update file name etc

windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md

@@ -39,7 +39,7 @@ The following best practices serve as a guideline of query performance best prac
 ## Query tips and pitfalls
 
 ### Unique Process IDs
-Process IDs are recycled in Windows and reused for new processes and therefore can<EFBFBD>t serve as a unique identifier for a specific process.
+Process IDs are recycled in Windows and reused for new processes and therefore can't serve as a unique identifier for a specific process.
 To address this issue, Windows Defender ATP created the time process. To get a unique identifier for a process on a specific machine, use the process ID together with the process creation time.
 
 

windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Enable conditional access in Windows Defedener ATP
+title: Enable conditional access to better protect users, devices, and data
 description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant.
 keywords: conditional access, block applications, security level, intune,
 search.product: eADQiWindows 10XVcnh
@@ -13,7 +13,7 @@ ms.localizationpriority: high
 ms.date: 03/05/2018
 ---
 
-# Enable conditional access in Windows Defender ATP 
+# Enable conditional access to better protect users, devices, and data 
 
 **Applies to:**
 
@@ -37,12 +37,12 @@ The implementation of conditional access in Windows Defender ATP is based on Mic
 
 The compliance policy is used with conditional access to allow only devices that fulfill one or more device compliance policy rules to access applications. 
 
-## Understand conditional access
+## Understand the conditional access flow
 When a device is found to be at high risk, the signal is communicated to Intune. In Intune, a device compliance policy is used in conjunction with Azure AD conditional access to block access to applications. In parallel,  an automated investigation and remediation process is launched.
 
 A device returns to a compliant state when there is lower risk seen on it. A user can still use the device while the automated investigation and remediation is taking place, but access to enterprise data is blocked until the threat is fully remediated. When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted.
 
-The following image shows the conditional access flow in action:
+The following example sequence of events explains conditional access in action:
 
 1. A user opens a malicious file and Windows Defender ATP flags the device as high risk.
 2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
@@ -59,7 +59,7 @@ The following image shows the conditional access flow in action:
 You'll need to take the following steps to enable conditional access:
 
 1. Turn on the Microsoft Intune connection. For more information, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). 
-2. Turn on the Windows Defender ATP integration in Intune. For more information, see LINK TO THE CONTENT INTUNE WRITER IS MAKING.
+2. Turn on the Windows Defender ATP integration in Intune. For more information, see 
     - Ensure that machines are enrolled. For more information see, [Set up enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-enroll).
 
 3. Create a device compliance policy in Intune. For more information, see [Create a compliance policy in the Azure portal](https://docs.microsoft.com/en-us/intune/compliance-policy-create-windows#create-a-compliance-policy-in-the-azure-portal).

windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md

@@ -29,7 +29,7 @@ ms.date: 04/16/2018
 
 Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
 
-1. In the navigation pane, select **Settings** > **API** > **SIEM**.
+1. In the navigation pane, select **Settings** > **APIs** > **SIEM**.
 
   ![Image of SIEM integration from Settings menu](images/atp-siem-integration.png)