diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
new file mode 100644
index 0000000000..94b540ac6f
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -0,0 +1,29 @@
+---
+title: Behavioral blocking and containment
+description: Learn about behavioral blocking and containment capabilities in Microsoft Defender ATP
+keywords: Microsoft Defender ATP, EDR in block mode, passive mode blocking
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+author: denisebmsft
+ms.author: deniseb
+manager: dansimp
+ms.reviewer: shwetaj
+audience: ITPro 
+ms.topic: article 
+ms.prod: w10 
+ms.localizationpriority: medium
+ms.custom: 
+- next-gen
+- edr
+ms.collection: 
+---
+
+# Behavioral blocking and containment
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+## Overview of behavioral blocking and containment
+
+As you know, not all cyberattacks involve a simple piece of malware that's found and removed. Some attacks, such as fileless attacks, are much more difficult to identify, let alone contain. Microsoft Defender ATP includes behavioral blocking and containment capabilities that can help identify and stop threats 
\ No newline at end of file