reflect tp toc to atp toc

windows/security/threat-protection/TOC.md

@@ -5,7 +5,6 @@
 ### [Overview](windows-defender-atp/overview.md)
 #### [Windows Defender Security Center](windows-defender-atp/use-windows-defender-advanced-threat-protection.md)
 ##### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
-##### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md)
 #### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
 ##### [Hardware-based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
 ##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
@@ -19,7 +18,7 @@
 ##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
 #### [Auto investigation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
 #### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
-#### [Threat analytics dashboard](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+##### [Threat analytics dashboard](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 #### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
 
 
@@ -165,194 +164,148 @@
 ###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
 
-### [Manage endpoint detection and response capabilities](windows-defender-atp/manage-edr.md)
+#### [Manage endpoint detection and response capabilities](windows-defender-atp/manage-edr.md)
-####Alerts queue
+#####Alerts queue
-##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
+###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
+###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
+###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
+###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
+###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
+###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
+###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
+###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
  
-####Machines list
+#####Machines list
-##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
+###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
+####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
 
 
-#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
+##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
+####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
+####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
+####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
+####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
  
-##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
+###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-###### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-###### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
+####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
  
-
+##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
-
+###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-#### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
+###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
 
 
 #### [Manage automated investigations](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
 
+#### [Configure Security score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
 
-#### [Configure next gen protection features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+#### [Management and APIs](windows-defender-atp/management-apis.md)
-##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-###### [Enable the Block at First Sight feature](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+ 
-###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
+###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
+#######Actor
+######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
+######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+#######Alerts
+######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+########Domain
+#########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+ 
+#######File
+######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
+######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
+######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
+######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
+ 
+#######IP
+######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+#######Machines
+######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
+######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
+######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
+######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
+######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
+######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
+######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
+######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
+######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
+ 
+ 
+ 
+#######User
+######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
+######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
+######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
  
  
  
  
+##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
+###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
+###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
+###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
+###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
  
-
+#####Reporting
-### [Manage automatic investigation and remediation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-
-### [Configure Security score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-
-
-
-
-### [Management and APIs](management-apis.md)
-#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-
-#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
-######Actor
-####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-######Alerts
-####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-#######Domain
-########  [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
-######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
-######File
-####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
-####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
-####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
-
-######IP
-####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-######Machines
-####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
-####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
-
-
-######User
-####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
-
-
-
-#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-
-####Reporting
-##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-
 
 
 ### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](windows-defender-atp/threat-protection-integration.md)
 ####  [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
-
+#### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 
 
 ###Troubleshoot Windows Defender ATP
@@ -375,22 +328,6 @@
 #### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 ## More Windows 10 security
 
 ### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -1,7 +1,7 @@
 # [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
 
 
-## [Overview](overview-attack-surface-reduction.md)
+## [Overview](overview.md)
 ### [Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)
 #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
 ### [Attack surface reduction](overview-attack-surface-reduction.md)
@@ -14,155 +14,13 @@
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
 ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 ### [Endpoint detection and response](overview-endpoint-detection-response.md)
-### [Auto investigation](../windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
+#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
-### [Secure score](../windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
+### [Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)
-### [Advanced hunting](../windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
+### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
+#### [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
+### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)
 
-#### [View the Security operations dashboard - consdier moving to the relevant pillar](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
+## [Get started](get-started.md)
-#### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
-
-
-### [Endpoint detection and response - Tomer B.](../edr.md)
-####Alerts queue
-##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
-##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
-##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
-##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
-##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
-##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
-##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
-
-####Machines list
-##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
-##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
-##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
-##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
-###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
-###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
-###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
-###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
- 
-#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
-###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
-###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-
-##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
-###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
-###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
-###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
-###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
-###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
-###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
-###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
-
-#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
-##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
-
-### [Automatic investigation and remediation - Benny](automated-investigations-windows-defender-advanced-threat-protection.md)
-
-###Security posture
-#### [Secure posture - Evald](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
-#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
-
-### [Management and APIs](../management-apis.md)
-#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
-##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
-
-#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
-##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
-######Actor
-####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
-####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
-######Alerts
-####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
-####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
-#######Domain
-########  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
-######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
-######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
-######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
-
-######File
-####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
-####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
-####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
-####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
-
-######IP
-####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
-####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
-####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
-######Machines
-####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
-####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
-####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
-####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
-####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
-####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
-####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
-####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
-####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
-####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
-####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
-####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
-
-######User
-####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
-####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
-
-#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
-##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
-##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
-##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-
-#### [Reporting](../reporting.md)
-##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
-
-#### [Permissions](../permissions.md)
-##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
-##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
-
-### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](../integration.md)
-####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
-
-## [Get started](../get-started.md)
 ### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
 ### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
 
@@ -170,19 +28,19 @@
 ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
 ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
 
-
+### [Evaluate Windows Defender ATP](evaluate-atp.md)
-### [Evaluate Windows Defender ATP](../evaluate-atp.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
 #### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
 #### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
 #### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
 #### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
 #### [Attack surface reduction controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-#### [Evaluate Windows Defender Antivirus protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+#### [Next gen protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
  
-## [Onboard and configure machines to Windows Defender ATP](../onboard.md)
+
-### [Onboard machines - need to revise this page](onboard-configure-windows-defender-advanced-threat-protection.md)
+## [Onboard machines, configure, and manage capabilities](onboard.md)
+### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
 #### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
 #### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
 ##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
@@ -200,7 +58,40 @@
 ##### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
 
 
-###[Configure attack surface reduction](../configure-attack-surface-reduction.md)
+### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+####General
+##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+ 
+ 
+####Permissions
+##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
+##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
+
+
+####APIs
+##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+
+
+####Rules
+##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+
+
+####Machine management
+##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+ 
+ 
+#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+
+### [Configure attack surface reduction](configure-attack-surface-reduction.md)
 #### [Hardware-based isolation](../windows-defender-application-guard/install-wd-app-guard.md)
 ##### [Group Policy settings](../windows-defender-application-guard/configure-wd-app-guard.md) 
 #### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
@@ -263,36 +154,142 @@
 ##### [Use PowerShell cmdlets to configure and manage Windows Defender AV](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
 ##### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
 ##### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+### [Manage endpoint detection and response capabilities](manage-edr.md)
+####Alerts queue
+##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
+##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
+##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
+##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
+##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
+##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
+##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
+##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
  
+####Machines list
+##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
+##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
+##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
+##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
+###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
+###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
+###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
  
-### [Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
+#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
-####General
+##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
+###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
-##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
-##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
+###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
-##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
+###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
-##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
+###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
+###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
+###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 
+##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
+###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
+###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
+###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
+###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
+###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
+###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
+###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
+###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
 
-####APIs
+#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
-##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
+##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
+
+### [Manage automatic investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
+
+### [Configure Security score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
+
+### [Management and APIs](management-apis.md)
+#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
 ##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
+
+#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
+##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
+######Actor
+####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
+####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
+######Alerts
+####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
+####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
+#######Domain
+########  [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
+######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
+######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
+######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
+
+######File
+####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
+####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
+####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
+####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
+
+######IP
+####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
+####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
+####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
+######Machines
+####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
+####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
+####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
+####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
+####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
+####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
+####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
+####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
+####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
+####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
+####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
+####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
+####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
+####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
 
 
-####Rules
+######User
-##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
+####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
-##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
-##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
-##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
+####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
 
 
-####Machine management
+#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
-##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
+##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
-##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
+##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
+##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
+##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
+##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
+##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
+
+####Reporting
+##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
 
 
-#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
+## [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](threat-protection-integration.md)
-
+####  [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
 
 ## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
 
@@ -323,8 +320,3 @@
 
 
 
-
-
-
-
-

windows/security/threat-protection/windows-defender-atp/get-started.md

@@ -34,22 +34,21 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
 Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
 
 **Advanced hunting**<br>
-
+Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
 
 **Management and APIs**<br>
-
+Integrate Windows Defender Advanced Threat Protection into your existing workflows.
 
 **Microsoft threat protection**<br>
+Bring the power of Microsoft threat protection to your organization.
 
 ## In this section 
-
-
 Topic | Description 
 :---|:---
-[Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
+[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform. 
-[Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
+[Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
-[Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
+[Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
-[Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
-[Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
+[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
-[Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
+[Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
 [Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.