Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into FromPrivateRepo

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -11,7 +11,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/17/2019
+ms.date: 04/29/2019
 ---
 
 # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
@@ -27,13 +27,15 @@ Microsoft Intune has an easy way to create and deploy a Windows Information Prot
 
 You can create an app protection policy in Intune either with device enrollment for MDM or without device enrollment for MAM. The process to create either policy is similar, but there are important differences: 
 
-- If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. 
-- MAM supports only one user per device.  
-- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
 - MAM has additional **Access** settings for Windows Hello for Business.
 - MAM can [selectively wipe company data](https://docs.microsoft.com/intune/apps-selective-wipe) from a user's personal device.
 - MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
 - An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
+- MAM supports only one user per device.  
+- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
+- Only MDM can use [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) policies.
+- If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. 
+
 
 ## Prerequisites
 

windows/security/threat-protection/index.md

@@ -113,7 +113,7 @@ Windows Defender ATP's new managed threat hunting service provides proactive hun
 
 - [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md)
 - [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md)
-- [Configure your Microsoft Threat Protection managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md)
+- [Configure your Microsoft Threat Experts managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md)
 
 <a name="apis"></a>
 

windows/security/threat-protection/windows-defender-atp/TOC.md

@@ -389,7 +389,6 @@
  
 #### [Configure Windows Security app time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
 
-
 ## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
 ###Troubleshoot sensor state
 #### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md)

windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md

@@ -26,27 +26,26 @@ ms.date: 02/28/2019
 [!include[Prerelease information](prerelease.md)]
 
 ## Before you begin 
-To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.
+To experience the full Microsoft Threat Experts targeted attack notification capability in Windows Defender ATP, and preview the experts-on-demand capability, you need to have a valid Premier customer service and support account. Premier charges will not be incurred during for the capability in preview, but for the generally available capability, there will be charges. 
  
 You also need to ensure that you have Windows Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. 
 
  
-## Register to Microsoft Threat Experts preview 
-If you're already a Windows Defender ATP customer, you can apply for preview through the Windows Defender ATP portal. 
+## Register to Microsoft Threat Experts managed threat hunting service 
+If you're already a Windows Defender ATP customer, you can apply through the Windows Defender ATP portal. 
 
-1. From the navigation pane, go to **Settings > General > Advanced features > Threat Experts**.
+1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**.
 
-2. Click **Apply for preview**. 
+2. Click **Apply**. 
+![Image of Microsoft Threat Experts settings](images/MTE_collaboratewithmte.png)
 
-3. In the **Apply for preview** dialog box, read and make sure you understand the preview's terms of agreement.    
+3. Enter your name and email address so that Microsoft can get back to you on your application. 
+![Image of Microsoft Threat Experts application](images/MTE_apply.png)
 
-4. Enter your name and email address so that Microsoft can get back to you on your application. 
-
-5. Read the privacy statement, then click **Submit** when you're done. 
-
- >[!NOTE]
- >You will receive a welcome email once your application is approved. Then, from the navigation pane, go to **Settings** > **General** > **Advanced features** to turn the **Threat Experts** toggle on. Click **Save preferences**. 
+4. Read the privacy statement, then click **Submit** when you're done. You will receive a welcome email once your application is approved.   
+![Image of Microsoft Threat Experts application confirmation](images/MTE_applicationconfirmation.png)
 
+6. From the navigation pane, go to **Settings** > **General** > **Advanced features** to turn the **Threat Experts** toggle on. Click **Save preferences**. 
 
 ## Receive targeted attack notification from Microsoft Threat Experts 
 You can receive targeted attack notification from Microsoft Threat Experts through the following:  
@@ -56,7 +55,7 @@ You can receive targeted attack notification from Microsoft Threat Experts throu
 To receive targeted attack notifications through email, you need to create an email notification rule.
 
 ### Create an email notification rule 
-You can create rules to send email notifications for notification recipients. See Configure alert notifications to create, edit, delete, or troubleshoot email notification, for details.
+You can create rules to send email notifications for notification recipients. See  [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) to create, edit, delete, or troubleshoot email notification, for details.
 
 
 ## View the targeted attack notification  
@@ -68,6 +67,9 @@ You'll start receiving targeted attack notification from Microsoft Threat Expert
 
 
 ## Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization 
+>[!NOTE]
+>The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. 
+
 You can partner with Microsoft Threat Experts who can be engaged directly from within the Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, a potentially compromised machine, or a threat intelligence context that you see on your portal dashboard. 
 
 1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or machine is in view before raising an inquiry. 
@@ -115,7 +117,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 
 **Threat intelligence details**
 - This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you please send me a link?
-- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? 
+- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Windows Defender ATP provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?

windows/security/threat-protection/windows-defender-atp/get-started.md

@@ -49,6 +49,9 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
 **Secure score**<br>
 Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
 
+**Microsoft Threat Experts**<br>
+Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
+
 **Advanced hunting**<br>
 Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center. 
 
@@ -67,4 +70,4 @@ Topic | Description
 [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
 [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
 [Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.
-[Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+[Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 

windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md

@@ -36,6 +36,9 @@ Microsoft Threat Experts provides proactive hunting for the most important threa
 - Scope of compromise and as much context as can be quickly delivered to enable fast SOC response. 
  
 ## Collaborate with experts, on demand  
+>[!NOTE]
+>The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. 
+
 Customers can engage our security experts directly from within Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised machines, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can: 
 - Get additional clarification on alerts including root cause or scope of the incident 
 - Gain clarity into suspicious machine behavior and next steps if faced with an advanced attacker  
@@ -44,4 +47,4 @@ Customers can engage our security experts directly from within Windows Defender
 
 
 ## Related topic
-- [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
+- [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)

windows/security/threat-protection/windows-defender-atp/onboard.md

@@ -31,6 +31,7 @@ Topic | Description
 [Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) |  By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. 
 [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
 [Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.
+[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
 Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Windows Defender ATP.
 Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports. 
 [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) |  Configure portal related settings such as general settings, advanced features, enable the preview experience and others.

windows/security/threat-protection/windows-defender-atp/overview.md

@@ -38,9 +38,10 @@ Topic | Description
 [Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
 [Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
+[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand.
 [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) |  Use a powerful search and query language to create custom queries and detection rules.
 [Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
-[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack. 
+[Microsoft Threat Protection](threat-protection-integration.md) | Microsoft security products work better together. Learn about other security capabilities in the Microsoft threat protection stack.
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) |Learn to navigate your way around Windows Defender Security Center. 
 
 

windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md

@@ -26,6 +26,8 @@ Here are the new features in the latest release of Windows Defender ATP as well
 ## April 2019
 The following capability is generally available (GA).
 
+- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts#targeted-attack-notification) <BR>Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
+
 - [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/use-apis) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. 
 
 
@@ -40,7 +42,7 @@ The following capabilities  are included in the April 2019 preview release.
 ### In preview
 The following capability are included in the March 2019 preview release. 
 
-- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) <BR> The machine health and compliance report provides high-level information about the devices in your organization. 
+- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-rotection)  The machine health and compliance report provides high-level information about the devices in your organization. 
 
 
 ## February 2019