diff --git a/windows/deploy/images/ur-arch-diagram.png b/windows/deploy/images/ur-arch-diagram.png
new file mode 100644
index 0000000000..9c1da1227c
Binary files /dev/null and b/windows/deploy/images/ur-arch-diagram.png differ
diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md
index 5775e4b633..e0c160b723 100644
--- a/windows/deploy/mbr-to-gpt.md
+++ b/windows/deploy/mbr-to-gpt.md
@@ -378,7 +378,6 @@ In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is
## Related topics
-[Using MBR2GPT with Configuration Manager OSD](https://miketerrill.net/tag/mbr2gpt/)
-
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
diff --git a/windows/deploy/upgrade-readiness-architecture.md b/windows/deploy/upgrade-readiness-architecture.md
index c4cafc8768..93a028f925 100644
--- a/windows/deploy/upgrade-readiness-architecture.md
+++ b/windows/deploy/upgrade-readiness-architecture.md
@@ -13,7 +13,7 @@ Microsoft analyzes system, application, and driver telemetry data to help you de
-->
-
+
After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.
diff --git a/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
index ee298dc448..21ff12135a 100644
--- a/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
+++ b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
@@ -41,7 +41,7 @@ As mentioned previously, the default target version in Upgrade Readiness is set
The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version.
-You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
+You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1607.
To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution:
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 593a0acc8c..eeb1d26ced 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -789,7 +789,7 @@
###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
-##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+##### [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md b/windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md
similarity index 100%
rename from windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
rename to windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md
diff --git a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
index e242add755..d551629b2e 100644
--- a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -71,3 +71,10 @@ Portal label | SIEM field name | Description
+
+
+## Related topics
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
index fba8ebda15..21b8b172ec 100644
--- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -68,8 +68,9 @@ The following steps assume that you have completed all the required steps in [Be
- WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\
- >[!NOTE]
- >You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool.
+ NOTE:
+ You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool.
+
4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**.
5. Select Type: **ArcSight FlexConnector REST** and click **Next**.
@@ -174,10 +175,11 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
A browser window appears. Allow it to run, it should disappear, and the connector should now be running.
- > [!NOTE]
- > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
+> [!NOTE]
+> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
## Related topics
-- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 2ad2430c0e..c4a85d0274 100644
--- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -64,5 +64,5 @@ This section lists various issues that you may encounter when using email notifi
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
index 18fa8ef5d5..f40c7d579d 100644
--- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -42,14 +42,16 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
2. Click **Search & Reporting**, then **Settings** > **Data inputs**.
3. Click **REST** under **Local inputs**.
-> [!NOTE]
-> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
+
+ NOTE:
+ This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
4. Click **New**.
5. Type the following values in the required fields, then click **Save**:
-> [!NOTE]
->All other values in the form are optional and can be left blank.
+
+ NOTE:
+ All other values in the form are optional and can be left blank.
@@ -132,6 +134,7 @@ Use the solution explorer to view alerts in Splunk.
## Related topics
-- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
-- [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index c2c75d2d52..4aba77f8b3 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -55,14 +55,14 @@ This tile shows you a list of machines with the highest number of active alerts.
Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
-You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
+You can also click **Machines list** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
## Users at risk
The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
-Click the user account to see details about the user account. For more information see [Investigate a user entity in Windows Defender Advanced Threat Protection]
+Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
## Machines with active malware detections
The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender.
@@ -97,7 +97,7 @@ There are two status indicators that provide information on the number of machin
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
- **Misconfigured** – These machines might partially be reporting telemetry to the Windows Defender ATP service and might have configuration errors that need to be corrected.
-When you click any of the groups, you’ll be directed to machines view, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
+When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
## Service health
The **Service health** tile informs you if the service is active or if there are issues.
diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
index dcc7ec8191..e717a28f79 100644
--- a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
@@ -33,9 +33,9 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
- >[!WARNING]
- >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
- >For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
+ WARNING:
+ The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
4. Select **Generate tokens** to get an access and refresh token.
diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
index 5746ab6157..a645f8ccad 100644
--- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
@@ -29,16 +29,18 @@ Enable security information and event management (SIEM) integration so you can p
2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
- >[!WARNING]
- >The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
- >For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
+ WARNING:
+ The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
3. Choose the SIEM type you use in your organization.
- >[!NOTE]
- >If you select HP ArcSight, you'll need to save these two configuration files:
- > - WDATP-connector.jsonparser.properties
- > - WDATP-connector.properties
- > If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**.
+
+ NOTE:
+ If you select HP ArcSight, you'll need to save these two configuration files:
+ - WDATP-connector.jsonparser.properties
+ - WDATP-connector.properties
+
+ If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**.
4. Copy the individual values or select **Save details to file** to download a file that contains all the values.
@@ -47,5 +49,7 @@ Enable security information and event management (SIEM) integration so you can p
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
## Related topics
-- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
-- [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index 2c68fb6704..e69c2a864d 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -25,7 +25,7 @@ localizationpriority: high
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
-For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
+For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
> [!NOTE]
> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
diff --git a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
index 01eaa034f6..225527fdbc 100644
--- a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
@@ -36,7 +36,7 @@ If the machine has not been in use for more than 7 days for any reason, it will
A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
**Machine was offboarded**
-If the machine was offboarded it will still appear in machines view. After 7 days, the machine health state should change to inactive.
+If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
Do you expect a machine to be in ‘Active’ status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
diff --git a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
index b8021ab337..d53c76fc27 100644
--- a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
@@ -23,14 +23,16 @@ localizationpriority: high
During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
1. In the navigation pane, select **Preferences setup** > **General**.
+
2. Modify settings such as data retention policy or the industry that best describes your organization.
- >[!NOTE]
- >Other settings are not editable.
+ > [!NOTE]
+ > Other settings are not editable.
+
3. Click **Save preferences**.
## Related topics
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/images/atp-machines-at-risk.png b/windows/keep-secure/images/atp-machines-at-risk.png
index e733606c0c..219e958d7d 100644
Binary files a/windows/keep-secure/images/atp-machines-at-risk.png and b/windows/keep-secure/images/atp-machines-at-risk.png differ
diff --git a/windows/keep-secure/images/rules-legend.png b/windows/keep-secure/images/rules-legend.png
index dea7d1dc70..a48783c6e3 100644
Binary files a/windows/keep-secure/images/rules-legend.png and b/windows/keep-secure/images/rules-legend.png differ
diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
index 76dd0c900d..73f0e86007 100644
--- a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
---
-title: View and organize the Windows Defender ATP machines view
-description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
+title: View and organize the Windows Defender ATP machines list
+description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the machine list which can enhance investigations.
keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
-# View and organize the Windows Defender ATP Machines view
+# View and organize the Windows Defender ATP Machines list
**Applies to:**
@@ -21,23 +21,23 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-The **Machines view** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
+The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
Use the Machines view in these main scenarios:
- **During onboarding**
- During the onboarding process, the **Machines view** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
+ During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
- **Day-to-day work**
- The **Machines view** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
+ The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
## Sort, filter, and download the list of machines from the Machines view
-You can sort the **Machines view** by clicking on any column header to sort the view in ascending or descending order.
+You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
-Filter the **Machines view** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
+Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
You can also download the entire list in CSV format using the **Export to CSV** feature.
-
+
You can use the following filters to limit the list of machines displayed during an investigation:
@@ -71,7 +71,7 @@ You can download a full list of all the machines in your organization, in CSV f
Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
## Sort the Machines view
-You can sort the **Machines view** by the following columns:
+You can sort the **Machines list** by the following columns:
- **Machine name** - Name or GUID of the machine
- **Last seen** - Date and time when the machine last reported sensor data
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index ac785c854a..c6d0f9dd37 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Windows Defender Advanced Threat Protection portal overview
description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
-keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, endpoint management, advanced attacks
+keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, preferences setup, endpoint management, advanced attacks
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
diff --git a/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
index 5d51de963a..1523930b5c 100644
--- a/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
@@ -27,6 +27,6 @@ Use the **Preferences setup** menu to modify general settings, advanced features
Topic | Description
:---|:---
[Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
-[Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
+[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features.
[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.
diff --git a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
index 9304e0ab7e..f1e4b41964 100644
--- a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
@@ -27,5 +27,5 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
-- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index af7b7f12d0..670143cd10 100644
--- a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -187,3 +187,9 @@ HTTP error code | Description
401 | Malformed request or invalid token.
403 | Unauthorized exception - any of the domains is not managed by the tenant administrator or tenant state is deleted.
500 | Error in the service.
+
+## Related topics
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
+- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 0d15caf8a1..26459e371e 100644
--- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -130,7 +130,7 @@ For prevalent files in the organization, a warning is shown before an action is
1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
– **Alerts** - Click the file links from the Description or Details in the Alert timeline
- – **Machines view** - Click the file links in the Description or Details columns in the Observed on machine section
+ – **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
– **Search box** - Select File from the drop–down menu and enter the file name
2. Open the **Actions** menu and select **Remove file from blocked list**.
@@ -175,7 +175,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
– Alerts - click the file links from the **Description** or **Details** in the Alert timeline
- – **Machines View** - click the file links from the **Description** or **Details** in the **Machine in organization** section
+ – **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section
– Search box - select **File** from the drop–down menu and enter the file name
2. In the **Deep analysis** section of the file view, click **Submit**.
diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index 7262eeac48..3918964ff2 100644
--- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -40,7 +40,7 @@ This machine isolation feature disconnects the compromised machine from the netw
- **Dashboard** - Select the machine name from the Top machines with active alerts section.
- **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- - **Machines view** - Select the machine name from the list of machines.
+ - **Machines list** - Select the machine name from the list of machines.
- **Search box** - Select Machine from the drop-down menu and enter the machine name.
2. Open the **Actions** menu and select **Isolate machine**.
@@ -102,7 +102,7 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag
- **Dashboard** - Select the machine name from the Top machines with active alerts section.
- **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- - **Machines view** - Select the heading of the machine name from the machines view.
+ - **Machines list** - Select the heading of the machine name from the machines list.
- **Search box** - Select Machine from the drop-down menu and enter the machine name.
2. Open the **Actions** menu and select **Collect investigation package**.
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index e95197be01..3a2b9f8868 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -45,7 +45,7 @@ Deployment with the above-mentioned versions of System Center Configuration Mana
If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
-If the onboarding completed successfully but the endpoints are not showing up in the **Machines view** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
+If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
## Troubleshoot onboarding when deploying with a script on the endpoint
@@ -119,7 +119,7 @@ ID | Severity | Event description | Troubleshooting steps
1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
## Troubleshoot onboarding issues on the endpoint
-If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines view an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
+If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index 23bb45e5bf..e614c969ca 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -45,7 +45,7 @@ Topic | Description
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
-[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
+[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take action on a machine or file to quickly respond to detected attacks.