-apps-and-features.md)
## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md)
-### [Learn how to repackage win32 apps in the MSIX format](msix-app-packaging-tool-walkthrough.md)
## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md)
### [Getting Started with App-V](app-v/appv-getting-started.md)
#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md)
diff --git a/windows/application-management/msix-app-packaging-tool-walkthrough.md b/windows/application-management/msix-app-packaging-tool-walkthrough.md
deleted file mode 100644
index b85a15753e..0000000000
--- a/windows/application-management/msix-app-packaging-tool-walkthrough.md
+++ /dev/null
@@ -1,160 +0,0 @@
----
-title: Learn how to repackage your existing win32 applications to the MSIX format. This walkthrough provides in-depth detail on how the MSIX app packaging tool can be used.
-description: Learn how to use the MSIX packaging tool with this in-depth walkthrough.
-keywords: ["MSIX", "application", "app", "win32", "packaging tool"]
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.localizationpriority: medium
-ms.author: mikeblodge
-ms.topic: article
-ms.date: 08/027/2018
----
-
-# MSIX Packaging tool walkthrough
-
-Learn how to repackage your legacy win32 application installers to MSIX, without the need for making code changes to your apps. The MSIX Packaging Tool allows you to modernize your app to take adavantage of Microsoft Store or Microsoft Store for Business to deploy apps on Windows 10 in S mode.
-
-## Terminology
-
-
-|Term |Definition |
-|---------|---------|
-|MPT | MSIX Packaging Tool. An enterprise grade tool that allows to package apps in the enterprise easily as MSIX without app code changes. |
-|PSF | Package Support Framework. An open source framework to allow the packaging tool and the IT Admin to apply targeted fixes to the app in order to bypass some of the modern environment constrains. Some fixes will be added automatically by the tool and some will be added manually. |
-|Modification Package | MSIX package to stores app preferences/settings and add-ins, decoupled from the main package. |
-|Installer | Application installer can be an MSI, EXE, App-V , ClickOnce. |
-|Project template file | Template file that saves the settings and parameters used for a certain package conversion. Information captured in the template includes general Tooling packaging options, settings in the options menus like exclusion lists, package deployment settings, application install location, package manifest information like Package Family Name, publisher, version and package properties like capabilities and advanced enterprise features. |
-
-## Creating an Application package
-
-
-
-When the tool is first launched, you will be prompted to provide consent to sending telemtry data. It's important to note that the diagnostic data you share only comes from the app and is never used to identify or contact you. This just helps us fix things faster for you.
-
-
-
-Creating an Application package is the most commonly used option. This is where you will create an MSIX package from an installer, or by manual installation of application payload.
-- If an installer is being used, browse to and select the desired application installer and click **Next**.
- - This field accepts a valid existing file path.
- - The field can be empty if you are manually packaging.
-- If there is no installer (manual packaging) click **Next**.
-
-*Optionally*
-- Check the box under "Use Existing MSIX Package", browse, and select an existing MSIX package you'd like to update.
-- Check the box under "Use installer Preferences" and enter the desired argument in the provided field. This field accepts any string.
-
-### Packaging method
-
-- Select the packaging environment by selecting one of the radio buttons:
- - "Create package on an existing virtual machine" if you plan to do the package creation on a VM. Click **Next**. (You will be presented with user and password fields to provide credentials for the VM if there are any).
- - "Create package on this computer" if you plan to package the application on the current machine where the tool is installed. Click **Next**.
-
-### Create package on this computer
-
-
-
-You've selected to package your application on the current machine where the tool is installed. Nice job! Provide the information pertaining to the app. The tool will try to auto-fill these fields based on the information available from the installer. You will always have a choice to update the entries as needed. If the field as an asterisk*, it's required, but you already knew that. Inline help is provided if the entry is not valid.
-
-- Package name:
- - Required and corresponds to package identity Name in the manifest to describe the contents of the package.
- - Must match the Name subject information of the certificate used to sign a package.
- - Is not shown to the end user.
- - Is case-sensitive and cannot have a space.
- - Can accept string between 3 and 50 characters in length that consists of alpha-numeric, period, and dash characters.
- - Cannot end with a period and be one of these: "CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", and "LPT9."
-- Package display name:
- - Required and corresponds to package in the manifest to display a friendly package name to the user, in start menu and settings pages.
- - Field accepts A string between 1 and 256 characters in length and is localizable.
-- Publisher name
- - Required and corresponds to package that describes the publisher information.
- - The Publisher attribute must match the publisher subject information of the certificate used to sign a package.
- - This field accepts a string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : "(CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")(, ((CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")))*".
-- Publisher display name
- - Reuqired and corresponds to package in the manifest to display a friendly publisher name to the user, in App installer and settings pages.
- - Field accepts A string between 1 and 256 characters in length and is localizable.
-- Version
- - Required and corresponds to package in the manifest to describe the The version number of the package.
- - This field accepts a version string in quad notation, "Major.Minor.Build.Revision".
-- Install location
- - This is the location that the installer is going to copy the application payload to (usually Programs Files folder).
- - This field is optional but recommended.
- - Browse to and select a folder path.
- - Make sure this filed matches Installers Install location while you go through the application install operation.
-
-### Prepare computer
-
-
-
-- You are provided with options to prepare the computer for packaging.
-- MSIX Packaging Tool Driver is required and the tool will automatically try to enable it if it is not enabled.
- > [!NOTE]
- > MSIX Packaging tool driver monitors the system to capture the changes that an installer is making on the system which allows MSIX Packaging Tool to create a package based on those changes.
- - The tool will first check with DISM to see if the driver is installed.
-- [Optional] Check the box for “Windows Search is Active” and select “disable selected” if you choose to disable the search service.
- - This is not required, only recommended.
- - Once disabled, the tool will update the status field to “disabled”
-- [Optional] Check the box for “Windows Update is Active” and select “disable selected” if you choose to disable the Update service.
- - This is not required, only recommended.
- - Once disabled, the tool will update the status field to “disabled”
-- “Pending reboot” checkbox is disabled by default. You'll need to manually restart the machine and then launch the tool again if you are prompted that pending operations need a reboot.
- - This not required, only recommended.
-When you're done preparing the machine, click **Next**.
-
-### Installation
-
-
-
-- This is installation phase where the tool is monitoring and capturing the application install operations.
-- If you've provided an installer, the tool will launch the installer and you'll need to go through the installer wizard to install the application.
- - Make sure the installation path matches what was defined earlier in the package information page.
- - You'll need to create a shortcut in desktop for the newly installed application.
- - Once you're done with the application installation wizard, make sure you finish or close on the installation wizard.
- - If you need to run multiple installers you can do that manually at this point.
- - If the app needs other pre-reqs, you need to install them now.
- - If the application needs .Net 3.5/20, add the optional feature to Windows.
-- If installer was not provided, manually copy the application binaries to the install location that you've defined earlier in package information.
-- When you've completed installing the application, click **Next**.
-
-### Manage first launch tasks
-
-
-
-- This page shows application executables that the tool captured.
-- We recommended launching the application at least once to capture any first launch tasks.
-- If there are multiple applications, check the box that corresponds to the main entry point.
-- If you don't see the application .exe here, manually browse to and run it.
-- Click **Next**
-
-
-
-You'll be prompted with a pop up asking for confirmation that you're finished with application installation and managing first launch tasks.
-- If you're done, click **Yes, move on**.
-- If you're not done, click **No, I'm not done**. You'll be taken back to the last page to where you can launch applications, install or copy other files, and dlls/executables.
-
-### Package support report
-
-
-
-- Here you'll have a chance to add PSF runtime fixes that might be applicable to the application. *(not supported in preview)*
- - The tool will make some suggestions and apply fixes that it thinks are applicable.
- - You'll have the opportunity to add, remove or edit PSF runtime fixes
- - You can see a list of PSFs provided by the community from Github.
- - You'll also see a packaging report on this page. The report will call out noteworthy items for example:
- - If certain restricted capabilities like allowElevation is added
- - If certain files were excluded from the package.
- - Etc
-Once done, click **Next**.
-
-## Create package
-
-
-
-- Provide a location to save the MSIX package.
-- By default, packages are saved in local app data folder.
-- You can define the default save location in Settings menu.
-- If you'd like to continue to edit the content and properties of the package before saving the MSIX package, you can select “Package editor” and be taken to package editor.
-- If you prefer to sign the package with a pre-made certificate for testing, browse to and select the certificate.
-- Click **Create** to create the MSIX package.
-
-You'll be presented with the pop up when the package is created. This pop up will include the name, publisher, and save location of the newly created package. You can close this pop up and get redirected to the welcome page. You can also select package editor to see and modify the package content and properties.
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 5e910c8c03..da3ee1f863 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -17,6 +17,12 @@
#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+##### [Incidents queue](windows-defender-atp/incidents-queue.md)
+###### [View and organize the Incidents queue](windows-defender-atp/view-incidents-queue.md)
+###### [Manage incidents](windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md)
+###### [Investigate incidents](windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md)
+
+
##### Alerts queue
###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index deb8c0e185..a5eb991e8b 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -16,6 +16,13 @@
#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+#### [Incidents queue](incidents-queue.md)
+##### [View and organize the Incidents queue](view-incidents-queue.md)
+##### [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
+##### [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
+
+
+
#### Alerts queue
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 1d3703c9be..d7bbbb265b 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -10,14 +10,12 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 07/16/2018
+ms.date: 10/08/2018
---
# Configure alert notifications in Windows Defender ATP
**Applies to:**
-
-
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 4c08fdb727..a6f0c0497c 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -133,6 +133,9 @@ To onboard Windows Server, version 1803 or Windows Server 2019, use the same met
## Integration with Azure Security Center
Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
+>[!NOTE]
+>You'll need to have the appropriate license to enable this feature.
+
The following capabilities are included in this integration:
- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/en-us/azure/security-center/security-center-onboarding).
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png b/windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png
index c46cc214d7..78290030a9 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-example-email-notification.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png b/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png
index 0135cd0a3f..bb11c88b62 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-incident-details.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png
new file mode 100644
index 0000000000..7fcdfcc834
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-incidentlinkedbyreason.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png
new file mode 100644
index 0000000000..d103afdb87
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-linkedbytooltip.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-reason.png b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-reason.png
new file mode 100644
index 0000000000..7fcdfcc834
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-reason.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-tooltip.png b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-tooltip.png
new file mode 100644
index 0000000000..d103afdb87
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-incidents-alerts-tooltip.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
new file mode 100644
index 0000000000..783f74ac70
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/incidents-queue.md
@@ -0,0 +1,35 @@
+---
+title: Incidents queue in Windows Defender ATP
+description:
+keywords: incidents, aggregate, investigations, queue, ttp
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/08/2018
+---
+
+# Incidents queue in Windows Defender ATP
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations.
+
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
+
+
+## In this section
+
+Topic | Description
+:---|:---
+[View and organize the Incidents queue](view-incidents-queue.md)| See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
+[Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.
+[Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)| See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..596bd63508
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,78 @@
+---
+title: Investigate incidents in Windows Defender ATP
+description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
+keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/08/2018
+---
+
+# Investigate incidents in Windows Defender ATP
+
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them.
+
+## Analyze incident details
+Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph).
+
+
+
+### Alerts
+You can investigate the alerts and see how they were linked together in an incident.
+Alerts are grouped into incidents based on the following reasons:
+- Automated investigation - The automated investigation triggered the linked alert while investigating the original alert
+- File characteristics - The files associated with the alert have similar characteristics
+- Manual association - A user manually linked the alerts
+- Proximate time - The alerts were triggered on the same machine within a certain timeframe
+- Same file - The files associated with the alert are exactly the same
+
+
+
+
+
+You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).
+
+### Machines
+You can also investigate the machines that are part of, or related to, a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
+
+
+
+### Investigations
+Select **Investigations** to see all the automatic investigations launched by the system in response to the incident alerts.
+
+
+
+## Going through the evidence
+Windows Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident.
+Each of the analyzed entities will be marked as infected, remediated, or suspicious.
+
+
+
+## Visualizing associated cybersecurity threats
+Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
+
+### Incident graph
+The **Graph** tells the story of the cybersecurity attack. For example, it shows you what was the entry point, which indicator of compromise or activity was observed on which machine. etc.
+
+
+
+You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it’s been observed in your organization, if so, how many instances.
+
+
+
+## Related topics
+- [Incidents queue](incidents-queue.md)
+- [View and organize the Incidents queue](view-incidents-queue.md)
+- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..2df623ec62
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,61 @@
+---
+title: Manage Windows Defender ATP incidents
+description: Manage incidents by assigning it, updating its status, or setting its classification.
+keywords: incidents, manage, assign, status, classification, true alert, false alert
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 010/08/2018
+---
+
+# Manage Windows Defender ATP incidents
+
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+
+Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress.
+
+
+
+Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details.
+
+
+
+
+## Assign incidents
+If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it.
+
+## Change the incident status
+You can categorize incidents (as **Active**, or **Resolved**) by changing their status as your investigation progresses. This helps you organize and manage how your team can respond to incidents.
+
+For example, your SoC analyst can review the urgent **Active** incidents for the day, and decide to assign them to himself for investigation.
+
+Alternatively, your SoC analyst might set the incident as **Resolved** if the incident has been remediated.
+
+## Classify the incident
+You can choose not to set a classification, or decide to specify whether an incident is true or false. Doing so helps the team see patterns and learn from them.
+
+## Rename incident
+By default, incidents are assigned with numbers. You can rename the incident if your organization uses a naming convention for easier cybersecurity threat identification.
+
+
+
+## Add comments and view the history of an incident
+You can add comments and view historical events about an incident to see previous changes made to it.
+
+Whenever a change or comment is made to an alert, it is recorded in the Comments and history section.
+
+Added comments instantly appear on the pane.
+
+## Related topics
+- [Incidents queue](incidents-queue.md)
+- [View and organize the Incidents queue](view-incidents-queue.md)
+- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md
index 2e0966140c..c7fc1c2b49 100644
--- a/windows/security/threat-protection/windows-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md
@@ -42,6 +42,17 @@ An important aspect of machine management is the ability to analyze the environm
- The Secure score dashboard provides metrics based method of prioritizing the most important proactive security measures.
- Windows Defender ATP includes a built-in PowerBI based reporting solution to quickly review trends and details related to Windows Defender ATP alerts and secure score of machines. The platform also supports full customization of the reports, including mashing of Windows Defender ATP data with your own data stream to produce business specific reports.
+
+## In this section
+Topic | Description
+:---|:---
+Understand threat intelligence concepts | Learn about alert definitions, indicators of compromise, and other threat intelligence concepts.
+Supported Windows Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses.
+Managed security service provider | Get a quick overview on managed security service provider support.
+
+
+
+
## Related topics
- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
index 598138a8ef..b49b3ddd4e 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
@@ -30,6 +30,7 @@ With advanced hunting, you can take advantage of the following capabilities:
Topic | Description
:---|:---
[Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) | Learn how to use the basic or advanced query examples to search for possible emerging threats in your organization.
+[Custom detections](overview-custom-detections.md)| With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats.
diff --git a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
index 222e5cfffa..fb129cb91b 100644
--- a/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
@@ -74,3 +74,4 @@ Clicking the link under the Misconfigured machines column opens up the **Machine
## Related topic
- [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+- [Threat analytics for Spectre and Meltdown](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 3eab3eda81..53f9b9de62 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -41,6 +41,10 @@ The following features are included in the preview release:
- [Threat analytics](threat-analytics.md)
Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
+- [Incidents](incidents-queue.md)
+Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
+
+
- [Custom detection](overview-custom-detections.md)
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.
diff --git a/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
new file mode 100644
index 0000000000..823c7f396e
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md
@@ -0,0 +1,74 @@
+---
+title: View and organize the Incidents queue
+description: See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
+keywords: view, organize, incidents, aggregate, investigations, queue, ttp
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 10/08/2018
+---
+
+# View and organize the Windows Defender Advanced Threat Protection Incidents queue
+**Applies to:**
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+[!include[Prerelease information](prerelease.md)]
+
+The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
+
+By default, the queue displays incidents seen in the last 30 days, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
+
+There are several options you can choose from to customize the Incidents queue view.
+
+On the top navigation you can:
+- Customize columns to add or remove columns
+- Modify the number of items to view per page
+- Select the items to show per page
+- Batch-select the incidents to assign
+- Navigate between pages
+- Apply filters
+
+
+
+## Sort and filter the incidents queue
+You can apply the following filters to limit the list of incidents and get a more focused view.
+
+Incident severity | Description
+:---|:---
+High (Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on machines.
+Medium (Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
+Low (Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
+Informational (Grey) | Informational incidents are those that might not be considered harmful to the network but might be good to keep track of.
+
+### Category
+Incidents are categorized based on the description of the stage by which the cybersecurity kill chain is in. This view helps the threat analyst to determine priority, urgency, and corresponding response strategy to deploy based on context.
+
+### Alerts
+Indicates the number of alerts associated with or part of the incidents.
+
+
+### Machines
+You can limit to show only the machines at risk which are associated with incidents.
+
+### Users
+You can limit to show only the users of the machines at risk which are associated with incidents.
+
+### Assigned to
+You can choose to show between unassigned incidents or those which are assigned to you.
+
+### Status
+You can choose to limit the list of incidents shown based on their status to see which ones are active or resolved
+
+### Classification
+Use this filter to choose between focusing on incidents flagged as true or false incidents.
+
+## Related topics
+- [Incidents queue](incidents-queue.md)
+- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
+- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
+