Removing duplicate headings from TOC (#639)

* first pass

* second pass

* fixed typo

* remove dups

* remove topics rename titles

* updates

* worked on threatprotection toc to match

* fixed broken links

* test

* update toc items

* fix warnings

* update

* update levels

* skip

* update toc title

windows/security/threat-protection/TOC.md

@@ -1,436 +1,492 @@
 # [Threat protection](index.md)
 
-## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
+## [Overview]()
+### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
+### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
+### [Attack surface reduction]()
+#### [Hardware-based isolation]()
+##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
 
-### [Overview](microsoft-defender-atp/overview.md)
+##### [Application isolation]()
-#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
+###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
-##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md)
+###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
-###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
-####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
-###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
-##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
-##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
-##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
-##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
-##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
-#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
-##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
 
-##### [Incidents queue](microsoft-defender-atp/incidents-queue.md)
+##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
-###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
-###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
-###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
 
+#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
+#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
+#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
+#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
+#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
+#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
 
+### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
 
-##### Alerts queue
+### [Endpoint detection and response]()
-###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
-###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
-###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+
-###### [Investigate files](microsoft-defender-atp/investigate-files.md)
+#### [Incidents queue]()
-###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
-###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
-###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
-###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
+
+#### [Alerts queue]()
+##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
+##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
+##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
+##### [Investigate files](microsoft-defender-atp/investigate-files.md)
+##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
+##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
+##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
+##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
  
-##### Machines list
+#### [Machines list]()
-###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
+##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
-###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
+##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
-###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
+##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
-###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline)
-####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
-####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
-####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
-####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
 
+##### [Machine timeline]()
+###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline)
+###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
+###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
+###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
+###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
 
-##### [Take response actions](microsoft-defender-atp/response-actions.md)
+#### [Take response actions]()
-###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md)
+##### [Take response actions on a machine]()
-####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
+###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
-####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
+###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
-####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
+###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
-####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
+###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
-####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
-####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
+###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
+###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
 ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
  
-###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md)
+##### [Take response actions on a file]()
-####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
+###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
-####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
+###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
+###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
-####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
+###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
-####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
+###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
-####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
+###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
-####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
-####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
+###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
+###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
 ####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
- 
-###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md)
-#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
 
-#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
+##### [Investigate entities using Live response]()
-##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
+###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
+######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
+
+### [Automated investigation and remediation]()
+#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
+#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
 #####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
 
+### [Secure score](microsoft-defender-atp/overview-secure-score.md)
+### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
 
-#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
+### [Advanced hunting]()
-#### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
+#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
+#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
+##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
+##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
 
-#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
+#### [Custom detections]()
-##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
+##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
-###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
+##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
-###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
-##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
-###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
 
- 
+#### [Management and APIs]()
-
+##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
-#### [Management and APIs](microsoft-defender-atp/management-apis.md)
 ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
 ##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
 ##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
 
-#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md)
+#### [Integrations]()
+##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
 #####  [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
 ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
-##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md)
+
-###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
+#### [Information protection in Windows overview]()
+##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
+##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
+
+### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
+
+### [Portal overview](microsoft-defender-atp/portal-overview.md)
 
 
+## [Get started]()
+### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
+### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
+### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
+### [Preview features](microsoft-defender-atp/preview.md)
+### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
+### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
 
-#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
+### [Evaluate Microsoft Defender ATP]()
-
+#### [Attack surface reduction and next-generation capability evaluation]()
-
+##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
-
+##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-#### [Portal overview](microsoft-defender-atp/portal-overview.md)
+##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-
+##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
-
+##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
-
+##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
-### [Get started](microsoft-defender-atp/get-started.md)
+##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
+##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
-#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
-#### [Preview features](microsoft-defender-atp/preview.md)
-#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
-#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
-
-#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md)
-#####Evaluate attack surface reduction
-###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
-###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
-###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
-###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
-###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
 ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
-#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
+### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
 
-### [Configure and manage capabilities](microsoft-defender-atp/onboard.md)
+## [Configure and manage capabilities]()
-#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md)
+### [Configure attack surface reduction]()
-#####Hardware-based isolation
+#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
-###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
-###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
-####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md) 
-##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-##### Device control
-###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
-###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
-######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
-##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
-###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
-##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
-##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
-##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
-###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
-##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
 
+#### [Hardware-based isolation]()
+##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
 
+##### [Application isolation]()
+###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
+###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
 
-#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
-##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
-###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
-###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
-###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
-###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
-###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
-###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
-##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
-##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
-###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
 
-##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+#### [Device control]()
-###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
-####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
-###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
-####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
-###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
-####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
-####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
-####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
-####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
-####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
 
-##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+##### [Device Guard]()
-###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+
-####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Memory integrity]()
-####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md)
-###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
-###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
-###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+
-###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+#### [Exploit protection]()
-###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
-###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+
+#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
+#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
+
+#### [Attack surface reduction controls]()
+##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
+##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
+#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
+
+### [Configure next generation protection]()
+#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
+##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
+##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
+##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
+##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
+
+#### [Configure behavioral, heuristic, and real-time protection]()
+##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
+##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+
+#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
+
+#### [Antivirus compatibility]()
+##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
+
+#### [Deploy, manage updates, and report on antivirus]()
+##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
+
+##### [Report on antivirus protection]()
+###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
+
+##### [Manage updates and apply baselines]()
+###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
+###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
+###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
+###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
+###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+#### [Customize, initiate, and review the results of scans and remediation]()
+##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+##### [Configure and validate exclusions in antivirus scans]()
+###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
+##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+
+#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+
+#### [Manage antivirus in your business]()
+##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+
+#### [Manage scans and remediation]()
+##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+##### [Configure and validate exclusions in antivirus scans]()
+###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
+##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+
+#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
 ##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
-##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+#### [Manage next generation protection in your business]()
-###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
+##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
-####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
+##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
-####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
-###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
+##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
-###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
+##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
-###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
+##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
-###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
+
-###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
+### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
-###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
+
-###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
+### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
-##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+
-###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
+### [Management and API support]()
-###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
+#### [Onboard devices to the service]()
-###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
+##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
-###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
+##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
-###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
+##### [Onboard Windows 10 machines]()
+###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
+###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
+###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
+###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
+###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
+###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
+
+##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
+##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
+##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
+##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
+##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
+##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
+
+##### [Troubleshoot onboarding issues]()
+###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
+###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
+
+#### [Microsoft Defender ATP API]()
+##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
+##### [Get started with Microsoft Defender ATP APIs]()
+###### [Introduction](microsoft-defender-atp/apis-intro.md)
+###### [Hello World](microsoft-defender-atp/api-hello-world.md)
+###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
+###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
+
+##### [APIs]()
+###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md)
+###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
+
+###### [Alert]()
+####### [Alert methods and properties](microsoft-defender-atp/alerts.md)
+####### [List alerts](microsoft-defender-atp/get-alerts.md)
+####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
+####### [Update Alert](microsoft-defender-atp/update-alert.md)
+####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
+####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
+####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
+####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
+####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
+####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
+
+###### [Machine]()
+####### [Machine methods and properties](microsoft-defender-atp/machine.md)
+####### [List machines](microsoft-defender-atp/get-machines.md)
+####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
+####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
+####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
+####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
+####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
+
+###### [Machine Action]()
+####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md)
+####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
+####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
+####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
+####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
+####### [Isolate machine](microsoft-defender-atp/isolate-machine.md)
+####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
+####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
+####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
+####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
+####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
+####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
+####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
+
+###### [Indicators]()
+####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
+####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
+####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
+####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
+
+###### [Domain]()
+####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
+####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
+####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
+####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
+
+###### [File]()
+####### [File methods and properties](microsoft-defender-atp/files.md)
+####### [Get file information](microsoft-defender-atp/get-file-information.md)
+####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
+####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
+####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
+
+###### [IP]()
+####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
+####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
+####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
+####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
+
+###### [User]()
+####### [User methods](microsoft-defender-atp/user.md)
+####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
+####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
+
+##### [How to use APIs - Samples]()
+###### [Advanced Hunting API]()
+####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
+####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
+####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
+####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
+
+###### [Multiple APIs]()
+####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
+
+###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
+
+#### [Windows updates (KB) info]()
+##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
+
+#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
+##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
+
+#### [API for custom alerts (Deprecated)]()
+##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
+##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
+##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
+##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
+##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
+##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
+
+#### [Pull alerts to your SIEM tools]()
+##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md)
+##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
+##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
+##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
+##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
+##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
+##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
+
+#### [Reporting]()
+##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
+##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
+##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
+
+#### [Interoperability]()
+##### [Partner applications](microsoft-defender-atp/partner-applications.md)
+
+#### [Role-based access control]()
+##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+##### [Create and manage machine groups]()
+###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
+###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
+
+#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
+
+### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
+
+### [Configure Microsoft threat protection integration]()
+#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
+#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
+#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
+
+### [Configure portal settings]()
+#### [General]()
+##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
+##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
+##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
+##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
+##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
+
+#### [Permissions]()
+##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
+##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
+###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
+###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
+####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
+
+#### [APIs]()
+##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
+##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
+  
+#### [Rules]()
+##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
+##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
+##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
+##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
+##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
+  
+#### [Machine management]()
+##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
+##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
+  
+#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
 
 
-#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) 
+## [Troubleshoot Microsoft Defender ATP]()
+### [Troubleshoot sensor state]()
+#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
+#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
+#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
+#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
+#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
 
+### [Troubleshoot Microsoft Defender ATP service issues]()
+#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
+#### [Check service health](microsoft-defender-atp/service-status.md)
 
-#### Management and API support
+### [Troubleshoot live response issues]()
-##### [Onboard machines](microsoft-defender-atp/onboard-configure.md)
+#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
-###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
-###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md)
-####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
-####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
-####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
-######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
-####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
-####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
-###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
-###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
-###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
-###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
-###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
-###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
-###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md)
-####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
-   
-##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md)
-###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
-###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
-####### [Hello World](microsoft-defender-atp/api-hello-world.md)
-####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
-####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
-###### [APIs](microsoft-defender-atp/exposed-apis-list.md)
 
-####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
+### [Troubleshoot attack surface reduction]()
-
+#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
-####### [Alert](microsoft-defender-atp/alerts.md)
+#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
-######## [List alerts](microsoft-defender-atp/get-alerts.md)
-######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
-######## [Update Alert](microsoft-defender-atp/update-alert.md)
-######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
-######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
-######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
-######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
-######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
-######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
-
-####### [Machine](microsoft-defender-atp/machine.md)
-######## [List machines](microsoft-defender-atp/get-machines.md)
-######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
-######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
-######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
-######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
-######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
-
-####### [Machine Action](microsoft-defender-atp/machineaction.md)
-######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
-######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
-######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
-######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
-######## [Isolate machine](microsoft-defender-atp/isolate-machine.md)
-######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
-######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
-######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
-######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
-######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
-######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
-######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
-
-####### [Indicators](microsoft-defender-atp/ti-indicator.md)
-######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
-######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
-######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
-
-####### Domain
-######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
-######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
-######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
-######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
-
-####### [File](microsoft-defender-atp/files.md)
-######## [Get file information](microsoft-defender-atp/get-file-information.md)
-######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
-######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
-######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
-
-####### IP
-######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
-######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
-######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
-######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
-
-####### [User](microsoft-defender-atp/user.md)
-######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
-######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
-
-
-###### How to use APIs - Samples
-####### Advanced Hunting API
-######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
-######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
-######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
-######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
-####### Multiple APIs
-######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
-####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
-
-
-#####Windows updates (KB) info
-###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
-#####Common Vulnerabilities and Exposures (CVE) to KB map
-###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
  
-
+### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
-##### API for custom alerts (Deprecated)
-###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
-###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
-###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
-###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
-###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
-###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
-###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
- 
-
-##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md)
-###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
-###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
-###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
-###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
-###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
 
 
-##### Reporting
-###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
-###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
-###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
-
-##### Interoperability
-###### [Partner applications](microsoft-defender-atp/partner-applications.md)
-
-
-##### Role-based access control
-###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
-####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
-####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
-######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
-
-
-##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
-
-
-#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
-
-
-
-#### Configure Microsoft threat protection integration
-##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
-##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
-##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
-
-
-
-
-#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md)
-##### General
-###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
-###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
-###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
-###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
-###### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
-  
-##### Permissions
-###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
-###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
-####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
-####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
-######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
-  
-##### APIs
-###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
-###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
-  
-#####Rules
-###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
-###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
-###### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
-###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
-###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
-  
-#####Machine management
-###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
-###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
-  
-##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
-  
-
-### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md)
-####Troubleshoot sensor state
-##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
-##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
-##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
-##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
-##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
-
-#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
-##### [Check service health](microsoft-defender-atp/service-status.md)
-
-
-#### [Troubleshoot live response issues]()
-##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
-
-
-####Troubleshoot attack surface reduction
-##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
-##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
- 
-#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
 
 ## [Security intelligence](intelligence/index.md)
 ### [Understand malware & other threats](intelligence/understanding-malware.md)

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md

@@ -1,5 +1,5 @@
 ---
-title: Onboard Windows 10 machines on Microsoft Defender ATP
+title: Onboarding tools and methods for Windows 10 machines
 description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
 keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
 search.product: eADQiWindows 10XVcnh
@@ -15,10 +15,9 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 07/12/2018
 ---
 
-# Onboard Windows 10 machines
+# Onboarding tools and methods for Windows 10 machines
 
 **Applies to:**
 

windows/security/threat-protection/microsoft-defender-atp/oldTOC.md

@@ -1,7 +1,9 @@
 # [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
 
-## [Overview](overview.md)
+## [Overview]()
-### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+### [Overview of Microsoft Defender ATP capabilities](overview.md)
+### [Threat & Vulnerability Management]()
+#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
 #### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
 #### [Exposure score](tvm-exposure-score.md)
 #### [Configuration score](configuration-score.md)
@@ -12,29 +14,39 @@
 #### [Scenarios](threat-and-vuln-mgt-scenarios.md)
 
 
-### [Attack surface reduction](overview-attack-surface-reduction.md)
+### [Attack surface reduction]()
-#### [Hardware-based isolation](overview-hardware-based-isolation.md)
+#### [Hardware-based isolation]()
-##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
+##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
+
+##### [Application isolation]()
+###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
 ###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
+
 ##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
-#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
+
+#### [Application control]()
+##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
+
 #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
 #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
 #### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
 #### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
+
+
 ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
-### [Endpoint detection and response](overview-endpoint-detection-response.md)
+
+
+### [Endpoint detection and response]()
+#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
 #### [Security operations dashboard](security-operations-dashboard.md)
 
-
+#### [Incidents queue]()
-#### [Incidents queue](incidents-queue.md)
 ##### [View and organize the Incidents queue](view-incidents-queue.md)
 ##### [Manage incidents](manage-incidents.md)
 ##### [Investigate incidents](investigate-incidents.md)
 
-
+#### [Alerts queue]()
-#### Alerts queue
 ##### [View and organize the Alerts queue](alerts-queue.md)
 ##### [Manage alerts](manage-alerts.md)
 ##### [Investigate alerts](investigate-alerts.md)
@@ -44,16 +56,18 @@
 ##### [Investigate a domain](investigate-domain.md)
 ##### [Investigate a user account](investigate-user.md)
  
-#### [Machines list](machines-view-overview.md)
+#### [Machines list]()
-##### [Investigate machines](investigate-machines.md#machine-timeline)
+##### [View and organize the Machines list](machines-view-overview.md)
+
+##### [Investigate machines]()
 ###### [Machine details](investigate-machines.md#machine-details)
 ###### [Response actions](investigate-machines.md#response-actions)
 ###### [Cards](investigate-machines.md#cards)
 ###### [Tabs](investigate-machines.md#tabs)
 
-
+#### [Take response actions]()
-#### [Take response actions](response-actions.md)
+##### [Take response actions on a machine]()
-##### [Take response actions on a machine](respond-machine-alerts.md)
+###### [Understand response actions](respond-machine-alerts.md)
 ###### [Manage tags](respond-machine-alerts.md#manage-tags)
 ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
 ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
@@ -63,46 +77,60 @@
 ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
 ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
  
-##### [Take response actions on a file](respond-file-alerts.md)
+##### [Take response actions on a file]()
+###### [Understand response actions](respond-file-alerts.md)
 ###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
-###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine)
+###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
-###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network)
+###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
-###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list)
-###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center)
 ###### [Deep analysis](respond-file-alerts.md#deep-analysis)
 
-
+##### [Live response]()
-##### [Investigate entities using Live response](live-response.md)
+###### [Investigate entities on machines](live-response.md)
 ###### [Live response command examples](live-response-command-examples.md)
 
-### [Automated investigation and remediation](automated-investigations.md)
+
+### [Automated investigation and remediation]()
+#### [Understand Automated investigations](automated-investigations.md)
 #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
 #### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
 
 
 ### [Secure score](overview-secure-score.md)
+
+
 ### [Threat analytics](threat-analytics.md)
 
+
 ### [Microsoft Threat Experts](microsoft-threat-experts.md)
 
-### [Advanced hunting](overview-hunting.md)
+
-#### [Query data using Advanced hunting](advanced-hunting.md)
+### [Advanced hunting]()
+#### [Advanced hunting overview](overview-hunting.md)
+
+#### [Query data using Advanced hunting]()
+##### [Data querying basics](advanced-hunting.md)
 ##### [Advanced hunting reference](advanced-hunting-reference.md)
 ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
-#### [Custom detections](overview-custom-detections.md)
+
+#### [Custom detections]()
+##### [Understand custom detection rules](overview-custom-detections.md)
 ##### [Create custom detections rules](custom-detection-rules.md)
 
-### [Management and APIs](management-apis.md)
+### [Management and APIs]()
+#### [Overview of management and APIs](management-apis.md)
 #### [Understand threat intelligence concepts](threat-indicator-concepts.md)
 #### [Microsoft Defender ATP APIs](apis-intro.md)
 #### [Managed security service provider support](mssp-support.md)
 
-### [Microsoft Threat Protection](threat-protection-integration.md)
-####  [Protect users, data, and devices with Conditional Access](conditional-access.md)
-#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
-#### [Information protection in Windows overview](information-protection-in-windows-overview.md)
-##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
 
+### [Integrations]()
+#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
+#### [Conditional Access integration overview](conditional-access.md)
+#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
+
+#### [Information protection in Windows overview]()
+##### [Windows integration](information-protection-in-windows-overview.md)
+##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
 
 
 ### [Microsoft Threat Experts](microsoft-threat-experts.md)
@@ -111,7 +139,8 @@
 ### [Portal overview](portal-overview.md)
 
 
-## [Get started](get-started.md)
+
+## [Get started]()
 ### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
 ### [Minimum requirements](minimum-requirements.md)
 ### [Validate licensing and complete setup](licensing.md)
@@ -119,92 +148,137 @@
 ### [Data storage and privacy](data-storage-privacy.md)
 ### [Assign user access to the portal](assign-portal-access.md)
 
-### [Evaluate Microsoft Defender ATP](evaluate-atp.md)
+### [Evaluate Microsoft Defender ATP capabilities]()
-#### Evaluate attack surface reduction
+#### [Evaluate attack surface reduction]()
-##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
+
-##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
+##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
-##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
+###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
-##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
+###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
-##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
+###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
-##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
+###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
-##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
-#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
+###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
+###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
 
 ### [Access the Microsoft Defender Security Center Community Center](community.md)
 
-## [Configure and manage capabilities](onboard.md)
+## [Configure and manage capabilities]()
+
 ### [Configure attack surface reduction](configure-attack-surface-reduction.md)
-### Hardware-based isolation
+
+### [Hardware-based isolation]()
 #### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
-#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md)
+
+#### [Application isolation]()
+##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
 ##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) 
+
 #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
-#### Device control
+
+#### [Device control]()
 ##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
-##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
-###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
+##### [Device Guard]()
+###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+
+###### [Memory integrity]()
+####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
 ####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
 ####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
-#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
+
+#### [Exploit protection]()
+##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
 ##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
+
 #### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
-#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
+
+#### [Controlled folder access]()
+##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
 ##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
-#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
+
+#### [Attack surface reduction controls]()
+##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
+##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
+
 #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
 
 
-
+### [Configure next generation protection]()
-### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
+#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
-#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+#### [Utilize Microsoft cloud-delivered protection]()
+##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 ##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
 ##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
 ##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
 ##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
 ##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
-#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
+
+#### [Configure behavioral, heuristic, and real-time protection]()
+##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
 ##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
 ##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
+
 #### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
-#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
+
+#### [Antivirus compatibility]()
+##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
 ##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
 
-#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+#### [Deploy, manage updates, and report on antivirus]()
-##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
+##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
+
+##### [Deploy and enable antivirus]()
+###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
 ###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
-##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
+
+##### [Report on antivirus protection]()
+###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
 ###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
-##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
+
+##### [Manage updates and apply baselines]()
+###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
 ###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
 ###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
 ###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
 ###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
 ###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
 
-#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+#### [Customize, initiate, and review the results of scans and remediation]()
-##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+##### [Configure and validate exclusions in antivirus scans]()
+###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
 ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
 ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 ###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
 ##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
 ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
 ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
 ##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
 ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
 ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
+
 #### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+
+#### [Manage antivirus in your business]()
+##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
 ##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
 ##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
 ##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
 ##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
 ##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
-#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+#### [Manage scans and remediation]()
-##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
+##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
+
+##### [Configure and validate exclusions in antivirus scans]()
+###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
 ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
 ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 ###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
+
 ##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
 ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
 ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
@@ -212,7 +286,9 @@
 ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
 ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
 ##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
-#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
+
+#### [Manage next generation protection in your business]()
+##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
 ##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
 ##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
 ##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
@@ -220,41 +296,56 @@
 ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
 
 
-### [Configure Secure score dashboard security controls](secure-score-dashboard.md) 
+### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
+
 
 ### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
 
-### Management and API support
+
-#### [Onboard machines](onboard-configure.md)
+### [Endpoint detection and response management and API support]()
+
+#### [Onboard machines]()
+##### [Onboarding overview](onboard-configure.md)
 ##### [Onboard previous versions of Windows](onboard-downlevel.md)
-##### [Onboard Windows 10 machines](configure-endpoints.md)
+
+##### [Onboard Windows 10 machines]()
+###### [Ways to onboard](configure-endpoints.md)
 ###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
 ###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
-###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md)
+
+###### [Onboard machines using Mobile Device Management tools]()
+####### [Overview](configure-endpoints-mdm.md)
 ####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
 ###### [Onboard machines using a local script](configure-endpoints-script.md)
 ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
+
 ##### [Onboard servers](configure-server-endpoints.md)
 ##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
 ##### [Onboard machines without Internet access](onboard-offline-machines.md)
 ##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
 ##### [Run simulated attacks on machines](attack-simulations.md)
 ##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md)
+
+##### [Troubleshoot onboarding issues]()
+###### [Troubleshooting basics](troubleshoot-onboarding.md)
 ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
   
-
+#### [Microsoft Defender ATP API]()
-#### [Microsoft Defender ATP API](use-apis.md)
+##### [Understand Microsoft Defender ATP APIs](use-apis.md)
 ##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
-##### [Get started with Microsoft Defender ATP APIs](apis-intro.md)
+
+##### [Get started with Microsoft Defender ATP APIs]()
+###### [Introduction](apis-intro.md)
 ###### [Hello World](api-hello-world.md)
 ###### [Get access with application context](exposed-apis-create-app-webapp.md)
 ###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
-##### [APIs](exposed-apis-list.md)
 
+##### [APIs]()
+###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
 ###### [Advanced Hunting](run-advanced-query-api.md)
 
-###### [Alert](alerts.md)
+###### [Alert]()
+####### [Methods, properties, and JSON representation](alerts.md)
 ####### [List alerts](get-alerts.md)
 ####### [Create alert](create-alert-by-reference.md)
 ####### [Update Alert](update-alert.md)
@@ -265,7 +356,8 @@
 ####### [Get alert related machine information](get-alert-related-machine-info.md)
 ####### [Get alert related user information](get-alert-related-user-info.md)
 
-###### [Machine](machine.md)
+###### [Machine]()
+####### [Methods and properties](machine.md)
 ####### [List machines](get-machines.md)
 ####### [Get machine by ID](get-machine-by-id.md)
 ####### [Get machine log on users](get-machine-log-on-users.md)
@@ -273,7 +365,8 @@
 ####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
 ####### [Find machines by IP](find-machines-by-ip.md)
 
-###### [Machine Action](machineaction.md)
+###### [Machine Action]()
+####### [Methods and properties](machineaction.md)
 ####### [List Machine Actions](get-machineactions-collection.md)
 ####### [Get Machine Action](get-machineaction-object.md)
 ####### [Collect investigation package](collect-investigation-package.md)
@@ -287,45 +380,49 @@
 ####### [Stop and quarantine file](stop-and-quarantine-file.md)
 ####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
 
-###### [Indicators](ti-indicator.md)
+###### [Indicators]()
+####### [Methods and properties](ti-indicator.md)
 ####### [Submit Indicator](post-ti-indicator.md)
 ####### [List Indicators](get-ti-indicators-collection.md)
 ####### [Delete Indicator](delete-ti-indicator-by-id.md)
 
-###### Domain
+###### [Domain]()
 ####### [Get domain related alerts](get-domain-related-alerts.md)
 ####### [Get domain related machines](get-domain-related-machines.md)
 ####### [Get domain statistics](get-domain-statistics.md)
 ####### [Is domain seen in organization](is-domain-seen-in-org.md)
 
-###### [File](files.md)
+###### [File]()
+####### [Methods and properties](files.md)
 ####### [Get file information](get-file-information.md)
 ####### [Get file related alerts](get-file-related-alerts.md)
 ####### [Get file related machines](get-file-related-machines.md)
 ####### [Get file statistics](get-file-statistics.md)
 
-###### IP
+###### [IP]()
 ####### [Get IP related alerts](get-ip-related-alerts.md)
 ####### [Get IP related machines](get-ip-related-machines.md)
 ####### [Get IP statistics](get-ip-statistics.md)
 ####### [Is IP seen in organization](is-ip-seen-org.md)
 
-###### [User](user.md)
+###### [User]()
+####### [Methods](user.md)
 ####### [Get user related alerts](get-user-related-alerts.md)
 ####### [Get user related machines](get-user-related-machines.md)
 
-##### How to use APIs - Samples
+##### [How to use APIs - Samples]()
-###### Advanced Hunting API
+###### [Advanced Hunting API]()
 ####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)
 ####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
 ####### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
 ####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
-###### Multiple APIs
+
+###### [Multiple APIs]()
 ####### [PowerShell](exposed-apis-full-sample-powershell.md)
+
 ###### [Using OData Queries](exposed-apis-odata-samples.md)
 
-
+#### [API for custom alerts]()
-#### API for custom alerts
 ##### [Enable the custom threat intelligence application](enable-custom-ti.md)
 ##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
 ##### [Create custom threat intelligence alerts](custom-ti-api.md)
@@ -334,8 +431,8 @@
 ##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
 ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
  
-
+#### [Pull alerts to your SIEM tools]()
-#### [Pull alerts to your SIEM tools](configure-siem.md)
+##### [Learn about different ways to pull alerts](configure-siem.md)
 ##### [Enable SIEM integration](enable-siem-integration.md)
 ##### [Configure Splunk to pull alerts](configure-splunk.md)
 ##### [Configure HP ArcSight to pull alerts](configure-arcsight.md)
@@ -343,88 +440,94 @@
 ##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md)
 ##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
 
-
+#### [Reporting]()
-#### Reporting
 ##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
 ##### [Threat protection reports](threat-protection-reports.md)
 ##### [Machine health and compliance reports](machine-reports.md)
 
-
+#### [Interoperability]()
-#### Interoperability
 ##### [Partner applications](partner-applications.md)
 
-#### [Manage machine configuration](configure-machines.md)
+#### [Manage machine configuration]()
+##### [Ensure your machines are configured properly](configure-machines.md)
 ##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
 ##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
 ##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
 
-#### Role-based access control
+#### [Role-based access control]()
-##### [Manage portal access using RBAC](rbac.md)
+
+##### [Manage portal access using RBAC]()
+###### [Using RBAC](rbac.md)
 ###### [Create and manage roles](user-roles.md)
-###### [Create and manage machine groups](machine-groups.md)
+
+###### [Create and manage machine groups]()
+####### [Using machine groups](machine-groups.md)
 ####### [Create and manage machine tags](machine-tags.md)
 
 #### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
 
-### Configure Microsoft Threat Protection integration
+
+### [Configure Microsoft threat protection integration]()
 #### [Configure Conditional Access](configure-conditional-access.md)
 #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
 #### [Configure information protection in Windows](information-protection-in-windows-config.md)
 
 
-### [Configure Microsoft Defender Security Center settings](preferences-setup.md)
+### [Configure portal settings]()
-#### General
+#### [Set up preferences](preferences-setup.md)
+
+#### [General]()
 ##### [Update data retention settings](data-retention-settings.md)
 ##### [Configure alert notifications](configure-email-notifications.md)
 ##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
 ##### [Enable Secure score security controls](enable-secure-score.md)
 ##### [Configure advanced features](advanced-features.md)
- 
+
-#### Permissions
+#### [Permissions]()
 ##### [Use basic permissions to access the portal](basic-permissions.md)
 ##### [Manage portal access using RBAC](rbac.md)
 ###### [Create and manage roles](user-roles.md)
 ###### [Create and manage machine groups](machine-groups.md)
 ####### [Create and manage machine tags](machine-tags.md)
- 
+
-#### APIs
+#### [APIs]()
 ##### [Enable Threat intel](enable-custom-ti.md)
 ##### [Enable SIEM integration](enable-siem-integration.md)
- 
+
-#### Rules
+#### [Rules]()
 ##### [Manage suppression rules](manage-suppression-rules.md)
 ##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
 ##### [Manage indicators](manage-indicators.md)
 ##### [Manage automation file uploads](manage-automation-file-uploads.md)
 ##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
- 
+
-#### Machine management
+#### [Machine management]()
 ##### [Onboarding machines](onboard-configure.md)
 ##### [Offboarding machines](offboard-machines.md)
- 
+
-#### [Configure Windows Security app time zone settings](time-settings.md)
+#### [Configure time zone settings](time-settings.md)
- 
 
 
-## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md)
+
-### Troubleshoot sensor state
+## [Troubleshoot Microsoft Defender ATP]()
+
+### [Troubleshoot sensor state]()
 #### [Check sensor state](check-sensor-status.md)
 #### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
 #### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
 #### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
 #### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
 
-### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
+
+### [Troubleshoot service issues]()
+#### [Troubleshooting issues](troubleshoot-mdatp.md)
 #### [Check service health](service-status.md)
 
 
-### [Troubleshoot live response issues]()
+### [Troubleshoot attack surface reduction issues]()
-#### [Troubleshoot issues related to live response](troubleshoot-live-response.md)
-
-### Troubleshoot attack surface reduction
 #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
 #### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
 #### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
 
  
-### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
+### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)