diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 4313c921c2..46ad33286e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -38,16 +38,20 @@
 
 ### [Attack surface reduction]()
 #### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
+#### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
+#### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
 #### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
 #### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
 
 
 #### [Attack surface reduction controls]()
+##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
 ##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
 ##### [Customize attack surface reduction](microsoft-defender-atp/customize-attack-surface-reduction.md)
 
 #### [Hardware-based isolation]()
 ##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
+##### [Hardware-based isolation evaluation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 ##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
 
 
@@ -58,6 +62,7 @@
 ###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
 
 ##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+#### [Audit Application control policies](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
 
 ##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
  
@@ -71,9 +76,11 @@
 
 
 #### [Exploit protection](microsoft-defender-atp/exploit-protection.md)
+##### [Exploit protection evaluation](microsoft-defender-atp/evaluate-exploit-protection.md)
+
 
 #### [Network protection](microsoft-defender-atp/network-protection.md)
-
+##### [Network Protection evaluation](microsoft-defender-atp/evaluate-network-protection.md)
 
  
 #### [Web protection]()
@@ -85,93 +92,256 @@
 ##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
  
 #### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
-#### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
+##### [Controlled folder access evaluation](microsoft-defender-atp/evaluate-controlled-folder-access.md)
+
+
+
 #### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
+##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
 
 
 ### [Next-generation protection]()
 #### [Next-generation protection overview](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
+#### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+
+
+
+
+#### [Configure next-generation protection]()
+##### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+   
+##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+###### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
+###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+   
+##### [Configure behavioral, heuristic, and real-time protection]()
+###### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+   
+##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
+   
+##### [Antivirus compatibility]()
+###### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
+   
+##### [Deploy, manage updates, and report on antivirus]()
+###### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
+   
+###### [Report on antivirus protection]()
+####### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
+   
+###### [Manage updates and apply baselines]()
+####### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+####### [Manage protection and security intelligence updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
+####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
+####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
+####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
+####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+   
+##### [Customize, initiate, and review the results of scans and remediation]()
+###### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+   
+###### [Configure and validate exclusions in antivirus scans]()
+####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+   
+###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+   
+##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+   
+##### [Manage antivirus in your business]()
+###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+###### [Use Microsoft Endpoint Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+   
+##### [Manage scans and remediation]()
+###### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+   
+###### [Configure and validate exclusions in antivirus scans]()
+####### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+   
+###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+
+##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+   
+##### [Manage next-generation protection in your business]()
+###### [Handle false positives/negatives in Windows Defender Antivirus](windows-defender-antivirus/antivirus-false-positives-negatives.md)
+###### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+###### [Use Microsoft Intune and Microsoft Endpoint Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+
+
 #### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
 #### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md)
 
 
+### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
+#### [What's New](microsoft-defender-atp/mac-whatsnew.md)
+#### [Deploy]()
+##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
+##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
+##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
+##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
+#### [Update](microsoft-defender-atp/mac-updates.md)
+#### [Configure]()
+##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
+##### [Set preferences](microsoft-defender-atp/mac-preferences.md)
+##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
+#### [Troubleshoot]()
+##### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)
+##### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
+##### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
+##### [Troubleshoot license issues](microsoft-defender-atp/mac-support-license.md)
+#### [Privacy](microsoft-defender-atp/mac-privacy.md)
+#### [Resources](microsoft-defender-atp/mac-resources.md)
 
+### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
+#### [Deploy]()
+##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
+##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
+##### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md)
+#### [Update](microsoft-defender-atp/linux-updates.md)
+#### [Configure]()
+##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
+##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
+#### [Resources](microsoft-defender-atp/linux-resources.md)
 
-
-
-
+### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
 
 ## [Security operations]()
 
 ### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
 
 ### [Endpoint detection and response]()
+#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
+
+#### [Incidents queue]()
+##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
+##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
+##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
+ 
+#### [Alerts queue]()
+##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+##### [Investigate files](microsoft-defender-atp/investigate-files.md)
+##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+###### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
+##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+ 
+#### [Machines list]()
+##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
+##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+ 
+#### [Take response actions]()
+##### [Take response actions on a machine]()
+###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
+###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
+###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
+###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
+###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
+###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
+###### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
+ 
+##### [Take response actions on a file]()
+###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
+###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
+###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
+###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
+###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
+###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
+
+#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
+##### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
+
+#### [Investigate entities using Live response]()
+##### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
+##### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
 
 
 
 
 
 
-### [Incidents queue]()
-#### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
-#### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
-#### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
-
-### [Alerts queue]()
-#### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
-#### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
-#### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
-#### [Investigate files](microsoft-defender-atp/investigate-files.md)
-#### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
-#### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
-#### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
-##### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
-#### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
-
-### [Machines list]()
-#### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
-#### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
-
-### [Take response actions]()
-#### [Take response actions on a machine]()
-##### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
-##### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
-##### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
-##### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
-##### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
-##### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
-##### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
-##### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
-##### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
-##### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
-
-#### [Take response actions on a file]()
-##### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
-##### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-##### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
-##### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-##### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
-##### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
-##### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
-##### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-##### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
-##### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
-##### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
-
-### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
-#### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
 
 
 
-### [Investigate entities using Live response]()
-#### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
-#### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
 
-### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
 
-### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
 
 
+
+
+
+
+
+
+
+
+##### [Shadow protection?](windows-defender-antivirus/shadow-protection.md)
+
+#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
+
+#### [Reporting]()
+##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
+##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
+##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
+#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
+
+
+#### [Custom detections]()
+##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
+##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
+
+
+
+
+
+
+### [Automated investigation and response]()
+#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
+
 ### [Advanced hunting]()
 #### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
 #### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
@@ -198,17 +368,14 @@
 
 ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
 
-### [Reporting]()
-#### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
-#### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
-#### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
-#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
+### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
+
+
+
+
 
 
 
-### [Custom detections]()
-#### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
-#### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
 
 
 
@@ -281,18 +448,6 @@
 
 
 ## Reference
-### [Capabilities]()
-
-
-
-
-
-
-#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
-##### [Shadow protection](windows-defender-antivirus/shadow-protection.md)
-
-#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
-
 ### [Management and APIs]()
 #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
 
@@ -466,16 +621,10 @@
 
 
 
-### [Attack surface reduction and next-generation capability evaluation]()
-#### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
-#### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-#### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-#### [Exploit protection](microsoft-defender-atp/evaluate-exploit-protection.md)
-#### [Network Protection](microsoft-defender-atp/evaluate-network-protection.md)
-#### [Controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
-#### [Attack surface reduction](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
-#### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-#### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+
+
+
+