diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index ff9215a0cb..d1c214ecbe 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -92,6 +92,7 @@
#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
##### [Microsoft Cloud App Security integration overview](windows-defender-atp/microsoft-cloud-app-security-integration.md)
+##### [Information protection in Windows overview](windows-defender-atp/information-protection-in-windows-overview.md)
@@ -411,6 +412,7 @@
#### Configure Microsoft threat protection integration
##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md)
##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md)
+##### [Configure information protection in Windows](windows-defender-atp/information-protection-in-windows-config.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index 9ecf24c3a5..5e93dae32c 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -90,7 +90,8 @@
### [Microsoft Threat Protection](threat-protection-integration.md)
#### [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
-#### [Microsoft Cloud App Security integration overview](microsoft-cloud-app-security-integration.md)
+#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
+#### [Information protection in Windows overview](information-protection-in-windows-overview.md)
### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
@@ -411,7 +412,8 @@
### Configure Microsoft Threat Protection integration
#### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md)
-#### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md)
+#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
+####[Configure information protection in Windows](information-protection-in-windows-config.md)
### [Configure Windows Security app settings](preferences-setup-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index b887fd19b7..a6cd39db1b 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/28/2018
+ms.date: 11/16/2018
---
# Configure advanced features in Windows Defender ATP
@@ -89,7 +89,7 @@ Enabling this setting forwards Windows Defender ATP signals to Microsoft Cloud A
>[!NOTE]
>This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later.
-## Azure information protection
+## Azure Information Protection
Turning this setting on forwards signals to Azure Information Protection, giving data owners and administrators visibility into protected data on onboarded machines and machine risk ratings.
diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-settings-aip.png b/windows/security/threat-protection/windows-defender-atp/images/atp-settings-aip.png
new file mode 100644
index 0000000000..f66b75a274
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-settings-aip.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/azure-data-discovery.png b/windows/security/threat-protection/windows-defender-atp/images/azure-data-discovery.png
new file mode 100644
index 0000000000..0148a800b2
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/azure-data-discovery.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png b/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png
new file mode 100644
index 0000000000..750bd6e459
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/office-scc-label.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md
new file mode 100644
index 0000000000..b0644db04c
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md
@@ -0,0 +1,49 @@
+---
+title: Configure information protection in Windows
+description: Learn how to expand the coverage of WIP to protect files based on their label, regardless of their origin.
+keywords: information, protection, data, loss, prevention, wip, policy, scc, compliance, labels, dlp
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/05/2018
+---
+
+# Configure information protection in Windows
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease information](prerelease.md)]
+
+Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin.
+
+## Prerequisites
+- Endpoints need to be on Windows 10, version 1809 or later
+- You'll need the appropriate license to leverage the Windows Defender ATP and Azure Information Protection integration
+- Your tenant needs to be onboarded to Azure Information Protection analytics, for more information see, [Configure a Log Analytics workspace for the reports](https://docs.microsoft.comazure/information-protection/reports-aip#configure-a-log-analytics-workspace-for-the-reports)
+
+
+## Configuration steps
+1. Define a WIP policy and assign it to the relevant devices. For more information, see [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). If WIP is already configured on the relevant devices, skip this step.
+2. Define which labels need to get WIP protection in Office 365 Security and Compliance.
+
+ 1. Go to: **Classifications > Labels**.
+ 2. Create a new label or edit an existing one.
+ 3. In the configuration wizard, go to 'Data loss prevention' tab and enable WIP.
+
+ 
+
+ 4. Repeat for every label that you want to get WIP applied to in Windows.
+
+After completing these steps Windows Defender ATP will automatically identify labeled documents stored on the device and enable WIP on them.
+
+>[!NOTE]
+>- The Windows Defender ATP configuration is pulled every 15 minutes. Allow up to 30 minutes for the new policy to take effect and ensure that the endpoint is online. Otherwise, it will not receive the policy.
+>- Data forwarded to Azure Information Protection is stored in the same location as your other Azure Information Protection data.
+
+## Related topic
+- [Information protection in Windows overview](information-protection-in-windows-overview.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md
new file mode 100644
index 0000000000..9c4fe5f044
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md
@@ -0,0 +1,95 @@
+---
+title: Information protection in Windows overview
+description: Learn about how information protection works in Windows to identify and protect sensitive information
+keywords: information, protection, dlp, wip, data, loss, prevention, protect
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+ms.date: 12/05/2018
+---
+
+# Information protection in Windows overview
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+[!include[Prerelease information](prerelease.md)]
+
+Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace.
+
+
+Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite.
+
+
+Windows Defender ATP applies two methods to discover and protect data:
+- **Data discovery** - Identify sensitive data on Windows devices at risk
+- **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label
+
+
+## Data discovery
+Windows Defender ATP automatically discovers files with Office 365 sensitivity labels on Windows devices when the feature is enabled. You can enable the Azure Information Protection integration feature from Windows Defender Security Center. For more information, see [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md#azure-information-protection).
+
+
+
+
+After enabling the Azure Information Protection integration, data discovery signals are immediately forwarded to Azure Information Protection from the device. When a file that has a sensitivity label applied is created or modified on a Windows device, Windows Defender ATP automatically reports the signal to Azure Information Protection.
+
+The reported signals can be viewed on the Azure Information Protection - Data discovery dashboard.
+
+### Azure Information Protection - Data discovery dashboard
+This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and Azure Information Protection. Data from Windows Defender ATP is marked with Location Type - Endpoint.
+
+
+
+
+Notice the Device Risk column on the right, this device risk is derived directly from Windows Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Windows Defender ATP.
+
+Clicking the device risk level will redirect you to the device page in Windows Defender ATP, where you can get a comprehensive view of the device security status and its active alerts.
+
+
+>[!NOTE]
+>Windows Defender ATP does not currently report the Information Types.
+
+### Log Analytics
+Data discovery based on Windows Defender ATP is also available in [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-overview), where you can perform complex queries over the raw data.
+
+For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip).
+
+Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic).
+
+To view Windows Defender ATP data, perform a query that contains:
+
+
+```
+InformationProtectionLogs_CL
+| where Workload_s == "Windows Defender"
+```
+
+**Prerequisites:**
+- Customers must have a subscription for Azure Information Protection, and be using a unified labeling client.
+- Enable Azure Information Protection integration in Windows Defender Security Center:
+ - Go to **Settings** in Windows Defender Security Center, click on **Advanced Settings** under **General**.
+
+
+## Data protection
+For data to be protected, they must first be identified through labels. Sensitivity labels are created in Office Security and Compliance (SCC). Windows Defender ATP then uses the labels to identify endpoints that need Windows Information Protection (WIP) applied on them.
+
+
+When you create sensitivity labels, you can set the information protection functionalities that will be applied on the file. The setting that applies to Windows Defender ATP is the Data loss prevention. You'll need to turn on the Data loss prevention and select Enable Windows end point protection (DLP for devices).
+
+
+
+
+Once, the policy is set and published, Windows Defender ATP automatically enables WIP for labeled files. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy.
+
+This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin.
+
+For more information, see [Configure information protection in Windows](information-protection-in-windows-config.md).
+
+
+## Related topics
+- [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
index bcadd41d25..ba9be2d111 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
@@ -11,11 +11,11 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/19/2018
+ms.date: 10/19/2018
---
-# Configure Microsoft Cloud App Security integration
+# Configure Microsoft Cloud App Security in Windows
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
index c18f430649..12da630b32 100644
--- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
@@ -1,7 +1,7 @@
---
title: Microsoft Cloud App Security integration overview
-description:
-keywords:
+description: Windows Defender ATP integrates with Cloud App Security by collecting and forwarding all cloud app networking activities, providing unparalleled visibility to cloud app usage
+keywords: cloud, app, networking, visibility, usage
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -11,10 +11,10 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 09/18/2018
+ms.date: 10/18/2018
---
-# Microsoft Cloud App Security integration overview
+# Microsoft Cloud App Security in Windows overview
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index c51de1c5bf..f0d5d23e2f 100644
--- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 11/05/2018
+ms.date: 12/03/2018
---
# Windows Defender ATP preview features
@@ -39,6 +39,10 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Preview features
The following features are included in the preview release:
+- [Information protection](information-protection-in-windows-overview.md)
+Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite.
+
+
- [Incidents](incidents-queue.md)
Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
index e0301cebc1..d837895ff9 100644
--- a/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
+++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md
@@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
-ms.date: 10/12/2018
+ms.date: 12/03/2018
---
# Microsoft Threat Protection
@@ -28,24 +28,30 @@ Microsoft's multiple layers of threat protection across data, applications, devi
Each layer in the threat protection stack plays a critical role in protecting customers. The deep integration between these layers results in better protected customers.
-## Conditional access
-Windows Defender ATP's dynamic machine risk score is integrated into the conditional access evaluation, ensuring that only secure devices have access to resources.
-
-## Office 365 Advanced Threat Protection (Office 365 ATP)
-[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Windows Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
-
## Azure Advanced Threat Protection (Azure ATP)
Suspicious activities are processes running under a user context. The integration between Windows Defender ATP and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities.
-## Skype for Business
-The Skype for Business integration provides s a way for analysts to communicate with a potentially compromised user or device owner through ao simple button from the portal.
-
## Azure Security Center
Windows Defender ATP provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
+## Azure Information Protection
+Keep sensitive data secure while enabling productivity in the workplace through data data discovery and data protection.
+
+## Conditional access
+Windows Defender ATP's dynamic machine risk score is integrated into the conditional access evaluation, ensuring that only secure devices have access to resources.
+
+
## Microsoft Cloud App Security
Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
+## Office 365 Advanced Threat Protection (Office 365 ATP)
+[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Windows Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
+
+## Skype for Business
+The Skype for Business integration provides s a way for analysts to communicate with a potentially compromised user or device owner through ao simple button from the portal.
+
+
+
## Related topic
- [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)