Merge branch 'master' into user/tudobril/release-2008-1-mac

2025-05-15 06:47:21 +00:00 · 2020-09-29 08:20:24 -07:00 · 2020-09-29 08:20:24 -07:00 · 4f016ea0be
commit 4f016ea0be
parent 4888a7ed8a 22d29b30eb
9 changed files with 166 additions and 208 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -16439,6 +16439,11 @@
      "source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
      "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/hub/windows-10.yml",
+      "redirect_url": "https://docs.microsoft.com/windows/windows-10",
+      "redirect_document_id": false
    }
  ]
 }
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@ -1,4 +1,4 @@
-# [Windows 10](index.md)
+# [Windows 10](index.yml)
 ## [What's new](/windows/whats-new)
 ## [Release information](/windows/release-information)
 ## [Deployment](/windows/deployment)
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@ -1,68 +0,0 @@
---
-title: Windows 10
-description: Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10.
-ms.assetid: 345A4B4E-BC1B-4F5C-9E90-58E647D11C60
-ms.prod: w10
-ms.localizationpriority: high
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: dansimp
-author: dansimp
-ms.reviewer: dansimp
-manager: dansimp
---
-
-# Windows 10
-
-Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10.
-
-&nbsp;
-
-## Check out [what's new in Windows 10, version 2004](/windows/whats-new/whats-new-windows-10-version-2004).
-<br>
-<table border="0" width="100%" align="center">
-  <tr style="text-align:center;">
-    <td align="center" style="width:25%; border:0;">
-      <a href="/windows/whats-new/whats-new-windows-10-version-2004"> 
-        <img src="images/whatsnew.png" alt="Read what's new in Windows 10" title="Whats new" />
-      <br/>What's New? </a><br>
-    </td>
-     <td align="center">
-      <a href="/windows/configuration/index">
-        <img src="images/configuration.png" alt="Configure Windows 10 in your enterprise" title="Configure Windows 10" />
-      <br/>Configuration </a><br>
-    </td>
-    <td align="center">
-      <a href="/windows/deployment/index">
-        <img src="images/deployment.png" alt="Windows 10 deployment" title="Windows 10 deployment" />
-      <br/>Deployment </a><br>
-  </tr>
-  <tr style="text-align:center;">
-    <td align="center"><br>
-      <a href="/windows/application-management/index">
-        <img src="images/applicationmanagement.png" alt="Manage applications in your Windows 10 enterprise deployment" title="Application management" />
-      <br/>App Management </a>
-    </td>
-       <td align="center"><br>
-      <a href="/windows/client-management/index">
-        <img src="images/clientmanagement.png" alt="Windows 10 client management" title="Client management" />
-      <br/>Client Management </a>
-    </td>
-    <td align="center"><br>
-      <a href="/windows/security/index">
-        <img src="images/threatprotection.png" alt="Windows 10 security" title="W10 security" />
-      <br/>Security </a>
-  </tr>
-</table>
-
->[!TIP]
-> Looking for information about older versions of Windows? Check out our other [Windows libraries](/previous-versions/windows/) on docs.microsoft.com. You can also search this site to find specific information, like this [Windows 8.1 content](https://docs.microsoft.com/search/index?search=Windows+8.1&dataSource=previousVersions).
-
-## Get to know Windows as a Service (WaaS)
-
-The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers.
-
-These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
-  
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@ -0,0 +1,115 @@
+### YamlMime:Landing
+
+title: Windows 10 resources and documentation for IT Pros # < 60 chars
+summary: Plan, deploy, secure, and manage devices running Windows 10.  # < 160 chars
+
+metadata:
+  title: Windows 10 documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: Evaluate, plan, deploy, secure and manage devices running Windows 10. # Required; article description that is displayed in search results. < 160 chars.
+  services: windows-10
+  ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
+  ms.subservice: subservice
+  ms.topic: landing-page # Required
+  ms.collection: windows-10
+  author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
+  ms.author: greglin #Required; microsoft alias of author; optional team alias.
+  ms.date: 09/23/2020 #Required; mm/dd/yyyy format.
+  localization_priority: medium
+    
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card (optional)
+  - title: What's new
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What's new in Windows 10, version 2004
+            url: /windows/whats-new/whats-new-windows-10-version-2004
+          - text: What's new in Windows 10, version 1909
+            url: /windows/whats-new/whats-new-windows-10-version-1909
+          - text: What's new in Windows 10, version 1903
+            url: /windows/whats-new/whats-new-windows-10-version-1903
+          - text: Windows 10 release information
+            url:  https://docs.microsoft.com/windows/release-information/
+
+  # Card (optional)
+  - title: Configuration
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Configure Windows 10
+            url: /windows/configuration/index
+          - text: Accesasibility information for IT Pros
+            url: /windows/configuration/windows-10-accessibility-for-itpros
+          - text: Configure access to Microsoft Store
+            url: /windows/configuration/stop-employees-from-using-microsoft-store
+          - text: Set up a shared or guest PC
+            url: /windows/configuration/set-up-shared-or-guest-pc
+
+  # Card (optional)
+  - title: Deployment
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: Deploy and update Windows 10
+            url: /windows/deployment/index
+          - text: Windows 10 deployment scenarios
+            url: /windows/deployment/windows-10-deployment-scenarios
+          - text: Create a deployment plan
+            url: /windows/deployment/update/create-deployment-plan
+          - text: Prepare to deploy Windows 10
+            url: /windows/deployment/update/prepare-deploy-windows
+
+ 
+  # Card
+  - title: App management
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Windows 10 application management
+            url: /windows/application-management/index
+          - text: Understand the different apps included in Windows 10
+            url: /windows/application-management/apps-in-windows-10
+          - text: Get started with App-V for Windows 10
+            url:  /windows/application-management/app-v/appv-getting-started
+          - text: Keep removed apps from returning during an update
+            url:  /windows/application-management/remove-provisioned-apps-during-update
+
+  # Card
+  - title: Client management
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Windows 10 client management
+            url: /windows/client-management/index
+          - text: Administrative tools in Windows 10
+            url: /windows/client-management/administrative-tools-in-windows-10
+          - text: Create mandatory user profiles
+            url: /windows/client-management/mandatory-user-profile
+          - text: New policies for Windows 10
+            url: /windows/client-management/new-policies-for-windows-10
+
+  # Card (optional)
+  - title: Security and Privacy
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Windows 10 Enterprise Security
+            url: /windows/security/index
+          - text: Windows Privacy
+            url: /windows/privacy/index
+          - text: Identity and access management
+            url: /windows/security/identity-protection/index
+          - text: Threat protection
+            url: /windows/security/threat-protection/index
+          - text: Information protection
+            url: /windows/security/information-protection/index
+          - text: Required diagnostic data
+            url: /windows/privacy/required-windows-diagnostic-data-events-and-fields-2004
+          - text: Optional diagnostic data
+            url: /windows/privacy/windows-diagnostic-data
+          - text: Changes to Windows diagnostic data collection
+            url: /windows/privacy/changes-to-windows-diagnostic-data-collection
--- a/windows/hub/windows-10.yml
+++ b/windows/hub/windows-10.yml
@ -1,77 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Windows 10
-metadata:
-  title: Windows 10
-  description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-  keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
-  ms.localizationpriority: medium
-  author: lizap
-  ms.author: elizapo
-  manager: dougkim
-  ms.topic: article
-  ms.devlang: na
-
-sections:
- items:
-  - type: markdown
-    text: "
-      Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. 
-      "  
- title: Explore
- items:
-  - type: markdown
-    text: "
-      Get started with Windows 10. Evaluate free for 90 days and set up virtual labs to test a proof of concept.<br> 
-      <table><tr><td><img src='images/explore1.png' width='192' height='192'><br>**Download a free 90-day evaluation**<br>Try the latest features. Test your apps, hardware, and deployment strategies.<br><a href='https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise'>Start evaluation</a></td><td><img src='images/explore2.png' width='192' height='192'><br>**Get started with virtual labs**<br>Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.<br><a href='https://www.microsoft.com/en-us/itpro/windows-10/virtual-labs'>See Windows 10 labs</a></td><td><img src='images/explore3.png' width='192' height='192'><br>**Conduct a proof of concept**<br>Download a lab environment with MDT, Configuration Manager, Windows 10, and more.<br><a href='https://go.microsoft.com/fwlink/p/?linkid=861441'>Get deployment kit</a></td></tr>
-      </table>
-      "
- title: What's new
- items:
-  - type: markdown
-    text: "
-      Learn about the latest releases and servicing options.<br> 
-      <table><tr><td><img src='images/land-new.png'></td><td><a href='https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809'>What's new in Windows 10, version 1809</a><br><a href='https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803'>What's new in Windows 10, version 1803</a><br><a href='https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709'>What's new in Windows 10, version 1709</a><br><a href='https://docs.microsoft.com/windows/windows-10/release-information'>Windows 10 release information</a><br><a href='https://support.microsoft.com/help/12387/windows-10-update-history'>Windows 10 update history</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861443'>Windows 10 roadmap</a></td></tr>
-      </table>
-      "
- title: Frequently asked questions
- items:
-  - type: markdown
-    text: "
-      Get answers to common questions, or get help with a specific problem.<br> 
-      <table><tr><td><a href='https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro'>Windows 10 FAQ for IT Pros</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861444'>Windows 10 forums</a><br><a href='https://techcommunity.microsoft.com/t5/Windows-10/bd-p/Windows10space'>Windows 10 TechCommunity</a><br><a href='https://go.microsoft.com/fwlink/p/?linkid=861445'>Which edition is right for your organization?</a><br><a href='https://docs.microsoft.com/windows/deployment/planning/windows-10-infrastructure-requirements'>Infrastructure requirements</a><br><a href='https://www.microsoft.com/itpro/windows-10/windows-as-a-service'>What's Windows as a service?</a><br><a href='https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm'>Windows 10 Mobile deployment and management guide</a></td><td><img src='images/faq.png'></td></tr>
-      </table>
-      "
- title: Plan
- items:
-  - type: markdown
-    text: "
-      Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options. <br> 
-      <table><tr><td><img src='images/plan1.png' width='192' height='192'><br>**Application compatibility**<br>Get best practices and tools to help you address compatibility issues prior to deployment.<br><a href='https://www.readyforwindows.com/'>Find apps that are ready for Windows 10.</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness'>Identify and prioritize apps with Upgrade Readiness</a><br><a href='https://technet.microsoft.com/microsoft-edge/mt612809.aspx'>Test, validate, and implement with the Web Application Compatibility Lab Kit</a></td><td><img src='images/plan2.png' width='192' height='192'><br>**Upgrade options**<br>Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades'>Manage Windows upgrades with Upgrade Readiness</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths'>Windows 10 upgrade paths</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/windows-10-edition-upgrades'>Windows 10 edition upgrades</a></td><td><img src='images/plan3.png' width='192' height='192'><br>**Windows as a service**<br>Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.<br><a href='https://docs.microsoft.com/windows/deployment/update/windows-as-a-service'>Explore</a></td></tr>
-      </table>
-      "
- title: Deploy
- items:
-  - type: markdown
-    text: "
-      Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.<br> 
-      <table><tr><td><img src='images/deploy1.png' width='192' height='192'><br>**In-place upgrade**<br>The simplest way to upgrade PCs that are currently running WIndows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.<br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager'>Upgrade to Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit'>Upgrade to Windows 10 with MDT</a></td><td><img src='images/deploy2.png' width='192' height='192'><br>**Traditional deployment**<br>Some organizations may still need to opt for an image-based deployment of Windows 10.<br><a href='https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems'>Deploy Windows 10 with Configuration Manager</a><br><a href='https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit'>Deploy Windows 10 with MDT</a></td></tr><tr><td><img src='images/deploy3.png' width='192' height='192'><br>**Dynamic provisioning**<br>With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.<br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages'>Provisioning packages for Windows 10</a><br><a href='https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package'>Build and apply a provisioning package</a><br><a href='https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd'>Customize Windows 10 start and the taskbar</a></td><td><img src='images/deploy4.png' width='192' height='192'><br>**Other deployment scenarios**<br>Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.<br><a href='https://docs.microsoft.com/education/windows/'>Windows deployment for education environments</a><br><a href='https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc'>Set up a shared or guest PC with Windows 10</a><br><a href='https://docs.microsoft.com/windows/application-management/sideload-apps-in-windows-10'>Sideload apps in Windows 10</a></td></tr>
-      </table>
-      "
- title: Management and security
- items:
-  - type: markdown
-    text: "
-      Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.<br> 
-      <table><tr><td><img src='images/manage1.png' width='192' height='192'><br>**Manage Windows 10 updates**<br>Get best practices and tools to help you manage clients and apps.<br><a href='https://docs.microsoft.com/windows/client-management/'>Manage clients in Windows 10</a><br><a href='https://docs.microsoft.com/windows/application-management/'>Manage apps and features in Windows 10</a></td><td><img src='images/manage2.png' width='192' height='192'><br>**Security**<br>Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.<br><a href='https://docs.microsoft.com/windows/security/index'>Windows 10 enterprise security</a><br><a href='https://docs.microsoft.com/windows/security/threat-protection'>Threat protection</a><br><a href='https://docs.microsoft.com/windows/access-protection'>Identity protection</a><br><a href='https://docs.microsoft.com/windows/security/information-protection'>Information protection</a></td></tr>
-      </table>
-      "
- title: Stay informed
- items:
-  - type: markdown
-    text: "
-      Stay connected with Windows 10 experts, your colleagues, business trends, and IT pro events.<br>
-      <table><tr><td><img src='images/insider.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Find out about new resources and get expert tips and tricks on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Follow us on Twitter**<br>Keep up with the latest desktop and device trends, Windows news, and events for IT pros.<br><a href='https://twitter.com/MSWindowsITPro'>Visit Twitter</a></td><td><img src='images/wip4biz.png' width='192' height='192'><br>**Join the Windows Insider Program for Business**<br>Get early access to new builds and provide feedback on the latest features and functionalities.<br><a href='https://insider.windows.com/ForBusiness'>Get started</a></td></tr>
-      </table>
-      "
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@ -14,7 +14,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.reviewer: ramarom, evaldm, isco, mabraitm
+ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
+ms.date: 09/24/2020
 ---

 # View details and results of automated investigations
@ -22,7 +23,7 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


-During and after an automated investigation, certain remediation actions can be identified. Depending on the threat and how [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP) is configured for your organization, some remediation actions are taken automatically. 
+During and after an automated investigation, certain remediation actions can be identified. Depending on the threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically. 

 If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center** ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)). You can also use the **Investigations** page ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)) to view details about an investigation.

@ -164,5 +165,5 @@ When you click on the pending actions link, you'll be taken to the Action center

 - [View and approve remediation actions](manage-auto-investigation.md)

- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide)
 
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@ -1,22 +1,23 @@
 ---
 title: Use automated investigations to investigate and remediate threats
-description: Understand the automated investigation flow in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
-keywords: automated, investigation, detection, source, threat types, id, tags, devices, duration, filter export
+description: Understand the automated investigation flow in Microsoft Defender for Endpoint.
+keywords: automated, investigation, detection, source, threat types, id, tags, devices, duration, filter export, defender atp
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
+ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: deniseb
 author: denisebmsft
-ms.date: 09/03/2020
+ms.date: 09/28/2020
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.reviewer: ramarom, evaldm, isco, mabraitm
+ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ms.custom: AIR
 ---

@ -27,16 +28,16 @@ ms.custom: AIR

 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bOeh]

-Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) offers a wide breadth of visibility on multiple devices. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. To address this challenge, and to reduce the volume of alerts that must be investigated individually,  Microsoft Defender ATP includes automated investigation and remediation capabilities. 
+Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation capabilities that can help your security operations team address threats more efficiently and effectively. 

-Automated investigation leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. Automated investigation and remediation capabilities significantly reduce alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. The **Automated investigations** list shows all the investigations that were initiated automatically, and includes details, such as status, detection source, and when each investigation was initiated.
+Automated investigation uses various inspection algorithms and processes used by analysts to examine alerts and take immediate action to resolve breaches. These capabilities significantly reduce alert volume, allowing security operations to focus on more sophisticated threats and other high-value initiatives. The [Action center](auto-investigation-action-center.md) keeps track of all the investigations that were initiated automatically, along with details, such as investigation status, detection source, and any pending or completed actions.

 > [!TIP]
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)

 ## How the automated investigation starts

-When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender ATP checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation.
+When an alert is triggered, a security playbook goes into effect. Depending on the security playbook, an automated investigation can start. For example, suppose a malicious file resides on a device. When that file is detected, an alert is triggered, and the automated investigation process begins. Microsoft Defender for Endpoint checks to see if the malicious file is present on any other devices in the organization. Details from the investigation, including verdicts (*Malicious*, *Suspicious*, and *No threats found*) are available during and after the automated investigation.

 >[!NOTE]
 >Currently, automated investigation only supports the following OS versions:
@ -51,15 +52,15 @@ During and after an automated investigation, you can view details about the inve

 |Tab |Description |
 |--|--|
-|**Alerts**| Shows the alert that started the investigation.|
-|**Devices** |Shows where the alert was seen.|
-|**Evidence** |Shows the entities that were found to be malicious during the investigation.|
-|**Entities** |Provides details about each analyzed entity, including a determination for each entity type (*Malicious*, *Suspicious*, or *No threats found*). |
-|**Log** |Shows the chronological detailed view of all the investigation actions taken on the alert.|
+|**Alerts**| The alert(s) that started the investigation.|
+|**Devices** |The device(s) where the threat was seen.|
+|**Evidence** |The entities that were found to be malicious during an investigation.|
+|**Entities** |Details about each analyzed entity, including a determination for each entity type (*Malicious*, *Suspicious*, or *No threats found*). |
+|**Log** |The chronological, detailed view of all the investigation actions taken on the alert.|
 |**Pending actions** |If there are any actions awaiting approval as a result of the investigation, the **Pending actions** tab is displayed. On the **Pending actions** tab, you can approve or reject each action. |

 > [!IMPORTANT]
-> Go to the **Action center** to get an aggregated view all pending actions and manage remediation actions. The **Action center** also acts as an audit trail for all automated investigation actions. 
+> Go to the **[Action center](auto-investigation-action-center.md)** to get an aggregated view all pending actions and manage remediation actions. The **Action center** also acts as an audit trail for all automated investigation actions. 

 ## How an automated investigation expands its scope

@ -69,48 +70,48 @@ If an incriminated entity is seen in another device, the automated investigation

 ## How threats are remediated

-Depending on how you set up the device groups and their level of automation, each automated investigation either requires user approval (default) or automatically remediates threats.
+Depending on how you set up the device groups and their level of automation, each automated investigation either requires user approval (default) or automatically takes action to remediate threats.

 > [!NOTE]
-> Microsoft Defender ATP tenants created on or after August 16, 2020 have **Full - remediate threats automatically** selected by default. You can keep the default setting, or change it according to your organizational needs. To change your settings, [adjust your device group settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).
+> Microsoft Defender for Endpoint tenants created on or after August 16, 2020 have **Full - remediate threats automatically** selected by default. You can keep the default setting, or change it according to your organizational needs. To change your settings, [adjust your device group settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).

 You can configure the following levels of automation:

 |Automation level | Description|
 |---|---|
-|**Full - remediate threats automatically** | All remediation actions are performed automatically.<br/><br/>***This option is recommended** and is selected by default for Microsoft Defender ATP tenants that were created on or after August 16, 2020, and that have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.*|
-|**Semi - require approval for core folders remediation** | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br/><br/> Files or executables in all other folders are automatically remediated, if needed.|
-|**Semi - require approval for non-temp folders remediation** | An approval is required on files or executables that are not in temporary folders. <br/><br/> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, are automatically be remediated (if needed).|
-|**Semi - require approval for any remediation** | An approval is needed for any remediation action. <br/><br/>*This option is selected by default for Microsoft Defender ATP tenants that were created before August 16, 2020, and that have no device groups defined. <br/>If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*|
-|**No automated response** | Devices do not get any automated investigations run on them. <br/><br/>***This option is not recommended**, because it fully disables automated investigation and remediation capabilities, and reduces the security posture of your organization's devices.* |
+|**Full - remediate threats automatically** | All remediation actions are performed automatically. Remediation actions that were taken can be viewed in the [Action Center](auto-investigation-action-center.md), on the **History** tab.<br/><br/>***This option is recommended** and is selected by default for tenants that were created on or after August 16, 2020 with Microsoft Defender for Endpoint, with no device groups defined yet.* <br/><br/>*If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Full - remediate threats automatically**.* |
+|**Semi - require approval for core folders remediation** | Approval is required for remediation actions on files or executables that are in core folders. Pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md). <br/><br/>Remediation actions can be taken automatically on files or executables that are in other (non-core) folders. Core folders include operating system directories, such as the **Windows** (`\windows\*`). |
+|**Semi - require approval for non-temp folders remediation** | Approval is required for remediation actions on files or executables that are not in temporary folders. Pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md).<br/><br/> Remediation actions can be taken automatically on files or executables that are in temporary folders. Temporary folders can include the following examples: <br/>- `\users\*\appdata\local\temp\*`<br/>- `\documents and settings\*\local settings\temp\*` <br/>- `\documents and settings\*\local settings\temporary\*`<br/>- `\windows\temp\*`<br/>- `\users\*\downloads\*`<br/>- `\program files\` <br/>- `\program files (x86)\*`<br/>- `\documents and settings\*\users\*` |
+|**Semi - require approval for any remediation** | Approval is required for any remediation action. Pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md).<br/><br/>*This option is selected by default for tenants that were created before August 16, 2020 with Microsoft Defender ATP, with no device groups defined.*<br/><br/>*If you do have a device group defined, you will also have a device group called **Ungrouped devices (default)**, which will be set to **Semi - require approval for any remediation**.*|
+|**No automated response** | Automated investigation does not run on your organization's devices. As a result, no remediation actions are taken or pending as a result of automated investigation. <br/><br/>***This option is not recommended**, because it reduces the security posture of your organization's devices. [Consider setting up or changing your device groups to use **Full** or **Semi** automation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups)* |


 > [!IMPORTANT]
 > Regarding automation levels and default settings:
-> - If your tenant already has device groups defined, the automation level settings are not changed for those device groups.
-> - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**.
-> - If your tenant was onboarded to Microsoft Defender ATP *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. 
-> - If your tenant was onboarded to Microsoft Defender ATP *on or after* August 16, 2020, and you have not defined a device group, your orgnaization's default setting is **Full - remediate threats automatically**.
-> - If your tenant was onboarded to Microsoft Defender ATP *on or after* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Full - remediate threats automatically**.
+> - If your tenant already has device groups defined, then the automation level settings are not changed for those device groups.
+> - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**.
+> - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. 
+> - If your tenant was onboarded to Microsoft Defender for Endpoint *on or after* August 16, 2020, and you have not defined a device group, your orgnaization's default setting is **Full - remediate threats automatically**.
+> - If your tenant was onboarded to Microsoft Defender for Endpoint *on or after* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Full - remediate threats automatically**.
 > - To change an automation level, **[edit your device groups](configure-automated-investigations-remediation.md#set-up-device-groups)**.


 ### A few points to keep in mind

- Your level of automation is determined by your device group settings. See [Set up device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).
+- Your level of automation is determined by your device group settings. To learn more, see [Set up device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups).

- If your Microsoft Defender ATP tenant was created before August 16, 2020, you have a default device group that is configured for semi-automatic remediation. Any malicious entity that calls for remediation requires an approval and the investigation is added to the **Pending actions** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center). You can configure your device groups to use full automation so that no user approval is needed. 
+- If your Microsoft Defender for Endpoint tenant was created before August 16, 2020, then you have a default device group that is configured for semi-automatic remediation. In this case, some or all remediation actions for malicious entities require approval. Such actions are listed on the **Pending actions** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center). You can set your [device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation#set-up-device-groups) to use full automation so that no user approval is needed. 

- If your Microsoft Defender ATP tenant was created on or after August 16, 2020, you have a default device group that is configured for full automation. Remediation actions are taken automatically for entities that are considered to be malicious. Remediation actions that were taken can be viewed on the **History** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center).
+- If your Microsoft Defender for Endpoint tenant was created on or after August 16, 2020, then you have a default device group that is configured for full automation. In this case, remediation actions are taken automatically for entities that are considered to be malicious. Such actions are listed on the **History** tab in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center#the-action-center).

 ## Next steps

 - [Learn about the automated investigations dashboard](manage-auto-investigation.md)

- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender for Endpoint](https://aka.ms/MDATP-IR-Interactive-Guide)

 ## See also

- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
+- [Automated investigation and response in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)

- [Automated investigation and response in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)
+- [Automated investigation and response in Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-autoir)
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
@ -1,10 +1,11 @@
 ---
 title: Configure automated investigation and remediation capabilities
-description: Set up your automated investigation and remediation capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
+description: Set up your automated investigation and remediation capabilities in Microsoft Defender for Endpoint.
 keywords: configure, setup, automated, investigation, detection, alerts, remediation, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
+ms.technology: windows
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@ -14,20 +15,21 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: conceptual
-ms.reviewer: ramarom, evaldm, isco, mabraitm
+ms.topic: article
+ms.date: 09/24/2020
+ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 ---

-# Configure automated investigation and remediation capabilities in Microsoft Defender Advanced Threat Protection
+# Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint

 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]


 **Applies to**

- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)

-If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
+If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 

 To configure automated investigation and remediation, you [turn on the features](#turn-on-automated-investigation-and-remediation), and then you [set up device groups](#set-up-device-groups).

--- a/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
+++ b/windows/security/threat-protection/windows-defender-security-center/oldTOC.md
@ -1,21 +0,0 @@
---
-ms.author: dansimp
-author: dansimp
-ms.prod: w10
-title: The Microsoft Defender Security Center app
---
-
-# [The Microsoft Defender Security Center app](windows-defender-security-center.md)
-
-## [Customize the Microsoft Defender Security Center app for your organization](wdsc-customize-contact-information.md)
-## [Hide Microsoft Defender Security Center app notifications](wdsc-hide-notifications.md)
-## [Manage Microsoft Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md)
-## [Virus and threat protection](wdsc-virus-threat-protection.md)
-## [Account protection](wdsc-account-protection.md)
-## [Firewall and network protection](wdsc-firewall-network-protection.md)
-## [App and browser control](wdsc-app-browser-control.md)
-## [Device security](wdsc-device-security.md)
-## [Device performance and health](wdsc-device-performance-health.md)
-## [Family options](wdsc-family-options.md)
-
-