diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 6f5546e721..02884a6b6d 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -777,10 +777,9 @@
###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
-##### [Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
-##### [Enable preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP service status](service-status-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md b/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
index bc5e5152a4..18e367eef2 100644
--- a/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
+++ b/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md
@@ -1,6 +1,6 @@
---
-title: Enable advanced features in Windows Defender Advanced Threat Protection
-description: Enable advanced features such as block file in Windows Defender Advanced Threat Protection.
+title: Turn on advanced features in Windows Defender Advanced Threat Protection
+description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
keywords: advanced features, preferences setup, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -10,7 +10,7 @@ ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
-# Enable advanced features in Windows Defender ATP
+# Turn on advanced features in Windows Defender ATP
**Applies to:**
@@ -28,6 +28,5 @@ localizationpriority: high
## Related topics
- [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
-- [Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on the preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
index d58bfceb60..8f84bb2b70 100644
--- a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
@@ -33,7 +33,6 @@ During the onboarding process, a wizard takes you through the general settings o
## Related topics
-- [Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
-- [Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on the preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index b41aa169a6..b8a1f4e047 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -33,7 +33,9 @@ You can get information from the following sections in the file view:
- Most recent observed machines with file
-The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file and details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
+The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md).
+
+You'll also see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index 30b7b98916..d8e209002b 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -42,7 +42,9 @@ When you investigate a specific machine, you'll see:
-The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health status, actions you can take on the machine, domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
+The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health status, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md).
+
+You'll also see other information such as domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service.
Clicking on the number of total logged on users in the Logged on user tile opens the Users Details pane that displays the following information for logged on users in the past 30 days:
diff --git a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
index c786c6bcca..6c5a7fdf81 100644
--- a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
---
-title: Enable the preview experience in Windows Defender Advanced Threat Protection
-description: Enable the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
+title: Turn on the preview experience in Windows Defender Advanced Threat Protection
+description: Turn on the preview experience in Windows Defender Advanced Threat Protection to try upcoming features.
keywords: advanced features, preferences setup, block file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -10,7 +10,7 @@ ms.pagetype: security
author: mjcaparas
localizationpriority: high
---
-# Enable the preview experience in Windows Defender ATP
+# Turn on the preview experience in Windows Defender ATP
**Applies to:**
@@ -22,13 +22,12 @@ localizationpriority: high
[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
-Enable the preview experience setting to be among the first to try upcoming features.
+Turn on the preview experience setting to be among the first to try upcoming features.
1. In the navigation pane, select **Preferences setup** > **Preview experience**.
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
## Related topics
- [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
-- [Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
+- [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
- [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
-- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
index 1756e00973..2e53764196 100644
--- a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
---
-title: Windows Defender Advanced Threat Protection preview features and updates
-description: Learn how to access Windows Defender Advanced Threat Protection preview features and updates.
+title: Windows Defender Advanced Threat Protection preview features
+description: Learn how to access Windows Defender Advanced Threat Protection preview features.
keywords: preview, preview experience, Windows Defender Advanced Threat Protection, features, updates
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
-# Windows Defender Advanced Threat Protection preview features and updates
+# Windows Defender Advanced Threat Protection preview features
**Applies to:**
@@ -21,24 +21,14 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Windows Defender ATP continuously updates the portal to include feature enhancements and updates. You can choose to take part in the preview experience by selecting the option during onboarding or enabling the preview experience from the **Preferences setup** menu.
-
Windows Defender ATP adds various feature enhancements and capabilities in the February 2017 preview release.
+Be among the first to try upcoming features by turning on the preview experience feature. For more information, see [Turn on the preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
+
[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]
## Preview features
-In this release, new features enable you to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization.
-
-Actions such as isolate a machine, stop and quarantine files, and add file to the blocked list are made conveniently available within the file or machine views. Actions taken are aggregated in the Action center for future reference.
-
-These set of new features also include the ability to collect forensic data from a compromised machine to identify the machines state and indicator of attacks.
-
-You'll also see the sensor health feature which helps you keep track and identify machines that might be encountering issues reporting sensor data to the service.
-
-You can now investigate user entities and see related details such as the machines the account was seen on and observed logon types.
-
-The following links take you to the topics that provide information on how to use these features:
+The following links take you to the topics that provide information on how to use the preview features:
>[!NOTE]
> All response features require machines to be on the latest Windows 10 Insider Preview build and above.
@@ -55,14 +45,3 @@ The following links take you to the topics that provide information on how to us
- [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md)
- [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
-
-
-
-## Enhancements
-The following topics have been added to enhance the Windows Defender ATP experience:
-
-- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
- - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
- - [Create custom threat intelligence using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md)
- - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Investigate a user entity](investigate-user-entity-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index 2f238a4d6d..1a7523a6f1 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -41,8 +41,11 @@ Topic | Description
[View the Dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | You can sort and filter alerts across your network, and drill down on individual alert queues such as new, in progress, or resolved queues.
[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization.
-[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
+[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
+[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
+[Investigate a user account](investigate-user-entity-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
+[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take action on a machine or file to quickly respond to detected attacks.